Skip to content

Commit 2ec23f6

Browse files
fix(ic-recovery): let setup-permissions setup permisisons (#9281)
Manually setting up permissions during the upload step takes time, even though we actually call `setup-permissions` afterwards anyways. Going through a few git blames, I understand that this service was introduced only afterwards, meaning we still also set the permissions manually in case the replicas did not have the service yet. This also explains the `|| true` when calling it. Now that `setup-permissions` is not that recent anymore, we can remove those two work-arounds.
1 parent 8152a49 commit 2ec23f6

2 files changed

Lines changed: 4 additions & 38 deletions

File tree

ic-os/components/misc/guestos-recovery/guestos-recovery-engine/guestos-recovery-engine.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -122,7 +122,7 @@ perform_recovery() {
122122
echo "Recovery artifacts applied successfully"
123123

124124
echo "Restarting services..."
125-
sudo systemctl restart setup-permissions || true
125+
sudo systemctl restart setup-permissions
126126

127127
echo "GuestOS recovery engine completed successfully"
128128
}

rs/recovery/src/steps.rs

Lines changed: 3 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -21,13 +21,7 @@ use ic_metrics::MetricsRegistry;
2121
use ic_replay::cmd::{GetRecoveryCupCmd, SubCommand};
2222
use ic_types::{Height, SubnetId, consensus::certification::CertificationMessage};
2323
use slog::{Logger, debug, info, warn};
24-
use std::{
25-
collections::HashMap,
26-
net::IpAddr,
27-
path::{Path, PathBuf},
28-
process::Command,
29-
thread, time,
30-
};
24+
use std::{collections::HashMap, net::IpAddr, path::PathBuf, process::Command, thread, time};
3125

3226
/// Subnet recovery is composed of several steps. Each recovery step comprises a
3327
/// certain input state of which both its execution, and its description is
@@ -574,32 +568,10 @@ pub struct UploadStateAndRestartStep {
574568

575569
impl UploadStateAndRestartStep {
576570
const CMD_STOP_REPLICA: &str = "sudo systemctl stop ic-replica;";
577-
// Note that on older versions of IC-OS this service does not exist.
578-
// So try this operation, but ignore possible failure if service
579-
// does not exist on the affected version.
580571
const CMD_RESTART_REPLICA: &str = "\
581-
(sudo systemctl restart setup-permissions || true);\
572+
sudo systemctl restart setup-permissions;\
582573
sudo systemctl start ic-replica;\
583574
sudo systemctl status ic-replica;";
584-
585-
/// Sets the right state permissions on `target`, by copying the
586-
/// permissions of the src path, removing executable permission and
587-
/// giving read permissions for the target path to group and others.
588-
fn cmd_set_permissions<S: AsRef<Path>, T: AsRef<Path>>(src: S, target: T) -> String {
589-
let src = src.as_ref().display();
590-
let target = target.as_ref().display();
591-
592-
let mut set_permissions = String::new();
593-
set_permissions.push_str(&format!("sudo chmod -R --reference={src} {target};"));
594-
set_permissions.push_str(&format!("sudo chown -R --reference={src} {target};"));
595-
set_permissions.push_str(&format!(
596-
r"sudo find {target} -type f -exec chmod a-x {{}} \;;"
597-
));
598-
set_permissions.push_str(&format!(
599-
r"sudo find {target} -type f -exec chmod go+r {{}} \;;"
600-
));
601-
set_permissions
602-
}
603575
}
604576
impl Step for UploadStateAndRestartStep {
605577
fn descr(&self) -> String {
@@ -689,7 +661,6 @@ impl Step for UploadStateAndRestartStep {
689661
&ssh_helper.remote_path(upload_dir.join("")),
690662
)?;
691663

692-
let cmd_set_permissions = Self::cmd_set_permissions(&ic_state_path, &upload_dir);
693664
let cmd_replace_state = format!(
694665
"sudo rm -r {ic_state_path}; sudo mv {upload_dir} {ic_state_path};",
695666
ic_state_path = ic_state_path.display(),
@@ -698,7 +669,6 @@ impl Step for UploadStateAndRestartStep {
698669

699670
info!(self.logger, "Restarting replica...");
700671
ssh_helper.ssh(Self::CMD_STOP_REPLICA.to_string())?;
701-
ssh_helper.ssh(cmd_set_permissions)?;
702672
ssh_helper.ssh(cmd_replace_state)?;
703673
ssh_helper.ssh(Self::CMD_RESTART_REPLICA.to_string())?;
704674
} else {
@@ -709,10 +679,6 @@ impl Step for UploadStateAndRestartStep {
709679
log,
710680
)?;
711681

712-
info!(self.logger, "Setting file permissions...");
713-
let cmd_set_permissions = Self::cmd_set_permissions(&ic_state_path, &self.data_src);
714-
confirm_exec_cmd(Command::new("bash").arg("-c").arg(cmd_set_permissions), log)?;
715-
716682
// For local recoveries we first backup the original state, and
717683
// then simply `mv` the new state to the upload directory. No
718684
// rsync is needed, and thus no checkpoint copying.
@@ -930,7 +896,7 @@ sudo chown -R "$OWNER_UID:$GROUP_UID" cup.proto;
930896
sudo systemctl stop ic-replica;
931897
sudo rsync -a --delete ic_registry_local_store/ /var/lib/ic/data/ic_registry_local_store/;
932898
sudo cp cup.proto /var/lib/ic/data/cups/cup.types.v1.CatchUpPackage.pb;
933-
sudo systemctl restart setup-permissions || true ;
899+
sudo systemctl restart setup-permissions;
934900
sudo systemctl start ic-replica;
935901
sudo systemctl status ic-replica;
936902
"#,

0 commit comments

Comments
 (0)