From f05a769e0d9986121cbc1ff432c828e21c3d269a Mon Sep 17 00:00:00 2001 From: Nathan Cutler Date: Thu, 12 Dec 2019 14:31:24 +0100 Subject: [PATCH] rpm/cephadm: move HOMEDIR to /var/lib and make scriptlets idempotent on SUSE Also introduce a cephadm group. Since the cephadm package does not require ceph-common, the ceph group is not available to be used. Drop the -r option to useradd, because cephadm does not qualify as a system user. Finally, fix the SUSE RPM build. SUSE RPM builds using "osc" implement a check that compares the cephadm package's "before" and "after" file lists, to enforce idempotency of the scriptlets. The "userdel cephadm" in the %postun breaks this check, so omit it from the SUSE RPM builds. Fixes: https://tracker.ceph.com/issues/43285 Signed-off-by: Nathan Cutler --- ceph.spec.in | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/ceph.spec.in b/ceph.spec.in index f745e982a20..a68604b483f 100644 --- a/ceph.spec.in +++ b/ceph.spec.in @@ -1354,6 +1354,12 @@ install -m 0644 -D COPYING %{buildroot}%{_docdir}/ceph/COPYING install -m 0644 -D etc/sysctl/90-ceph-osd.conf %{buildroot}%{_sysctldir}/90-ceph-osd.conf install -m 0755 src/cephadm/cephadm %{buildroot}%{_sbindir}/cephadm +mkdir -p %{buildroot}%{_sharedstatedir}/cephadm +chmod 0700 %{buildroot}%{_sharedstatedir}/cephadm +mkdir -p %{buildroot}%{_sharedstatedir}/cephadm/.ssh +chmod 0700 %{buildroot}%{_sharedstatedir}/cephadm/.ssh +touch %{buildroot}%{_sharedstatedir}/cephadm/.ssh/authorized_keys +chmod 0600 %{buildroot}%{_sharedstatedir}/cephadm/.ssh/authorized_keys # firewall templates and /sbin/mount.ceph symlink %if 0%{?suse_version} @@ -1515,30 +1521,22 @@ if [ $1 -ge 1 ] ; then fi %pre -n cephadm -# create user -if ! getent passwd | grep -q '^cephadm:'; then - useradd -r -s /bin/bash -c "cephadm user for mgr/cephadm" -m cephadm -fi -# set up (initially empty) .ssh/authorized_keys file -if ! test -d /home/cephadm/.ssh; then - mkdir /home/cephadm/.ssh - chown --reference /home/cephadm /home/cephadm/.ssh - chmod 0700 /home/cephadm/.ssh -fi -if ! test -e /home/cephadm/.ssh/authorized_keys; then - touch /home/cephadm/.ssh/authorized_keys - chown --reference /home/cephadm /home/cephadm/.ssh/authorized_keys - chmod 0600 /home/cephadm/.ssh/authorized_keys -fi +getent group cephadm >/dev/null || groupadd -r cephadm +getent passwd cephadm >/dev/null || useradd -r -g cephadm -s /bin/bash -c "cephadm user for mgr/cephadm" -d %{_sharedstatedir}/cephadm cephadm exit 0 +%if ! 0%{?suse_version} %postun -n cephadm userdel -r cephadm || true exit 0 +%endif %files -n cephadm %{_sbindir}/cephadm %{_sysconfdir}/sudoers.d/cephadm +%attr(0700,cephadm,cephadm) %dir %{_sharedstatedir}/cephadm +%attr(0700,cephadm,cephadm) %dir %{_sharedstatedir}/cephadm/.ssh +%attr(0600,cephadm,cephadm) %{_sharedstatedir}/cephadm/.ssh/authorized_keys %files common %dir %{_docdir}/ceph -- 2.39.5