Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add "check" command #44

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

feat: add "check" command #44

wants to merge 3 commits into from
+90 −0

Conversation

ruda
Copy link
Member

@ruda ruda commented Dec 3, 2024
edited
Loading

Sanity check Quipucords setup and configurations.

This command will check and print the status of important files and directories that the installer creates for running Quipucords. The return code for the command is the number of problematic files/dirs found.

When all's well, the output looks like this:

❯ ./bin/quipucords-installer check
Checking Quipucords setup and configurations...
/home/rmoura/.local/share/quipucords: OK: drwxr-xr-x rmoura
/home/rmoura/.local/share/quipucords/certs: OK: drwxr-xr-x rmoura
/home/rmoura/.local/share/quipucords/data: OK: drwxr-xr-x rmoura
/home/rmoura/.local/share/quipucords/db: OK: drwxr-xr-x rmoura
/home/rmoura/.local/share/quipucords/log: OK: drwxr-xr-x rmoura
/home/rmoura/.local/share/quipucords/sshkeys: OK: drwxr-xr-x rmoura
/home/rmoura/.local/share/quipucords/certs/server.key: OK: -rw-r--r-- rmoura
/home/rmoura/.local/share/quipucords/certs/server.crt: OK: -rw-r--r-- rmoura
/home/rmoura/.local/share/quipucords/data/secret.txt: OK: -rw-r--r-- rmoura
/home/rmoura/.local/share/quipucords/db/userdata: OK: drwx------ rmoura
/home/rmoura/.config/quipucords: OK: drwxr-xr-x rmoura
/home/rmoura/.config/quipucords/env: OK: drwxr-xr-x rmoura
/home/rmoura/.config/quipucords/env/env-ansible.env: OK: -rw-r--r-- rmoura
/home/rmoura/.config/quipucords/env/env-app.env: OK: -rw-r--r-- rmoura
/home/rmoura/.config/quipucords/env/env-celery-worker.env: OK: -rw-r--r-- rmoura
/home/rmoura/.config/quipucords/env/env-db.env: OK: -rw-r--r-- rmoura
/home/rmoura/.config/quipucords/env/env-redis.env: OK: -rw-r--r-- rmoura
/home/rmoura/.config/quipucords/env/env-server.env: OK: -rw-r--r-- rmoura
/home/rmoura/.config/containers/systemd: OK: drwxr-xr-x rmoura
/home/rmoura/.config/containers/systemd/quipucords-app.container: OK: -rw-r--r-- rmoura
/home/rmoura/.config/containers/systemd/quipucords-celery-worker.container: OK: -rw-r--r-- rmoura
/home/rmoura/.config/containers/systemd/quipucords-db.container: OK: -rw-r--r-- rmoura
/home/rmoura/.config/containers/systemd/quipucords-redis.container: OK: -rw-r--r-- rmoura
/home/rmoura/.config/containers/systemd/quipucords-server.container: OK: -rw-r--r-- rmoura
/home/rmoura/.config/containers/systemd/quipucords.network: OK: -rw-r--r-- rmoura

The output when there are problems found:

Checking Quipucords setup and configurations...
Checking Quipucords setup and configurations...
/home/rmoura/.local/share/quipucords: OK: drwxr-xr-x rmoura
/home/rmoura/.local/share/quipucords/certs: OK: drwxr-xr-x rmoura
/home/rmoura/.local/share/quipucords/data: OK: drwxr-xr-x rmoura
/home/rmoura/.local/share/quipucords/db: OK: drwxr-xr-x rmoura
/home/rmoura/.local/share/quipucords/log: OK: drwxr-xr-x rmoura
/home/rmoura/.local/share/quipucords/sshkeys: OK: drwxr-xr-x rmoura
/home/rmoura/.local/share/quipucords/certs/server.key: ERROR: Incorrect permission(s): 0 ----------
/home/rmoura/.local/share/quipucords/certs/server.crt: OK: -rw-r--r-- rmoura
/home/rmoura/.local/share/quipucords/data/secret.txt: ERROR: Missing
/home/rmoura/.local/share/quipucords/db/userdata: ERROR: Incorrect permission(s): 0 d---------
/home/rmoura/.config/quipucords: OK: drwxr-xr-x rmoura
/home/rmoura/.config/quipucords/env: OK: drwxr-xr-x rmoura
/home/rmoura/.config/quipucords/env/env-ansible.env: ERROR: Incorrect permission(s): 444 -r--r--r--
/home/rmoura/.config/quipucords/env/env-app.env: ERROR: Incorrect permission(s): 444 -r--r--r--
/home/rmoura/.config/quipucords/env/env-celery-worker.env: ERROR: Incorrect permission(s): 444 -r--r--r--
/home/rmoura/.config/quipucords/env/env-db.env: ERROR: Incorrect permission(s): 444 -r--r--r--
/home/rmoura/.config/quipucords/env/env-redis.env: ERROR: Incorrect permission(s): 444 -r--r--r--
/home/rmoura/.config/quipucords/env/env-server.env: ERROR: Incorrect permission(s): 444 -r--r--r--
/home/rmoura/.config/containers/systemd: ERROR: Not owned by you (incorrect ownership): 0 root
/home/rmoura/.config/containers/systemd/quipucords-app.container: ERROR: Not owned by you (incorrect ownership): 0 root
/home/rmoura/.config/containers/systemd/quipucords-celery-worker.container: ERROR: Not owned by you (incorrect ownership): 0 root
/home/rmoura/.config/containers/systemd/quipucords-db.container: ERROR: Not owned by you (incorrect ownership): 0 root
/home/rmoura/.config/containers/systemd/quipucords-redis.container: ERROR: Not owned by you (incorrect ownership): 0 root
/home/rmoura/.config/containers/systemd/quipucords-server.container: ERROR: Not owned by you (incorrect ownership): 0 root
/home/rmoura/.config/containers/systemd/quipucords.network: ERROR: Not owned by you (incorrect ownership): 0 root

Relates to JIRA: DISCOVERY-729

@ruda ruda force-pushed the rmoura/disco-729 branch 5 times, most recently from 38fdc89 to a55e911 Compare December 6, 2024 21:39
@ruda ruda marked this pull request as draft December 9, 2024 13:58
@ruda ruda changed the title WIP: feat: add "check" command feat: add "check" command Dec 9, 2024
@ruda ruda requested review from a team December 9, 2024 20:25
@ruda ruda self-assigned this Dec 9, 2024
@ruda ruda marked this pull request as ready for review December 9, 2024 20:29
@ruda
feat: add "check" command
cfe0b33 
Sanity check Quipucords setup and configurations.
This command will check and print the status of important
files and directories that the installer creates for running Quipucords.

Example of status: OK, Not owned by you and Missing.
The return code for the command is the number of problematic files/dirs.

Relates to JIRA: DISCOVERY-729
@ruda ruda force-pushed the rmoura/disco-729 branch from a55e911 to cfe0b33 Compare December 9, 2024 20:29
infinitewarp
infinitewarp requested changes Dec 9, 2024
View reviewed changes
Copy link
Member

@infinitewarp infinitewarp left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The title of the original feature request was Ensure appropriate ownership and permissions of required host directories with this acceptance criteria:

If a ~/.local (or other required directory or file) has bad ownership or mode, when running the installer's "check" command, the installer detects the problem, reports an error, and exits with a non-zero status.

However, it looks like this PR only checks the existence and ownership of the directories and files, not the permissions (modes) of them.

I pulled and switched to your branch, and I "broke" some file and directory modes like this on my local VM:

chmod 000 /home/brasmith/.local/share/quipucords/certs/server.key
chmod 000 /home/brasmith/.local/share/quipucords/db/userdata

Confirming that they are indeed "broken":

$ ls -la /home/brasmith/.local/share/quipucords/certs/server.key
----------. 1 brasmith 100000 1704 Dec  2 17:12 /home/brasmith/.local/share/quipucords/certs/server.key
$ cat /home/brasmith/.local/share/quipucords/certs/server.key
cat: /home/brasmith/.local/share/quipucords/certs/server.key: Permission denied
$ ls -la /home/brasmith/.local/share/quipucords/db/userdata
ls: cannot open directory '/home/brasmith/.local/share/quipucords/db/userdata': Permission denied

When I run the new check command and search for those paths in the output, they appear to be "OK" when that is incorrect, and the script also exits with a successful 0 exit code which is also incorrect:

$ ./bin/quipucords-installer check | grep 'server.key\|userdata'
/home/brasmith/.local/share/quipucords/certs/server.key: OK
/home/brasmith/.local/share/quipucords/db/userdata: OK

$ ./bin/quipucords-installer check &> /dev/null
$ echo $?
0

ruda added 2 commits December 10, 2024 13:57
@ruda
feat: "check" command verify permissions (writable/read-only)
abf210e 
Output: ... ERROR: Not writable by you (read-only)

Relates to JIRA: DISCOVERY-729
@ruda
feat: "check" command displays permissions and ownership
9f8c8be 
Relates to JIRA: DISCOVERY-729
@abellotti
Copy link
Contributor

abellotti commented Dec 11, 2024
edited
Loading

Not a priority, but PTAL at 2db827e...37919bd for a couple of suggestions. Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@infinitewarp infinitewarp infinitewarp requested changes

Requested changes must be addressed to merge this pull request.

Assignees

@ruda ruda

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ruda @abellotti @infinitewarp