From e8330c4703b90b8eeab9791aec9aab315625c670 Mon Sep 17 00:00:00 2001
From: baba230896 <yatish1996ss@gmail.com>
Date: Mon, 18 Jul 2022 05:51:13 +0000
Subject: [PATCH] [PLAT-3560] Added the directory exists check in the
 init-container script

Summary: - Added the directory exists check in the init-container script

Test Plan:
- There are no differences between the generated templates for root
  users (regular deployments) from changes and the current master branch.
- Deployed the new platform using the changes; now, it won't raise the
  exception in case of the `no such directory` issue for the keys
  directory because it executes the business logic only if it exists.
- I deployed the platform version `2.15.1.0-b160` with the root user
  using charts on the master branch. I created a GCP VM-based universe.
  Then, I upgraded it to a non-root user using the changes and added
  one more node in the universe.

Reviewers: sanketh, bgandhi

Reviewed By: sanketh, bgandhi

Subscribers: yugaware

Differential Revision: https://phabricator.dev.yugabyte.com/D18342
---
 .../templates/init-container-script.yaml      | 56 ++++++++++---------
 stable/yugaware/templates/statefulset.yaml    |  5 +-
 stable/yugaware/values.yaml                   |  4 +-
 3 files changed, 33 insertions(+), 32 deletions(-)

diff --git a/stable/yugaware/templates/init-container-script.yaml b/stable/yugaware/templates/init-container-script.yaml
index 3acd0f14ed..4e5a4dec3f 100644
--- a/stable/yugaware/templates/init-container-script.yaml
+++ b/stable/yugaware/templates/init-container-script.yaml
@@ -15,33 +15,35 @@ data:
     set -xe -o pipefail
 
     data_directory="/opt/yugabyte/yugaware/data"
-    pemfiles=$(find "${data_directory}/keys/" -name "*.pem" -exec stat -c "%a" {} + | uniq | tr '\n' ',')
-    IFS="," read -r -a pemfile_perms <<< "${pemfiles}"
-    
-    trigger=false
-    echo "Finding pem files with permissions different than 400, and setting their permissions to 400."
-    
-    for pemfile in  "${pemfile_perms[@]}"; do
-      if [[ "${pemfile}" != *400* ]]; then
-        echo "Found a pem file with permissions ${pemfile}"
-        trigger=true
-        break
+    if [[ -d "${data_directory}/keys/" ]]; then
+      pemfiles=$(find "${data_directory}/keys/" -name "*.pem" -exec stat -c "%a" {} + | uniq | tr '\n' ',')
+      IFS="," read -r -a pemfile_perms <<< "${pemfiles}"
+
+      trigger=false
+      echo "Finding pem files with permissions different than 400, and setting their permissions to 400."
+
+      for pemfile in  "${pemfile_perms[@]}"; do
+        if [[ "${pemfile}" != *400* ]]; then
+          echo "Found a pem file with permissions ${pemfile}"
+          trigger=true
+          break
+        fi
+      done
+
+      if ${trigger}; then
+        echo "Creating copy of data/keys directory"
+        cp -r "${data_directory}/keys" "${data_directory}/new_keys"
+
+        echo "Setting permission of all pem files to 400"
+        find "${data_directory}/new_keys/" -name "*.pem" -exec chmod 400 {} +
+
+        echo "Renaming existing keys directory"
+        mv "${data_directory}/keys" "${data_directory}/keys-$(date +%s)"
+
+        echo "Renaming new keys directory"
+        mv "${data_directory}/new_keys" "${data_directory}/keys"
+      else
+        echo "All pem files already have permission set to 400"
       fi
-    done
-    
-    if ${trigger}; then
-      echo "Creating copy of data/keys directory"
-      cp -r "${data_directory}/keys" "${data_directory}/new_keys"
-
-      echo "Setting permission of all pem files to 400"
-      find "${data_directory}/new_keys/" -name "*.pem" -exec chmod 400 {} +
-
-      echo "Renaming existing keys directory"
-      mv "${data_directory}/keys" "${data_directory}/keys-$(date +%s)"
-
-      echo "Renaming new keys directory"
-      mv "${data_directory}/new_keys" "${data_directory}/keys"
-    else
-      echo "All pem files already have permission set to 400"
     fi
 {{- end }}
\ No newline at end of file
diff --git a/stable/yugaware/templates/statefulset.yaml b/stable/yugaware/templates/statefulset.yaml
index f8cabdf577..26ec32eedc 100644
--- a/stable/yugaware/templates/statefulset.yaml
+++ b/stable/yugaware/templates/statefulset.yaml
@@ -96,9 +96,8 @@ spec:
           command:
             - 'bash'
             - '-c'
-            - >
-              cp /default_prometheus_config/prometheus.yml /prometheus_configs/prometheus.yml;
-              bash /init-container/init-permissions.sh;
+            - |
+              cp /default_prometheus_config/prometheus.yml /prometheus_configs/prometheus.yml && /bin/bash /init-container/init-permissions.sh;
           securityContext:
             runAsUser: {{ .Values.securityContext.runAsUser }}
             runAsGroup: {{ .Values.securityContext.runAsGroup }}
diff --git a/stable/yugaware/values.yaml b/stable/yugaware/values.yaml
index 6fc105b217..7048cb88ac 100644
--- a/stable/yugaware/values.yaml
+++ b/stable/yugaware/values.yaml
@@ -117,8 +117,8 @@ securityContext:
   ## fsGroup related values are set at the pod level.
   fsGroup: 10001
   fsGroupChangePolicy: "OnRootMismatch"
-  ## The following values are set for yugaware and prometheus
-  ## containers.
+  ## The following values are set for yugaware and prometheus containers.
+  ## Setting runAsUser other than 10001 will fail the VM universe deployment flow.
   runAsUser: 10001
   runAsGroup: 10001
   runAsNonRoot: true