From a0c31652e17e60870dd9d97eb3194c2ca2460d9c Mon Sep 17 00:00:00 2001 From: Ryan Ernst Date: Thu, 24 Jan 2019 16:06:32 -0800 Subject: [PATCH 1/3] Remove NOREPLACE for /etc/elasticsearch in rpm and deb The /etc/elasticsearch directory is currently configured as a config file with noreplace. However, the directory itself is not config, and can lead to an entire /etc/elasticsearch.rpmsave directory in some situations. This commit fixes the ospackage config to not specify those file bits for the directory itself, but only the files underneath it. --- distribution/packages/build.gradle | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/distribution/packages/build.gradle b/distribution/packages/build.gradle index e0c9dafc5e9b4..1147a0f9e6526 100644 --- a/distribution/packages/build.gradle +++ b/distribution/packages/build.gradle @@ -83,6 +83,9 @@ void addProcessFilesTask(String type, boolean oss) { mkdir "${packagingFiles}/var/log/elasticsearch" mkdir "${packagingFiles}/var/lib/elasticsearch" mkdir "${packagingFiles}/usr/share/elasticsearch/plugins" + + // bare empty dir for /etc/elasticsearch + mkdir "${packagingFiles}/elasticsearch" } } } @@ -173,7 +176,16 @@ Closure commonPackageConfig(String type, boolean oss) { configurationFile '/etc/elasticsearch/users' configurationFile '/etc/elasticsearch/users_roles' } - into('/etc') { + from("${packagingFiles}") { + dirMode 02750 + into('/etc') + permissionGroup 'elasticsearch' + includeEmptyDirs true + createDirectoryEntry true + include("elasticsearch") // empty dir, just to add directory entry + } + from("${packagingFiles}/etc/elasticsearch") { + into('/etc/elasticsearch') dirMode 02750 fileMode 0660 permissionGroup 'elasticsearch' From 85786a45bdb1b954e820e055f69d705cebe8f78e Mon Sep 17 00:00:00 2001 From: Ryan Ernst Date: Thu, 24 Jan 2019 20:22:45 -0800 Subject: [PATCH 2/3] Remove "reinstall" packaging tests The packaging tests currently have a test which installs elasticsearch, removes it, modifies ownership of /etc/elasticsearch, and reinstalls. It then checks that the /etc/elasticsearch directory has ownership that the package expects. But the recursive change touches files not owned by the package. In the past this worked because we did a recursive ownership change within the package postinst. However, that was recently removed, and thus this test no longer makes sense. --- .../packaging/tests/90_reinstall.bats | 78 ------------------- .../test/resources/packaging/utils/utils.bash | 11 --- 2 files changed, 89 deletions(-) delete mode 100644 qa/vagrant/src/test/resources/packaging/tests/90_reinstall.bats diff --git a/qa/vagrant/src/test/resources/packaging/tests/90_reinstall.bats b/qa/vagrant/src/test/resources/packaging/tests/90_reinstall.bats deleted file mode 100644 index 7c5f05c65e894..0000000000000 --- a/qa/vagrant/src/test/resources/packaging/tests/90_reinstall.bats +++ /dev/null @@ -1,78 +0,0 @@ -#!/usr/bin/env bats - -# Tests upgrading elasticsearch from a previous version with the deb or rpm -# packages. Just uses a single node cluster on the current machine rather than -# fancy rolling restarts. - -# WARNING: This testing file must be executed as root and can -# dramatically change your system. It should only be executed -# in a throw-away VM like those made by the Vagrantfile at -# the root of the Elasticsearch source code. This should -# cause the script to fail if it is executed any other way: -[ -f /etc/is_vagrant_vm ] || { - >&2 echo "must be run on a vagrant VM" - exit 1 -} - -# The test case can be executed with the Bash Automated -# Testing System tool available at https://github.com/sstephenson/bats -# Thanks to Sam Stephenson! - -# Licensed to Elasticsearch under one or more contributor -# license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright -# ownership. Elasticsearch licenses this file to you under -# the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -# Load test utilities -load $BATS_UTILS/utils.bash -load $BATS_UTILS/packages.bash - -# Cleans everything for the 1st execution -setup() { - skip_not_dpkg_or_rpm - export PACKAGE_NAME="elasticsearch-oss" -} - -@test "[REINSTALL] install" { - clean_before_test - install_package -} - -@test "[REINSTALL] purge elasticsearch" { - purge_elasticsearch -} - -@test "[REINSTALL] chown directories" { - # to simulate the loss of ownership - if [ -d /var/lib/elasticsearch ]; then - sudo chown -R root:root /var/lib/elasticsearch - fi - if [ -d "/var/log/elasticsearch" ]; then - sudo chown -R root:root /var/log/elasticsearch - fi - if [ -d /etc/elasticsearch ]; then - sudo chown -R root:root /etc/elasticsearch - fi -} - -@test "[REINSTALL] reinstall elasticsearch" { - install_package -} - -@test "[REINSTALL] check ownership" { - assert_recursive_ownership /var/lib/elasticsearch elasticsearch elasticsearch - assert_recursive_ownership /var/log/elasticsearch elasticsearch elasticsearch - assert_recursive_ownership /etc/elasticsearch root elasticsearch -} diff --git a/qa/vagrant/src/test/resources/packaging/utils/utils.bash b/qa/vagrant/src/test/resources/packaging/utils/utils.bash index 18363a5ac6241..92363d4d4e348 100644 --- a/qa/vagrant/src/test/resources/packaging/utils/utils.bash +++ b/qa/vagrant/src/test/resources/packaging/utils/utils.bash @@ -233,17 +233,6 @@ assert_output() { echo "$output" | grep -E "$1" } -assert_recursive_ownership() { - local directory=$1 - local user=$2 - local group=$3 - - realuser=$(find $directory -printf "%u\n" | sort | uniq) - [ "$realuser" = "$user" ] - realgroup=$(find $directory -printf "%g\n" | sort | uniq) - [ "$realgroup" = "$group" ] -} - # Deletes everything before running a test file clean_before_test() { From 3058663660782ad65c45fbd4f85d4da071685aa8 Mon Sep 17 00:00:00 2001 From: Ryan Ernst Date: Thu, 24 Jan 2019 22:54:39 -0800 Subject: [PATCH 3/3] remove leftover config --- distribution/packages/build.gradle | 1 - 1 file changed, 1 deletion(-) diff --git a/distribution/packages/build.gradle b/distribution/packages/build.gradle index 1147a0f9e6526..0b573ed9bad13 100644 --- a/distribution/packages/build.gradle +++ b/distribution/packages/build.gradle @@ -192,7 +192,6 @@ Closure commonPackageConfig(String type, boolean oss) { includeEmptyDirs true createDirectoryEntry true fileType CONFIG | NOREPLACE - from "${packagingFiles}/etc" } String envFile = expansionsForDistribution(type, false)['path.env'] configurationFile envFile