Fix diagnostics dir permissions in secondary store to allow for GC

Dingane Hlaluku · Dingane Hlaluku · commit cb576f1bcbc9 · 2019-03-19T17:14:46.000+02:00
diff --git a/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtCopyToSecondaryStorageWrapper.java b/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtCopyToSecondaryStorageWrapper.java
@@ -17,6 +17,12 @@
 package com.cloud.hypervisor.kvm.resource.wrapper;
 
 import java.io.File;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.nio.file.attribute.PosixFileAttributes;
+import java.nio.file.attribute.PosixFilePermission;
+import java.util.Set;
 
 import com.cloud.agent.api.Answer;
 import com.cloud.hypervisor.kvm.resource.LibvirtComputingResource;
@@ -25,11 +31,13 @@
 import com.cloud.resource.CommandWrapper;
 import com.cloud.resource.ResourceWrapper;
 import com.cloud.utils.ssh.SshHelper;
-
 import org.apache.cloudstack.diagnostics.CopyToSecondaryStorageAnswer;
 import org.apache.cloudstack.diagnostics.CopyToSecondaryStorageCommand;
+import org.apache.cloudstack.diagnostics.DiagnosticsHelper;
 import org.apache.log4j.Logger;
 
+import static org.apache.cloudstack.diagnostics.DiagnosticsHelper.setDirFilePermissions;
+
 @ResourceWrapper(handles = CopyToSecondaryStorageCommand.class)
 public class LibvirtCopyToSecondaryStorageWrapper extends CommandWrapper<CopyToSecondaryStorageCommand, Answer, LibvirtComputingResource> {
     public static final Logger LOGGER = Logger.getLogger(LibvirtCopyToSecondaryStorageWrapper.class);
@@ -50,11 +58,14 @@ public Answer execute(CopyToSecondaryStorageCommand command, LibvirtComputingRes
         String mountPoint = secondaryPool.getLocalPath();
 
         // /mnt/SecStorage/uuid/diagnostics_data
-        String dataDirectoryInSecondaryStore = String.format("%s/%s", mountPoint, "diagnostics_data");
+        String dataDirectoryInSecondaryStore = String.format("%s/%s", mountPoint, DiagnosticsHelper.DIAGNOSTICS_DATA_DIR);
         try {
             File dataDirectory = new File(dataDirectoryInSecondaryStore);
             boolean existsInSecondaryStore = dataDirectory.exists() || dataDirectory.mkdir();
 
+            // Modify directory file permissions
+            Path path = Paths.get(dataDirectory.getAbsolutePath());
+            setDirFilePermissions(path);
             if (existsInSecondaryStore) {
                 LOGGER.info(String.format("Copying %s from %s to secondary store %s", diagnosticsZipFile, vmSshIp, secondaryStorageUrl));
                 int port = Integer.valueOf(LibvirtComputingResource.DEFAULTDOMRSSHPORT);
@@ -76,4 +87,5 @@ public Answer execute(CopyToSecondaryStorageCommand command, LibvirtComputingRes
             secondaryPool.delete();
         }
     }
+
 }
diff --git a/plugins/hypervisors/xenserver/src/main/java/com/cloud/hypervisor/xenserver/resource/CitrixResourceBase.java b/plugins/hypervisors/xenserver/src/main/java/com/cloud/hypervisor/xenserver/resource/CitrixResourceBase.java
@@ -29,6 +29,8 @@
 import java.net.URL;
 import java.net.URLConnection;
 import java.nio.charset.Charset;
+import java.nio.file.Path;
+import java.nio.file.Paths;
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.HashMap;
@@ -51,6 +53,7 @@
 
 import org.apache.cloudstack.diagnostics.CopyToSecondaryStorageAnswer;
 import org.apache.cloudstack.diagnostics.CopyToSecondaryStorageCommand;
+import org.apache.cloudstack.diagnostics.DiagnosticsHelper;
 import org.apache.cloudstack.storage.to.TemplateObjectTO;
 import org.apache.cloudstack.storage.to.VolumeObjectTO;
 import org.apache.commons.collections.CollectionUtils;
@@ -161,6 +164,8 @@
 import com.xensource.xenapi.VM;
 import com.xensource.xenapi.XenAPIObject;
 
+import static org.apache.cloudstack.diagnostics.DiagnosticsHelper.setDirFilePermissions;
+
 /**
  * CitrixResourceBase encapsulates the calls to the XenServer Xapi process to
  * perform the required functionalities for CloudStack.
@@ -5636,11 +5641,14 @@ public Answer copyDiagnosticsFileToSecondaryStorage(Connection conn, CopyToSecon
                 return new CopyToSecondaryStorageAnswer(cmd, false, "Could not mount secondary storage " + secondaryStorageMountPath + " on host " + localDir);
             }
 
-            String diagnosticsFileDir = "diagnostics_data";
-
-            String dataDirectoryInSecondaryStore = localDir + "/" + diagnosticsFileDir;
+            String dataDirectoryInSecondaryStore = localDir + "/" + DiagnosticsHelper.DIAGNOSTICS_DATA_DIR;
             File dataDirectory = new File(dataDirectoryInSecondaryStore);
             boolean existsInSecondaryStore = dataDirectory.exists() || dataDirectory.mkdir();
+
+            // Modify directory file permissions
+            Path path = Paths.get(dataDirectory.getAbsolutePath());
+            setDirFilePermissions(path);
+
             if (existsInSecondaryStore) {
                 int port = 3922;
                 File permKey = new File("/root/.ssh/id_rsa.cloud");
diff --git a/server/src/main/java/org/apache/cloudstack/diagnostics/DiagnosticsHelper.java b/server/src/main/java/org/apache/cloudstack/diagnostics/DiagnosticsHelper.java
@@ -25,15 +25,33 @@
 import java.nio.file.attribute.BasicFileAttributeView;
 import java.nio.file.attribute.BasicFileAttributes;
 import java.nio.file.attribute.FileTime;
+import java.nio.file.attribute.PosixFileAttributes;
+import java.nio.file.attribute.PosixFilePermission;
+import java.util.Set;
 
+import com.cloud.utils.script.Script2;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.log4j.Logger;
 
-import com.cloud.utils.script.Script2;
-
 public class DiagnosticsHelper {
     private static final Logger LOGGER = Logger.getLogger(DiagnosticsHelper.class);
 
+    public static final String DIAGNOSTICS_DATA_DIR = "diagnostics_data";
+
+    public static void setDirFilePermissions(Path path) throws java.io.IOException {
+        Set<PosixFilePermission> perms = Files.readAttributes(path, PosixFileAttributes.class).permissions();
+        perms.add(PosixFilePermission.OWNER_WRITE);
+        perms.add(PosixFilePermission.OWNER_READ);
+        perms.add(PosixFilePermission.OWNER_EXECUTE);
+        perms.add(PosixFilePermission.GROUP_WRITE);
+        perms.add(PosixFilePermission.GROUP_READ);
+        perms.add(PosixFilePermission.GROUP_EXECUTE);
+        perms.add(PosixFilePermission.OTHERS_WRITE);
+        perms.add(PosixFilePermission.OTHERS_READ);
+        perms.add(PosixFilePermission.OTHERS_EXECUTE);
+        Files.setPosixFilePermissions(path, perms);
+    }
+
     public static void umountSecondaryStorage(String mountPoint) {
         if (StringUtils.isNotBlank(mountPoint)) {
             Script2 umountCmd = new Script2("/bin/bash", LOGGER);
diff --git a/server/src/main/java/org/apache/cloudstack/diagnostics/DiagnosticsServiceImpl.java b/server/src/main/java/org/apache/cloudstack/diagnostics/DiagnosticsServiceImpl.java
@@ -18,6 +18,8 @@
 package org.apache.cloudstack.diagnostics;
 
 import java.io.File;
+import java.nio.file.Path;
+import java.nio.file.Paths;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
@@ -26,32 +28,12 @@
 import javax.inject.Inject;
 import javax.naming.ConfigurationException;
 
-import org.apache.cloudstack.api.command.admin.diagnostics.GetDiagnosticsDataCmd;
-import org.apache.cloudstack.api.command.admin.diagnostics.RunDiagnosticsCmd;
-import org.apache.cloudstack.diagnostics.fileprocessor.DiagnosticsFilesList;
-import org.apache.cloudstack.diagnostics.fileprocessor.DiagnosticsFilesListFactory;
-import org.apache.cloudstack.diagnostics.to.DiagnosticsDataObject;
-import org.apache.cloudstack.diagnostics.to.DiagnosticsDataTO;
-import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
-import org.apache.cloudstack.engine.subsystem.api.storage.DataObject;
-import org.apache.cloudstack.engine.subsystem.api.storage.DataStore;
-import org.apache.cloudstack.engine.subsystem.api.storage.DataStoreManager;
-import org.apache.cloudstack.engine.subsystem.api.storage.ZoneScope;
-import org.apache.cloudstack.framework.config.ConfigKey;
-import org.apache.cloudstack.framework.config.Configurable;
-import org.apache.cloudstack.managed.context.ManagedContextRunnable;
-import org.apache.cloudstack.poll.BackgroundPollManager;
-import org.apache.cloudstack.poll.BackgroundPollTask;
-import org.apache.cloudstack.storage.NfsMountManager;
-import org.apache.cloudstack.storage.image.datastore.ImageStoreEntity;
-import org.apache.commons.collections.CollectionUtils;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.log4j.Logger;
-
 import com.cloud.agent.AgentManager;
 import com.cloud.agent.api.Answer;
 import com.cloud.agent.api.routing.NetworkElementCommand;
 import com.cloud.agent.api.to.DataTO;
+import com.cloud.dc.DataCenterVO;
+import com.cloud.dc.dao.DataCenterDao;
 import com.cloud.event.ActionEvent;
 import com.cloud.event.EventTypes;
 import com.cloud.exception.InvalidParameterValueException;
@@ -69,8 +51,30 @@
 import com.cloud.vm.VirtualMachineManager;
 import com.cloud.vm.dao.VMInstanceDao;
 import com.google.common.base.Strings;
+import org.apache.cloudstack.api.command.admin.diagnostics.GetDiagnosticsDataCmd;
+import org.apache.cloudstack.api.command.admin.diagnostics.RunDiagnosticsCmd;
+import org.apache.cloudstack.diagnostics.fileprocessor.DiagnosticsFilesList;
+import org.apache.cloudstack.diagnostics.fileprocessor.DiagnosticsFilesListFactory;
+import org.apache.cloudstack.diagnostics.to.DiagnosticsDataObject;
+import org.apache.cloudstack.diagnostics.to.DiagnosticsDataTO;
+import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
+import org.apache.cloudstack.engine.subsystem.api.storage.DataObject;
+import org.apache.cloudstack.engine.subsystem.api.storage.DataStore;
+import org.apache.cloudstack.engine.subsystem.api.storage.DataStoreManager;
+import org.apache.cloudstack.engine.subsystem.api.storage.ZoneScope;
+import org.apache.cloudstack.framework.config.ConfigKey;
+import org.apache.cloudstack.framework.config.Configurable;
+import org.apache.cloudstack.managed.context.ManagedContextRunnable;
+import org.apache.cloudstack.poll.BackgroundPollManager;
+import org.apache.cloudstack.poll.BackgroundPollTask;
+import org.apache.cloudstack.storage.NfsMountManager;
+import org.apache.cloudstack.storage.image.datastore.ImageStoreEntity;
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.log4j.Logger;
 
 import static org.apache.cloudstack.diagnostics.DiagnosticsHelper.getTimeDifference;
+import static org.apache.cloudstack.diagnostics.DiagnosticsHelper.setDirFilePermissions;
 import static org.apache.cloudstack.diagnostics.DiagnosticsHelper.umountSecondaryStorage;
 import static org.apache.cloudstack.diagnostics.fileprocessor.DiagnosticsFilesList.CpvmDefaultSupportedFiles;
 import static org.apache.cloudstack.diagnostics.fileprocessor.DiagnosticsFilesList.SsvmDefaultSupportedFiles;
@@ -97,12 +101,14 @@ public class DiagnosticsServiceImpl extends ManagerBase implements PluggableServ
     private ImageStoreDetailsUtil imageStoreDetailsUtil;
     @Inject
     private NfsMountManager mountManager;
+    @Inject
+    private DataCenterDao dataCenterDao;
 
     // This 2 settings should require a restart of the management server?
     private static final ConfigKey<Boolean> EnableGarbageCollector = new ConfigKey<>("Advanced", Boolean.class,
-            "diagnostics.data.gc.enable", "true", "enable the diagnostics data files garbage collector", false);
+            "diagnostics.data.gc.enable", "true", "enable the diagnostics data files garbage collector", true);
     private static final ConfigKey<Integer> GarbageCollectionInterval = new ConfigKey<>("Advanced", Integer.class,
-            "diagnostics.data.gc.interval", "86400", "garbage collection interval in seconds", false);
+            "diagnostics.data.gc.interval", "86400", "garbage collection interval in seconds", true);
 
     // These are easily computed properties and need not need a restart of the management server
     private static final ConfigKey<Long> DataRetrievalTimeout = new ConfigKey<>("Advanced", Long.class,
@@ -329,6 +335,11 @@ private Pair<Boolean, String> orchestrateCopyToSecondaryStorageVMware(final Data
             try {
                 File dataDirectory = new File(dataDirectoryInSecondaryStore);
                 boolean existsInSecondaryStore = dataDirectory.exists() || dataDirectory.mkdir();
+
+                // Modify directory file permissions
+                Path path = Paths.get(dataDirectory.getAbsolutePath());
+                setDirFilePermissions(path);
+
                 if (existsInSecondaryStore) {
                     // scp from system VM to mounted sec storage directory
                     int port = 3922;
@@ -449,7 +460,8 @@ private static void deleteOldDiagnosticsFiles(File directory, String storeName)
                 for (File file : fileList) {
                     if (file.isFile()) {
                         if (MaximumFileAgeforGarbageCollection.value() <= getTimeDifference(file)) {
-                            file.delete();
+                            boolean success = file.delete();
+                            LOGGER.info(file.getName() + " delete status: " + success);
                         }
                     }
                 }
@@ -458,23 +470,26 @@ private static void deleteOldDiagnosticsFiles(File directory, String storeName)
 
         @Override
         protected void runInContext() {
-            // Get All Image Stores in current running Zone
-            List<DataStore> storeList = serviceImpl.storeMgr.listImageStores();
-
-            for (DataStore store : storeList) {
-                String mountPoint = null;
-                try {
-                    mountPoint = serviceImpl.mountManager.getMountPoint(store.getUri(), null);
-                    if (StringUtils.isNotBlank(mountPoint)) {
-                        File directory = new File(mountPoint + "/" + DIAGNOSTICS_DATA_DIRECTORY);
-                        if (directory.isDirectory()) {
-                            deleteOldDiagnosticsFiles(directory, store.getName());
+            List<DataCenterVO> dcList = serviceImpl.dataCenterDao.listEnabledZones();
+            for (DataCenterVO vo: dcList) {
+                // Get All Image Stores in current running Zone
+                List<DataStore> storeList = serviceImpl.storeMgr.getImageStoresByScope(new ZoneScope(vo.getId()));
+                for (DataStore store : storeList) {
+                    String mountPoint = null;
+                    try {
+                        mountPoint = serviceImpl.mountManager.getMountPoint(store.getUri(), null);
+                        if (StringUtils.isNotBlank(mountPoint)) {
+                            File directory = new File(mountPoint + "/" + DIAGNOSTICS_DATA_DIRECTORY);
+                            if (directory.isDirectory()) {
+                                deleteOldDiagnosticsFiles(directory, store.getName());
+                            }
                         }
+                    } finally {
+                        // umount secondary storage
+                        umountSecondaryStorage(mountPoint);
                     }
-                } finally {
-                    // umount secondary storage
-                    umountSecondaryStorage(mountPoint);
                 }
+
             }
         }
 
