Avoid copying symlink content to fix sanity issue

During ansible bootstrap, encryption-provider.yaml was copied to '/opt/platform/config/<version>/kubernetes' directory from '/etc/kubernetes'. After supporting luks volume, this file is moved to the luks volume and symlink is created at '/etc/kubernetes' and '/opt/platform/config/<version>/kubernetes' pointing to encryption-provider.yaml file in the luks volume. After ansible bootstrap completes, controllerconfig service tries to copy the files from '/opt/platform/config/<version>/kubernetes' to '/etc/kubernetes'. So it tries to copy encryption-provider.yaml as well which is a symlink of a file in luks volume. This change adds an argument '-P' to to the 'cp' command which avoid copying the source content from the symlink pointing to the luks volume. This change is required as the luks volume may not be accessible while it is getting copied. The directory for which this '-P' option is applied contains only one symlink which is 'encryption-provider.yaml', so there is no negative impact. Test Plan: PASS: build-pkgs -c -p controllerconfig PASS: AIO-SX bootstrap should pass and host should come to unlocked/enabled/available state PASS: Verify if a symlink encryption-provider.yaml is copied at '/etc/kubernetes/' location after host-unlock. PASS: Verify if the below file is accessible /var/luks/stx/luks_fs/controller/etc/kubernetes/ encryption-provider.yaml from symlink in /etc/kubernetes/ PASS: Standard setup- Verify if a symlink encryption-provider.yaml is copied at '/etc/kubernetes/' on both controllers. PASS: Standard setup- Verify if a symlink encryption-provider.yaml is present at '/opt/platform/config/<version>/kubernetes/' on conroller-1 after 'system host-swact 1' PASS: Standard setup- lock/unlock controller-1. Check if puppet mainfest is executed succesfully on controller-1 after reboot. Controller should come to unlocked/enabled/available state. PASS: Standard setup- lock/unlock controller-0. Check if puppet mainfest is executed succesfully on controller-0 after reboot. Controller should come to unlocked/enabled/available state. Depends-on: https://review.opendev.org/c/starlingx/ansible-playbooks/+/904342 Story: 2010873 Task: 49323 Change-Id: I8e064fc0e7a6fc8a0b571673fe8f6e66e4e43aee Signed-off-by: Jagatguru Prasad Mishra <jagatguruprasad.mishra@windriver.com>
2023-12-26 04:42:28 -05:00 · 2023-12-26 04:42:28 -05:00 · 4f4cc4c847
parent 4134359426
commit 4f4cc4c847
2 changed files with 5 additions and 2 deletions
--- a/controllerconfig/controllerconfig/scripts/controller_config
+++ b/controllerconfig/controllerconfig/scripts/controller_config
@ -479,13 +479,15 @@ start()
    fi

    # Copy over kube-apiserver encryption provider config, admission control config and
-    # extra files referenced in admission control config
+    # extra files referenced in admission control config.
+    # Encryption provider config is a symbolic link hence using -P option to avoid
+    # copying the source content
    if [ -e $CONFIG_DIR/kubernetes/ ]
    then
        FILES=`ls $CONFIG_DIR/kubernetes/*.yaml`
        for FILE in $FILES
        do
-            cp $FILE /etc/kubernetes/
+            cp -P $FILE /etc/kubernetes/
            if [ $? -ne 0 ]
            then
                fatal_error "Unable to copy kube-apiserver config file: $FILE"
--- a/controllerconfig/controllerconfig/scripts/controllerconfig.service
+++ b/controllerconfig/controllerconfig/scripts/controllerconfig.service
@ -2,6 +2,7 @@
 Description=controllerconfig service
 After=syslog.target network.target remote-fs.target sw-patch.service sysinv-agent.service
 After=network-online.target
+After=luks-fs-mgr.service
 Before=config.service

 [Service]