Skip to content

[DPE-7584] Fix temp tablespace permissions#1137

Closed
marceloneppel wants to merge 2 commits into16/edgefrom
fix-temp-tablespace-permissions
Closed

[DPE-7584] Fix temp tablespace permissions#1137
marceloneppel wants to merge 2 commits into16/edgefrom
fix-temp-tablespace-permissions

Conversation

@marceloneppel
Copy link
Member

@marceloneppel marceloneppel commented Sep 4, 2025
edited
Loading

Issue

When using tmpfs for the temp storage, if we reboot the host machine, and later, after the charm starts again, it's not possible to create temporary objects, like temporary tables.

The reason is that after the reboot, the storage is mounted with wrong ownership and permissions (owned by root instead of _daemon_ and with permissions set to 755 instead of 700).

Solution

Fix the permissions when the charm starts again.

I'll create a follow-up PR in the single kernel library repo to port those changes.

Checklist

  • I have added or updated any relevant documentation.
  • I have cleaned any remaining cloud resources from my accounts.

@marceloneppel
Fix temp tablespace permissions
9441978 
Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com>
@codecov
Copy link

codecov bot commented Sep 4, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 64.57%. Comparing base (6f84cce) to head (231869c).
⚠️ Report is 66 commits behind head on 16/edge.

Additional details and impacted files 
@@           Coverage Diff            @@
##           16/edge    #1137   +/-   ##
========================================
  Coverage    64.57%   64.57%           
========================================
  Files           17       17           
  Lines         4325     4325           
  Branches       667      667           
========================================
  Hits          2793     2793           
  Misses        1351     1351           
  Partials       181      181

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@marceloneppel
Add comment for fix
231869c 
Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com>
@marceloneppel marceloneppel marked this pull request as ready for review September 4, 2025 13:57
taurus-forever
taurus-forever reviewed Sep 4, 2025
View reviewed changes
lib/charms/postgresql_k8s/v1/postgresql.py
if temp_location is not None:
# Fix permissions on the temporary tablespace location when a reboot happens and tmpfs is being used.
user = pwd.getpwnam("_daemon_")
os.chown(temp_location, uid=user.pw_uid, gid=user.pw_gid)
Copy link
Contributor

@taurus-forever taurus-forever Sep 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should _change_owner() be moved to lib and used to avoid duplicates?

Copy link
Member Author

@marceloneppel marceloneppel Sep 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe it's a good idea. I'd change it a bit and create a different Python file (and also move it to the single kernel library repo) to contain utilities related to the filesystem, and keep this library containing only things related to the database connection and interaction.

Copy link
Member Author

@marceloneppel marceloneppel Sep 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I moved the _change_owner() function to the single kernel lib on canonical/postgresql-single-kernel-library#10.

lib/charms/postgresql_k8s/v1/postgresql.py
# Fix permissions on the temporary tablespace location when a reboot happens and tmpfs is being used.
user = pwd.getpwnam("_daemon_")
os.chown(temp_location, uid=user.pw_uid, gid=user.pw_gid)
os.chmod(temp_location, 0o700)
Copy link
Contributor

@taurus-forever taurus-forever Sep 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, it is 750 there

Are we consistent?

Copy link
Member Author

@marceloneppel marceloneppel Sep 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch. I'm checking and testing a consistent approach in all the places where the permissions are specific.

Copy link
Member Author

@marceloneppel marceloneppel Sep 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We'll need to change it to 700 everywhere, to be consistent. As we're always accessing the directories as the owner, there is no need to have permissions for the group to access them.

@marceloneppel
Copy link
Member Author

marceloneppel commented Sep 9, 2025

Superseeded by canonical/postgresql-single-kernel-library#10.

@marceloneppel marceloneppel deleted the fix-temp-tablespace-permissions branch September 9, 2025 20:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@taurus-forever taurus-forever taurus-forever left review comments

@dragomirp dragomirp Awaiting requested review from dragomirp

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@marceloneppel @taurus-forever