diff options
-rw-r--r-- | backup/Dockerfile | 2 | ||||
-rw-r--r-- | requirements.txt | 2 | ||||
-rw-r--r-- | trove/guestagent/datastore/mysql_common/manager.py | 90 | ||||
-rw-r--r-- | trove/rpc.py | 7 |
4 files changed, 66 insertions, 35 deletions
diff --git a/backup/Dockerfile b/backup/Dockerfile index 3827bfc7..0d542db2 100644 --- a/backup/Dockerfile +++ b/backup/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:18.04 +FROM ubuntu:20.04 LABEL maintainer="anlin.kong@gmail.com" ARG DATASTORE="mysql5.7" diff --git a/requirements.txt b/requirements.txt index b9dabd20..b261d38a 100644 --- a/requirements.txt +++ b/requirements.txt @@ -38,7 +38,7 @@ oslo.utils>=3.40.0 # Apache-2.0 oslo.concurrency>=3.26.0 # Apache-2.0 PyMySQL>=0.7.6 # MIT License stevedore>=1.20.0 # Apache-2.0 -oslo.messaging>=5.29.0 # Apache-2.0 +oslo.messaging>=14.1.0 # Apache-2.0 osprofiler>=1.4.0 # Apache-2.0 oslo.log>=3.36.0 # Apache-2.0 oslo.db>=4.27.0 # Apache-2.0 diff --git a/trove/guestagent/datastore/mysql_common/manager.py b/trove/guestagent/datastore/mysql_common/manager.py index cd6546a1..890981fc 100644 --- a/trove/guestagent/datastore/mysql_common/manager.py +++ b/trove/guestagent/datastore/mysql_common/manager.py @@ -205,43 +205,75 @@ class MySqlManager(manager.Manager): root_pass = utils.generate_random_password() self.app.save_password('root', root_pass) - with tempfile.NamedTemporaryFile(mode='w') as init_file, \ - tempfile.NamedTemporaryFile(suffix='.err') as err_file: - operating_system.write_file( - init_file.name, - f"ALTER USER 'root'@'localhost' IDENTIFIED BY '{root_pass}';" - ) - command = ( - f'mysqld_safe --init-file={init_file.name} ' - f'--log-error={err_file.name} ' - f'--datadir={data_dir}' - ) - extra_volumes = { - init_file.name: {"bind": init_file.name, "mode": "rw"}, - err_file.name: {"bind": err_file.name, "mode": "rw"}, - } - - # Allow database service user to access the temporary files. + init_file = tempfile.NamedTemporaryFile(mode='w') + operating_system.write_file( + init_file.name, + f"ALTER USER 'root'@'localhost' IDENTIFIED BY '{root_pass}';" + ) + err_file = tempfile.NamedTemporaryFile(suffix='.err') + + # Get the original file owner and group before changing the owner. + from pathlib import Path + init_file_path = Path(init_file.name) + init_file_owner = init_file_path.owner() + init_file_group = init_file_path.group() + + # Allow database service user to access the temporary files. + try: for file in [init_file.name, err_file.name]: - operating_system.chmod(file, - operating_system.FileMode.SET_ALL_RWX(), - force=True, as_root=True) + operating_system.chown(file, CONF.database_service_uid, + CONF.database_service_uid, force=True, + as_root=True) + except Exception as err: + LOG.error('Failed to change file owner, error: %s', str(err)) + for file in [init_file.name, err_file.name]: + LOG.debug('Reverting the %s owner to %s ' + 'before close it.', file, init_file_owner) + operating_system.chown(file, init_file_owner, + init_file_group, force=True, + as_root=True) + init_file.close() + err_file.close() + raise err + + # Allow database service user to access the temporary files. + command = ( + f'mysqld --init-file={init_file.name} ' + f'--log-error={err_file.name} ' + f'--datadir={data_dir} ' + ) + extra_volumes = { + init_file.name: {"bind": init_file.name, "mode": "rw"}, + err_file.name: {"bind": err_file.name, "mode": "rw"}, + } + # Start the database container process. + try: + self.app.start_db(ds_version=ds_version, command=command, + extra_volumes=extra_volumes) + except Exception as err: + LOG.error('Failed to reset password for restore, error: %s', + str(err)) + raise err # re-raised at the end of the finally clause + finally: try: - self.app.start_db(ds_version=ds_version, command=command, - extra_volumes=extra_volumes) - except Exception as err: - LOG.error('Failed to reset password for restore, error: %s', - str(err)) - LOG.debug('Content in init error log file: %s', - err_file.read()) - raise err - finally: LOG.debug( 'The init container log: %s', docker_util.get_container_logs(self.app.docker_client) ) docker_util.remove_container(self.app.docker_client) + except Exception as err: + LOG.error('Failed to remove container. error: %s', + str(err)) + pass + for file in [init_file.name, err_file.name]: + LOG.debug('Reverting the %s owner to %s ' + 'before close it.', file, init_file_owner) + operating_system.chown(file, init_file_owner, + init_file_group, force=True, + as_root=True) + init_file.close() + err_file.close() LOG.info('Finished to reset password for restore') diff --git a/trove/rpc.py b/trove/rpc.py index 81a9b2fb..36fa5b21 100644 --- a/trove/rpc.py +++ b/trove/rpc.py @@ -103,10 +103,9 @@ def get_client(target, key, version_cap=None, serializer=None, # assert key is not None serializer = secure_serializer( sz.TroveRequestContextSerializer(serializer), key) - return messaging.RPCClient(TRANSPORT, - target, - version_cap=version_cap, - serializer=serializer) + return messaging.get_rpc_client( + TRANSPORT, target, version_cap=version_cap, + serializer=serializer) def get_server(target, endpoints, key, serializer=None, |