From b1643eccee7ce138a0e2340b088702de926476da Mon Sep 17 00:00:00 2001 From: Ben Partridge Date: Wed, 13 Nov 2019 17:31:06 +1100 Subject: [PATCH 1/8] DCD-802: become product user when unarchiving shared home. Implement test that shared home is owned by correct user --- roles/restore_backups/molecule/restore/playbook.yml | 5 ++--- .../restore_backups/molecule/restore/tests/test_default.py | 6 ++++++ roles/restore_backups/tasks/main.yml | 3 +-- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/roles/restore_backups/molecule/restore/playbook.yml b/roles/restore_backups/molecule/restore/playbook.yml index b3c60b0..e2f8157 100644 --- a/roles/restore_backups/molecule/restore/playbook.yml +++ b/roles/restore_backups/molecule/restore/playbook.yml @@ -6,6 +6,5 @@ atl_product_user: 'jira' atl_backup_home_restore_canary_path: '/tmp/canary.tmp' - tasks: - - name: Install distro-specific restore support packages - include_tasks: "../../tasks/{{ ansible_distribution|lower }}.yml" + roles: + - restore_backups diff --git a/roles/restore_backups/molecule/restore/tests/test_default.py b/roles/restore_backups/molecule/restore/tests/test_default.py index 6f88a4f..d8ec2b2 100644 --- a/roles/restore_backups/molecule/restore/tests/test_default.py +++ b/roles/restore_backups/molecule/restore/tests/test_default.py @@ -18,3 +18,9 @@ def test_postgresql_amazon_linux_extras_exes(host, exe): def test_postgresql_version(host): pg_dump_version_output = host.check_output('pg_dump --version') assert '(PostgreSQL) 9.6' in pg_dump_version_output + +def test_shared_home_owner(host): + for root, dirs, files in os.walk('/media/atl/jira/shared'): + for fileName in files + dirs: + assert host.file(fileName).user == 'jira' + assert host.file(fileName).group == 'jira' \ No newline at end of file diff --git a/roles/restore_backups/tasks/main.yml b/roles/restore_backups/tasks/main.yml index 1f9ebdb..825517b 100644 --- a/roles/restore_backups/tasks/main.yml +++ b/roles/restore_backups/tasks/main.yml @@ -124,8 +124,7 @@ unarchive: src: "{{ atl_backup_home_dest }}" dest: "{{ atl_product_home_shared }}" - owner: "{{ atl_product_user }}" - group: "{{ atl_product_user }}" + become: "{{ atl_product_user }}" - name: Create restore-canary if necessary copy: From 4827ae84236049d1edb491c5fd090cca1b89e058 Mon Sep 17 00:00:00 2001 From: Ben Partridge Date: Mon, 18 Nov 2019 16:37:26 +1100 Subject: [PATCH 2/8] DCD-802: Fix test and implementation for setting shared home owner and group to application user --- .../molecule/restore/playbook.yml | 55 ++++++++++++++++++- .../molecule/restore/tests/test_default.py | 14 +++-- roles/restore_backups/tasks/home_restore.yml | 37 +++++++++++++ roles/restore_backups/tasks/main.yml | 29 +--------- 4 files changed, 101 insertions(+), 34 deletions(-) create mode 100644 roles/restore_backups/tasks/home_restore.yml diff --git a/roles/restore_backups/molecule/restore/playbook.yml b/roles/restore_backups/molecule/restore/playbook.yml index e2f8157..d174e48 100644 --- a/roles/restore_backups/molecule/restore/playbook.yml +++ b/roles/restore_backups/molecule/restore/playbook.yml @@ -4,7 +4,58 @@ vars: atl_backup_manifest_url: 's3://dcd-slingshot-test/dummy_manifest.json' atl_product_user: 'jira' + atl_product_user_uid: '2001' atl_backup_home_restore_canary_path: '/tmp/canary.tmp' + atl_product_home_shared: '/media/atl/jira/shared' + atl_backup_id: 'test-backup' + atl_backup_home_dest: "{{ test_archive }}" - roles: - - restore_backups + test_archive_source: '/tmp/hello' + test_archive_file: 'hello.txt' + test_archive: '/tmp/hello.tar.gz' + test_pre_step_prefix: '[PRE-TEST]' + + pre_tasks: + - name: "{{ test_pre_step_prefix }} Install tar" + package: + state: present + name: tar + + - name: "{{ test_pre_step_prefix }} Install useradd and groupadd binaries" + package: + state: present + name: shadow-utils + + - name: "{{ test_pre_step_prefix }} Create application group" + group: + name: "{{ atl_product_user }}" + gid: "{{ atl_product_user_uid }}" + + - name: "{{ test_pre_step_prefix }} Create application user" + user: + name: "{{ atl_product_user }}" + uid: "{{ atl_product_user_uid }}" + group: "{{ atl_product_user }}" + + - block: + - name: "{{ test_pre_step_prefix }} Create a directory for the shared home archive" + file: + path: "{{ test_archive_source }}" + state: directory + - name: "{{ test_pre_step_prefix }} Create a file in the shared home" + lineinfile: + create: yes + line: 'Hello, world!' + path: "{{ test_archive_source }}/{{ test_archive_file }}" + - name: "{{ test_pre_step_prefix }} Archive the shared home" + archive: + path: "{{ test_archive_source }}" + dest: "{{ test_archive }}" + owner: "{{ atl_product_user }}" + + tasks: + - name: Install distro-specific restore support packages + include_tasks: "../../tasks/{{ ansible_distribution|lower }}.yml" + + - name: Restore shared home + include_tasks: "../../tasks/home_restore.yml" diff --git a/roles/restore_backups/molecule/restore/tests/test_default.py b/roles/restore_backups/molecule/restore/tests/test_default.py index d8ec2b2..f8ab676 100644 --- a/roles/restore_backups/molecule/restore/tests/test_default.py +++ b/roles/restore_backups/molecule/restore/tests/test_default.py @@ -19,8 +19,12 @@ def test_postgresql_version(host): pg_dump_version_output = host.check_output('pg_dump --version') assert '(PostgreSQL) 9.6' in pg_dump_version_output -def test_shared_home_owner(host): - for root, dirs, files in os.walk('/media/atl/jira/shared'): - for fileName in files + dirs: - assert host.file(fileName).user == 'jira' - assert host.file(fileName).group == 'jira' \ No newline at end of file +@pytest.mark.parametrize('file', [ + '/media/atl/jira/shared', + '/media/atl/jira/shared/hello', + '/media/atl/jira/shared/hello/hello.txt' +]) +def test_shared_home_owner(host, file): + assert host.file(file).exists + assert host.file(file).user == 'jira' + assert host.file(file).group == 'jira' \ No newline at end of file diff --git a/roles/restore_backups/tasks/home_restore.yml b/roles/restore_backups/tasks/home_restore.yml new file mode 100644 index 0000000..2a9fa1f --- /dev/null +++ b/roles/restore_backups/tasks/home_restore.yml @@ -0,0 +1,37 @@ +--- +- name: Check for the restore canary file + stat: + path: "{{ atl_backup_home_restore_canary_path }}" + register: restore_canary + +- block: + - name: Create shared home if necessary + file: + path: "{{ atl_product_home_shared }}" + state: directory + mode: 0750 + owner: "{{ atl_product_user }}" + group: "{{ atl_product_user }}" + + - name: Restore the shared-home backup + unarchive: + src: "{{ atl_backup_home_dest }}" + remote_src: yes + dest: "{{ atl_product_home_shared }}" + mode: 0640 + + - name: Set shared home file owner to application user + file: + path: "{{ atl_product_home_shared }}" + recurse: yes + group: "{{ atl_product_user }}" + state: directory + mode: 0640 + owner: "{{ atl_product_user }}" + + - name: Create restore-canary if necessary + copy: + dest: "{{ atl_backup_home_restore_canary_path }}" + content: "{{ atl_backup_id }}" + + when: not restore_canary.stat.exists diff --git a/roles/restore_backups/tasks/main.yml b/roles/restore_backups/tasks/main.yml index 3071044..c5b26ed 100644 --- a/roles/restore_backups/tasks/main.yml +++ b/roles/restore_backups/tasks/main.yml @@ -108,33 +108,8 @@ when: db_created.changed and atl_backup_db_dest is defined - - name: Check for the restore canary file - stat: - path: "{{ atl_backup_home_restore_canary_path }}" - register: restore_canary - - - block: - - - name: Create shared home if necessary - file: - path: "{{ atl_product_home_shared }}" - state: directory - mode: 0750 - owner: "{{ atl_product_user }}" - group: "{{ atl_product_user }}" - - - name: Restore the shared-home backup - unarchive: - src: "{{ atl_backup_home_dest }}" - dest: "{{ atl_product_home_shared }}" - become: "{{ atl_product_user }}" - - - name: Create restore-canary if necessary - copy: - dest: "{{ atl_backup_home_restore_canary_path }}" - content: "{{ atl_backup_id }}" - - when: not restore_canary.stat.exists + - name: Restore shared home + include_tasks: "{{ home_restore.yml }}" when: atl_restore_required From 688be1f5d79f2ff75b51d3aadbf71055f7b482fe Mon Sep 17 00:00:00 2001 From: Ben Partridge Date: Mon, 18 Nov 2019 16:59:56 +1100 Subject: [PATCH 3/8] DCD-802: Add test and logic for setting version file owner to root in shared home --- roles/restore_backups/molecule/restore/playbook.yml | 12 +++++++++++- .../molecule/restore/tests/test_default.py | 7 ++++++- roles/restore_backups/tasks/home_restore.yml | 13 +++++++++++-- 3 files changed, 28 insertions(+), 4 deletions(-) diff --git a/roles/restore_backups/molecule/restore/playbook.yml b/roles/restore_backups/molecule/restore/playbook.yml index d174e48..3e4272c 100644 --- a/roles/restore_backups/molecule/restore/playbook.yml +++ b/roles/restore_backups/molecule/restore/playbook.yml @@ -4,6 +4,8 @@ vars: atl_backup_manifest_url: 's3://dcd-slingshot-test/dummy_manifest.json' atl_product_user: 'jira' + atl_product_edition: 'jira-software' + atl_product_version_cache: "{{ atl_product_home_shared }}/{{ atl_product_edition }}.version" atl_product_user_uid: '2001' atl_backup_home_restore_canary_path: '/tmp/canary.tmp' atl_product_home_shared: '/media/atl/jira/shared' @@ -12,6 +14,7 @@ test_archive_source: '/tmp/hello' test_archive_file: 'hello.txt' + test_product_version_file: "/tmp/{{ atl_product_edition }}.version" test_archive: '/tmp/hello.tar.gz' test_pre_step_prefix: '[PRE-TEST]' @@ -47,9 +50,16 @@ create: yes line: 'Hello, world!' path: "{{ test_archive_source }}/{{ test_archive_file }}" + - name: "{{ test_pre_step_prefix }} Create the version file in the shared home" + lineinfile: + create: yes + line: '8.5' + path: "{{ test_product_version_file }}" - name: "{{ test_pre_step_prefix }} Archive the shared home" archive: - path: "{{ test_archive_source }}" + path: + - "{{ test_archive_source }}" + - "{{ test_product_version_file }}" dest: "{{ test_archive }}" owner: "{{ atl_product_user }}" diff --git a/roles/restore_backups/molecule/restore/tests/test_default.py b/roles/restore_backups/molecule/restore/tests/test_default.py index f8ab676..98af566 100644 --- a/roles/restore_backups/molecule/restore/tests/test_default.py +++ b/roles/restore_backups/molecule/restore/tests/test_default.py @@ -27,4 +27,9 @@ def test_postgresql_version(host): def test_shared_home_owner(host, file): assert host.file(file).exists assert host.file(file).user == 'jira' - assert host.file(file).group == 'jira' \ No newline at end of file + assert host.file(file).group == 'jira' + +def test_version_file_owned_by_root(host): + assert host.file('/media/atl/jira/shared/jira-software.version').exists + assert host.file('/media/atl/jira/shared/jira-software.version').user == 'root' + assert host.file('/media/atl/jira/shared/jira-software.version').group == 'root' \ No newline at end of file diff --git a/roles/restore_backups/tasks/home_restore.yml b/roles/restore_backups/tasks/home_restore.yml index 2a9fa1f..c3cb081 100644 --- a/roles/restore_backups/tasks/home_restore.yml +++ b/roles/restore_backups/tasks/home_restore.yml @@ -20,14 +20,23 @@ dest: "{{ atl_product_home_shared }}" mode: 0640 - - name: Set shared home file owner to application user + - name: Set shared home owner and group to application user file: path: "{{ atl_product_home_shared }}" recurse: yes group: "{{ atl_product_user }}" + owner: "{{ atl_product_user }}" state: directory mode: 0640 - owner: "{{ atl_product_user }}" + + - name: Set version file owner and group to root + file: + path: "{{ atl_product_version_cache }}" + group: root + owner: root + state: file + # Ignore the error in case there is no product version file in the backup + ignore_errors: yes - name: Create restore-canary if necessary copy: From cbe62d02fd4c49a2bc795b5b886fd99f73bf0523 Mon Sep 17 00:00:00 2001 From: Ben Partridge Date: Mon, 18 Nov 2019 17:02:08 +1100 Subject: [PATCH 4/8] DCD-802: Organise vars in restore molecule playbook --- .../molecule/restore/playbook.yml | 23 ++++++++++--------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/roles/restore_backups/molecule/restore/playbook.yml b/roles/restore_backups/molecule/restore/playbook.yml index 3e4272c..a2b36ea 100644 --- a/roles/restore_backups/molecule/restore/playbook.yml +++ b/roles/restore_backups/molecule/restore/playbook.yml @@ -2,21 +2,22 @@ - name: Converge hosts: all vars: - atl_backup_manifest_url: 's3://dcd-slingshot-test/dummy_manifest.json' - atl_product_user: 'jira' - atl_product_edition: 'jira-software' - atl_product_version_cache: "{{ atl_product_home_shared }}/{{ atl_product_edition }}.version" - atl_product_user_uid: '2001' - atl_backup_home_restore_canary_path: '/tmp/canary.tmp' - atl_product_home_shared: '/media/atl/jira/shared' - atl_backup_id: 'test-backup' atl_backup_home_dest: "{{ test_archive }}" + atl_backup_home_restore_canary_path: '/tmp/canary.tmp' + atl_backup_id: 'test-backup' + atl_backup_manifest_url: 'fake_manifest' + + atl_product_edition: 'jira-software' + atl_product_home_shared: '/media/atl/jira/shared' + atl_product_user: 'jira' + atl_product_user_uid: '2001' + atl_product_version_cache: "{{ atl_product_home_shared }}/{{ atl_product_edition }}.version" - test_archive_source: '/tmp/hello' - test_archive_file: 'hello.txt' - test_product_version_file: "/tmp/{{ atl_product_edition }}.version" test_archive: '/tmp/hello.tar.gz' + test_archive_file: 'hello.txt' + test_archive_source: '/tmp/hello' test_pre_step_prefix: '[PRE-TEST]' + test_product_version_file: "/tmp/{{ atl_product_edition }}.version" pre_tasks: - name: "{{ test_pre_step_prefix }} Install tar" From b12d26c282e77c2bc51bb4ac389a5fc2974909ac Mon Sep 17 00:00:00 2001 From: Ben Partridge Date: Tue, 19 Nov 2019 16:01:23 +1100 Subject: [PATCH 5/8] DCD-802: Fix reference to home_restore task in include task in restore_backups main.yml --- roles/restore_backups/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/restore_backups/tasks/main.yml b/roles/restore_backups/tasks/main.yml index c5b26ed..1c81430 100644 --- a/roles/restore_backups/tasks/main.yml +++ b/roles/restore_backups/tasks/main.yml @@ -109,7 +109,7 @@ - name: Restore shared home - include_tasks: "{{ home_restore.yml }}" + include_tasks: "home_restore.yml" when: atl_restore_required From 096549edadb1006effb3989782249b3a87ae1f16 Mon Sep 17 00:00:00 2001 From: Ben Partridge Date: Wed, 20 Nov 2019 13:55:59 +1100 Subject: [PATCH 6/8] Preserve file permissions when restoring the shared home backup --- roles/restore_backups/tasks/home_restore.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/restore_backups/tasks/home_restore.yml b/roles/restore_backups/tasks/home_restore.yml index c3cb081..bdeb866 100644 --- a/roles/restore_backups/tasks/home_restore.yml +++ b/roles/restore_backups/tasks/home_restore.yml @@ -18,7 +18,7 @@ src: "{{ atl_backup_home_dest }}" remote_src: yes dest: "{{ atl_product_home_shared }}" - mode: 0640 + mode: preserve - name: Set shared home owner and group to application user file: @@ -27,7 +27,6 @@ group: "{{ atl_product_user }}" owner: "{{ atl_product_user }}" state: directory - mode: 0640 - name: Set version file owner and group to root file: From cb6647ba8e70108d5bf4400c617a13497b5aac7a Mon Sep 17 00:00:00 2001 From: Ben Partridge Date: Wed, 20 Nov 2019 15:53:16 +1100 Subject: [PATCH 7/8] DCD-802: Fix file mode preservation in restore and add test for file mode --- roles/restore_backups/molecule/restore/playbook.yml | 3 +++ roles/restore_backups/molecule/restore/tests/test_default.py | 5 +++++ roles/restore_backups/tasks/home_restore.yml | 1 - 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/roles/restore_backups/molecule/restore/playbook.yml b/roles/restore_backups/molecule/restore/playbook.yml index a2b36ea..073d24b 100644 --- a/roles/restore_backups/molecule/restore/playbook.yml +++ b/roles/restore_backups/molecule/restore/playbook.yml @@ -46,16 +46,19 @@ file: path: "{{ test_archive_source }}" state: directory + mode: 0755 - name: "{{ test_pre_step_prefix }} Create a file in the shared home" lineinfile: create: yes line: 'Hello, world!' path: "{{ test_archive_source }}/{{ test_archive_file }}" + mode: 0640 - name: "{{ test_pre_step_prefix }} Create the version file in the shared home" lineinfile: create: yes line: '8.5' path: "{{ test_product_version_file }}" + mode: 0640 - name: "{{ test_pre_step_prefix }} Archive the shared home" archive: path: diff --git a/roles/restore_backups/molecule/restore/tests/test_default.py b/roles/restore_backups/molecule/restore/tests/test_default.py index 98af566..c9882bc 100644 --- a/roles/restore_backups/molecule/restore/tests/test_default.py +++ b/roles/restore_backups/molecule/restore/tests/test_default.py @@ -1,5 +1,6 @@ import os import pytest +from stat import * import testinfra.utils.ansible_runner @@ -29,6 +30,10 @@ def test_shared_home_owner(host, file): assert host.file(file).user == 'jira' assert host.file(file).group == 'jira' +def test_file_modes(host): + assert host.file('/media/atl/jira/shared/hello').mode == 0o755 + assert host.file('/media/atl/jira/shared/hello/hello.txt').mode == 0o640 + def test_version_file_owned_by_root(host): assert host.file('/media/atl/jira/shared/jira-software.version').exists assert host.file('/media/atl/jira/shared/jira-software.version').user == 'root' diff --git a/roles/restore_backups/tasks/home_restore.yml b/roles/restore_backups/tasks/home_restore.yml index bdeb866..4c5f2ad 100644 --- a/roles/restore_backups/tasks/home_restore.yml +++ b/roles/restore_backups/tasks/home_restore.yml @@ -18,7 +18,6 @@ src: "{{ atl_backup_home_dest }}" remote_src: yes dest: "{{ atl_product_home_shared }}" - mode: preserve - name: Set shared home owner and group to application user file: From 0cbd11c7020144ec863533c8e84117c0c8407e1c Mon Sep 17 00:00:00 2001 From: Ben Partridge Date: Wed, 20 Nov 2019 15:54:08 +1100 Subject: [PATCH 8/8] DCD-802: Fix unused import in restore test --- roles/restore_backups/molecule/restore/tests/test_default.py | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/restore_backups/molecule/restore/tests/test_default.py b/roles/restore_backups/molecule/restore/tests/test_default.py index c9882bc..bcfa53d 100644 --- a/roles/restore_backups/molecule/restore/tests/test_default.py +++ b/roles/restore_backups/molecule/restore/tests/test_default.py @@ -1,6 +1,5 @@ import os import pytest -from stat import * import testinfra.utils.ansible_runner