Avoid recursive chmod if all directories already have 770 (#260)

For admins, avoid performing recursive chmod on /var/opt/nuodb and /var/log/nuodb if all files and subdirectories one level deep already have mode 770. The "one level deep" check is to avoid skipping the directories entirely if only the directories themselves have mode 770, which is what the init-container used to do in previous versions of the NuoDB Helm Charts. For SMs, descend two levels to ensure that all files directly under /var/opt/nuodb/archive, /var/opt/nuodb/journal, and /var/opt/nuodb/backup (for HCSMs) have mode 770.
nuodb · Dec 6, 2021 · c04f67f · c04f67f
1 parent b91d12d
commit c04f67f
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 29 deletions.
diff --git a/stable/admin/templates/statefulset.yaml b/stable/admin/templates/statefulset.yaml
@@ -61,7 +61,9 @@ spec:
       - name: init-disk
         image: {{ template "init.image" . }}
         imagePullPolicy: {{ default "" .Values.busybox.image.pullPolicy }}
-        command: ['chmod', '-R', '770', '/var/opt/nuodb', '/var/log/nuodb']
+        command: ['sh', '-c', '
+          find /var/opt/nuodb -not -perm 770 -maxdepth 1 -exec chmod -R 770 {} \; &&
+          find /var/log/nuodb -not -perm 770 -maxdepth 1 -exec chmod -R 770 {} \;']
         volumeMounts:
         - name: raftlog
           mountPath: /var/opt/nuodb

diff --git a/stable/database/templates/statefulset.yaml b/stable/database/templates/statefulset.yaml
@@ -68,15 +68,9 @@ spec:
       - name: init-disk
         image: {{ template "init.image" . }}
         imagePullPolicy: {{ default "" .Values.busybox.image.pullPolicy | quote }}
-        command:
-          - 'chmod'
-          - '-R'
-          - '770'
-          - '/var/opt/nuodb/archive'
-          - '/var/log/nuodb'
-  {{- if eq (include "defaultfalse" .Values.database.sm.noHotCopy.journalPath.enabled) "true"}}
-          - '/var/opt/nuodb/journal'
-  {{- end }}
+        command: ['sh', '-c', '
+          find /var/opt/nuodb -not -perm 770 -maxdepth 2 -exec chmod -R 770 {} \; &&
+          find /var/log/nuodb -not -perm 770 -maxdepth 1 -exec chmod -R 770 {} \;']
         volumeMounts:
         - name: archive-volume
           mountPath: /var/opt/nuodb/archive
@@ -443,16 +437,9 @@ spec:
       - name: init-disk
         image: {{ template "init.image" . }}
         imagePullPolicy: {{ default "" .Values.busybox.image.pullPolicy | quote }}
-        command:
-          - 'chmod'
-          - '-R'
-          - '770'
-          - '/var/opt/nuodb/archive'
-          - '/var/opt/nuodb/backup'
-          - '/var/log/nuodb'
-{{- if eq (include "defaultfalse" .Values.database.sm.hotCopy.journalPath.enabled) "true"}}
-          - '/var/opt/nuodb/journal'
-{{- end }}
+        command: ['sh', '-c', '
+          find /var/opt/nuodb -not -perm 770 -maxdepth 2 -exec chmod -R 770 {} \; &&
+          find /var/log/nuodb -not -perm 770 -maxdepth 1 -exec chmod -R 770 {} \;']
         volumeMounts:
         - name: archive-volume
           mountPath: /var/opt/nuodb/archive

diff --git a/test/integration/template_database_test.go b/test/integration/template_database_test.go
@@ -708,9 +708,6 @@ func TestDatabaseSeparateJournal(t *testing.T) {
 			assert.True(t, ok, "mount journal-volume not found")
 			assert.EqualValues(t, "/var/opt/nuodb/journal", mount.MountPath)
 
-			initContainer := obj.Spec.Template.Spec.InitContainers[0]
-			assert.Contains(t, initContainer.Command, "/var/opt/nuodb/journal")
-
 			claim, ok := testlib.GetVolumeClaim(obj.Spec.VolumeClaimTemplates, "journal-volume")
 			assert.True(t, ok, "volume journal-volume not found")
 			assert.Equal(t, v1.ReadWriteOnce, claim.Spec.AccessModes[0])
@@ -742,9 +739,6 @@ func TestDatabaseSeparateJournal(t *testing.T) {
 			assert.True(t, ok, "mount journal-volume not found")
 			assert.EqualValues(t, "/var/opt/nuodb/journal", mount.MountPath)
 
-			initContainer := obj.Spec.Template.Spec.InitContainers[0]
-			assert.Contains(t, initContainer.Command, "/var/opt/nuodb/journal")
-
 			claim, ok := testlib.GetVolumeClaim(obj.Spec.VolumeClaimTemplates, "journal-volume")
 			assert.True(t, ok, "volume journal-volume not found")
 			assert.Equal(t, v1.ReadWriteMany, claim.Spec.AccessModes[0])
@@ -770,9 +764,6 @@ func TestDatabaseSeparateJournal(t *testing.T) {
 			_, ok := testlib.GetMount(container.VolumeMounts, "journal-volume")
 			assert.False(t, ok, "mount journal-volume not found")
 
-			initContainer := obj.Spec.Template.Spec.InitContainers[0]
-			assert.NotContains(t, initContainer.Command, "/var/opt/nuodb/journal")
-
 			_, ok = testlib.GetVolumeClaim(obj.Spec.VolumeClaimTemplates, "journal-volume")
 			assert.False(t, ok, "volume journal-volume not found")
 		}