resources: create ensure-share-paths init container

synarete · phlogistonjohn · commit b140141e9fc6 · 2022-05-19T14:51:09.000-04:00
Add init container to ensure share's top-level permissions are properly
set, via sambacc tool.

Signed-off-by: Shachar Sharon &lt;ssharon@redhat.com&gt;
diff --git a/internal/planner/args.go b/internal/planner/args.go
@@ -121,3 +121,8 @@ func (*SambaContainerArgs) CTDBNodeStatus() []string {
 		"ctdb-nodestatus",
 	}
 }
+
+// EnsureSharePaths container arguments generator.
+func (*SambaContainerArgs) EnsureSharePaths() []string {
+	return []string{"ensure-share-paths"}
+}
diff --git a/internal/resources/pods.go b/internal/resources/pods.go
@@ -113,6 +113,7 @@ func buildADPodSpec(
 	podSpec.Volumes = getVolumes(volumes)
 	podSpec.InitContainers = []corev1.Container{
 		buildInitCtr(planner, podEnv, smbAllVols),
+		buildEnsureShareCtr(planner, podEnv, smbAllVols),
 		buildMustJoinCtr(planner, joinEnv, joinVols),
 	}
 	podSpec.Containers = containers
@@ -125,6 +126,7 @@ func buildUserPodSpec(
 	pvcName string) corev1.PodSpec {
 	// ---
 	vols := []volMount{}
+	initContainers := []corev1.Container{}
 
 	shareVol := shareVolumeAndMount(planner, pvcName)
 	vols = append(vols, shareVol)
@@ -135,17 +137,21 @@ func buildUserPodSpec(
 	configVol := configVolumeAndMount(planner)
 	vols = append(vols, configVol)
 
+	podEnv := defaultPodEnv(planner)
+	initContainers = append(initContainers,
+		buildEnsureShareCtr(planner, podEnv, vols))
+
 	osRunVol := osRunVolumeAndMount(planner)
 	vols = append(vols, osRunVol)
 
 	if planner.UserSecuritySource().Configured {
 		v := userConfigVolumeAndMount(planner)
 		vols = append(vols, v)
 	}
-	podEnv := defaultPodEnv(planner)
 	podSpec := defaultPodSpec(planner)
 	podSpec.Volumes = getVolumes(vols)
 	podSpec.Containers = buildSmbdCtrs(planner, podEnv, vols)
+	podSpec.InitContainers = initContainers
 	return podSpec
 }
 
@@ -203,6 +209,14 @@ func buildClusteredUserPodSpec(
 			ctdbSharedVol, // needed to decide if real init or not
 		)))
 
+	initContainers = append(
+		initContainers,
+		buildEnsureShareCtr(planner, podEnv, append(
+			podCfgVols,
+			stateVol,
+			shareVol,
+		)))
+
 	initContainers = append(
 		initContainers,
 		buildCTDBMigrateCtr(planner, ctdbEnv, append(
@@ -321,6 +335,14 @@ func buildClusteredADPodSpec(
 			ctdbSharedVol, // needed to decide if real init or not
 		)))
 
+	initContainers = append(
+		initContainers,
+		buildEnsureShareCtr(planner, podEnv, append(
+			podCfgVols,
+			stateVol,
+			shareVol,
+		)))
+
 	joinVols := append(
 		append(podCfgVols, stateVol, ctdbSharedVol),
 		jsrc.volumes...)
@@ -576,6 +598,20 @@ func buildInitCtr(
 	}
 }
 
+func buildEnsureShareCtr(
+	planner *pln.Planner,
+	env []corev1.EnvVar,
+	vols []volMount) corev1.Container {
+	// ---
+	return corev1.Container{
+		Image:        planner.GlobalConfig.SmbdContainerImage,
+		Name:         "ensure-share-paths",
+		Args:         planner.Args().EnsureSharePaths(),
+		Env:          env,
+		VolumeMounts: getMounts(vols),
+	}
+}
+
 func buildMustJoinCtr(
 	planner *pln.Planner,
 	env []corev1.EnvVar,

Original file line number	Diff line number	Diff line change
`@@ -121,3 +121,8 @@ func (*SambaContainerArgs) CTDBNodeStatus() []string {`
`121`	`121`	`"ctdb-nodestatus",`
`122`	`122`	`}`
`123`	`123`	`}`
	`124`	`+`
	`125`	`+// EnsureSharePaths container arguments generator.`
	`126`	`+func (*SambaContainerArgs) EnsureSharePaths() []string {`
	`127`	`+ return []string{"ensure-share-paths"}`
	`128`	`+}`