[PLAT-3560] Added the directory exists check in the init-container sc…

…ript Summary: - Added the directory exists check in the init-container script Test Plan: - There are no differences between the generated templates for root users (regular deployments) from changes and the current master branch. - Deployed the new platform using the changes; now, it won't raise the exception in case of the `no such directory` issue for the keys directory because it executes the business logic only if it exists. - I deployed the platform version `2.15.1.0-b160` with the root user using charts on the master branch. I created a GCP VM-based universe. Then, I upgraded it to a non-root user using the changes and added one more node in the universe. Reviewers: sanketh, bgandhi Reviewed By: sanketh, bgandhi Subscribers: yugaware Differential Revision: https://phabricator.dev.yugabyte.com/D18342
yugabyte · Jul 18, 2022 · e8330c4 · e8330c4
1 parent e1ee18a
commit e8330c4
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 32 deletions.
diff --git a/stable/yugaware/templates/init-container-script.yaml b/stable/yugaware/templates/init-container-script.yaml
@@ -15,33 +15,35 @@ data:
     set -xe -o pipefail
 
     data_directory="/opt/yugabyte/yugaware/data"
-    pemfiles=$(find "${data_directory}/keys/" -name "*.pem" -exec stat -c "%a" {} + | uniq | tr '\n' ',')
-    IFS="," read -r -a pemfile_perms <<< "${pemfiles}"
-    
-    trigger=false
-    echo "Finding pem files with permissions different than 400, and setting their permissions to 400."
-    
-    for pemfile in  "${pemfile_perms[@]}"; do
-      if [[ "${pemfile}" != *400* ]]; then
-        echo "Found a pem file with permissions ${pemfile}"
-        trigger=true
-        break
+    if [[ -d "${data_directory}/keys/" ]]; then
+      pemfiles=$(find "${data_directory}/keys/" -name "*.pem" -exec stat -c "%a" {} + | uniq | tr '\n' ',')
+      IFS="," read -r -a pemfile_perms <<< "${pemfiles}"
+
+      trigger=false
+      echo "Finding pem files with permissions different than 400, and setting their permissions to 400."
+
+      for pemfile in  "${pemfile_perms[@]}"; do
+        if [[ "${pemfile}" != *400* ]]; then
+          echo "Found a pem file with permissions ${pemfile}"
+          trigger=true
+          break
+        fi
+      done
+
+      if ${trigger}; then
+        echo "Creating copy of data/keys directory"
+        cp -r "${data_directory}/keys" "${data_directory}/new_keys"
+
+        echo "Setting permission of all pem files to 400"
+        find "${data_directory}/new_keys/" -name "*.pem" -exec chmod 400 {} +
+
+        echo "Renaming existing keys directory"
+        mv "${data_directory}/keys" "${data_directory}/keys-$(date +%s)"
+
+        echo "Renaming new keys directory"
+        mv "${data_directory}/new_keys" "${data_directory}/keys"
+      else
+        echo "All pem files already have permission set to 400"
       fi
-    done
-    
-    if ${trigger}; then
-      echo "Creating copy of data/keys directory"
-      cp -r "${data_directory}/keys" "${data_directory}/new_keys"
-
-      echo "Setting permission of all pem files to 400"
-      find "${data_directory}/new_keys/" -name "*.pem" -exec chmod 400 {} +
-
-      echo "Renaming existing keys directory"
-      mv "${data_directory}/keys" "${data_directory}/keys-$(date +%s)"
-
-      echo "Renaming new keys directory"
-      mv "${data_directory}/new_keys" "${data_directory}/keys"
-    else
-      echo "All pem files already have permission set to 400"
     fi
 {{- end }}
diff --git a/stable/yugaware/templates/statefulset.yaml b/stable/yugaware/templates/statefulset.yaml
@@ -96,9 +96,8 @@ spec:
           command:
             - 'bash'
             - '-c'
-            - >
-              cp /default_prometheus_config/prometheus.yml /prometheus_configs/prometheus.yml;
-              bash /init-container/init-permissions.sh;
+            - |
+              cp /default_prometheus_config/prometheus.yml /prometheus_configs/prometheus.yml && /bin/bash /init-container/init-permissions.sh;
           securityContext:
             runAsUser: {{ .Values.securityContext.runAsUser }}
             runAsGroup: {{ .Values.securityContext.runAsGroup }}

diff --git a/stable/yugaware/values.yaml b/stable/yugaware/values.yaml
@@ -117,8 +117,8 @@ securityContext:
   ## fsGroup related values are set at the pod level.
   fsGroup: 10001
   fsGroupChangePolicy: "OnRootMismatch"
-  ## The following values are set for yugaware and prometheus
-  ## containers.
+  ## The following values are set for yugaware and prometheus containers.
+  ## Setting runAsUser other than 10001 will fail the VM universe deployment flow.
   runAsUser: 10001
   runAsGroup: 10001
   runAsNonRoot: true