Move default health checks to read-only location fedora-iot#51

Signed-off-by: Jose Noguera <jnoguera@redhat.com>
yih-redhat · Nov 1, 2021 · 7fff7fe · 7fff7fe
1 parent 5211936
commit 7fff7fe
Show file tree

Hide file tree

Showing 13 changed files with 47 additions and 23 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -6,7 +6,9 @@ WORKDIR /bats-core
 RUN ./install.sh /usr/local
 
 COPY ./usr/libexec/greenboot /usr/libexec/greenboot
-COPY ./etc/greenboot/check /etc/greenboot/check
+COPY ./usr/lib/greenboot/check /usr/lib/greenboot/check
+RUN mkdir -p /etc/greenboot/{green.d,red.d,check}
+RUN mkdir /etc/greenboot/check/{required.d,wanted.d}
 
 WORKDIR /testing
 COPY ./tests .

diff --git a/README.md b/README.md
@@ -75,6 +75,8 @@ Directory structure:
 ```
 
 #### Health checks included with Greenboot
+These health checks are available in `/usr/lib/greenboot/check`, a read-only directory in rpm-ostree systems. If you find a bug in any of them or you have an improvement, please create a PR with such fix/feature and we'll review it and potentially include it.
+
 The `greenboot-update-platforms-check` subpackage ships with the following checks:
 - **Check if repositories URLs are still DNS solvable**: This script is under `/etc/greenboot/check/required.d/01_repository_dns_check.sh` and makes sure that DNS queries to repository URLs are still available.
 - **Check if update platforms are still reachable**: This script is under `/etc/greenboot/check/wanted.d/01_update_platform_check.sh` and tries to connect and get a 2XX or 3XX HTTP code from the update platforms defined in `/etc/ostree/remotes.d`.

diff --git a/greenboot.spec b/greenboot.spec
@@ -84,6 +84,10 @@ mkdir -p %{buildroot}%{_sysconfdir}/%{name}/check/required.d
 mkdir    %{buildroot}%{_sysconfdir}/%{name}/check/wanted.d
 mkdir    %{buildroot}%{_sysconfdir}/%{name}/green.d
 mkdir    %{buildroot}%{_sysconfdir}/%{name}/red.d
+mkdir -p %{buildroot}%{_prefix}/lib/%{name}/check/required.d
+mkdir    %{buildroot}%{_prefix}/lib/%{name}/check/wanted.d
+mkdir    %{buildroot}%{_prefix}/lib/%{name}/green.d
+mkdir    %{buildroot}%{_prefix}/lib/%{name}/red.d
 mkdir -p %{buildroot}%{_unitdir}
 mkdir -p %{buildroot}%{_unitdir}/greenboot-healthcheck.service.d
 mkdir -p %{buildroot}%{_tmpfilesdir}
@@ -93,8 +97,8 @@ install -DpZm 0644 usr/lib/systemd/system/greenboot-healthcheck.service.d/10-net
 install -DpZm 0644 usr/lib/systemd/system/*.target %{buildroot}%{_unitdir}
 install -DpZm 0644 usr/lib/systemd/system/*.service %{buildroot}%{_unitdir}
 install -DpZm 0644 usr/lib/tmpfiles.d/greenboot-status-motd.conf %{buildroot}%{_tmpfilesdir}/greenboot-status-motd.conf
-install -DpZm 0755 etc/greenboot/check/required.d/* %{buildroot}%{_sysconfdir}/%{name}/check/required.d
-install -DpZm 0755 etc/greenboot/check/wanted.d/* %{buildroot}%{_sysconfdir}/%{name}/check/wanted.d
+install -DpZm 0755 usr/lib/greenboot/check/required.d/* %{buildroot}%{_prefix}/lib/%{name}/check/required.d
+install -DpZm 0755 usr/lib/greenboot/check/wanted.d/* %{buildroot}%{_prefix}/lib/%{name}/check/wanted.d
 
 %post
 %systemd_post greenboot-healthcheck.service
@@ -170,14 +174,14 @@ install -DpZm 0755 etc/greenboot/check/wanted.d/* %{buildroot}%{_sysconfdir}/%{n
 %{_unitdir}/greenboot-task-runner.service
 %{_unitdir}/redboot-task-runner.service
 %{_unitdir}/redboot.target
-%dir %{_sysconfdir}/%{name}
-%dir %{_sysconfdir}/%{name}/check
-%dir %{_sysconfdir}/%{name}/check/required.d
-%{_sysconfdir}/%{name}/check/required.d/00_required_scripts_start.sh
-%dir %{_sysconfdir}/%{name}/check/wanted.d
-%{_sysconfdir}/%{name}/check/wanted.d/00_wanted_scripts_start.sh
-%dir %{_sysconfdir}/%{name}/green.d
-%dir %{_sysconfdir}/%{name}/red.d
+%dir %{_prefix}/lib/%{name}
+%dir %{_prefix}/lib/%{name}/check
+%dir %{_prefix}/lib/%{name}/check/required.d
+%{_prefix}/lib/%{name}/check/required.d/00_required_scripts_start.sh
+%dir %{_prefix}/lib/%{name}/check/wanted.d
+%{_prefix}/lib/%{name}/check/wanted.d/00_wanted_scripts_start.sh
+%dir %{_prefix}/lib/%{name}/green.d
+%dir %{_prefix}/lib/%{name}/red.d
 
 %files status
 %{_exec_prefix}/lib/motd.d/boot-status
@@ -199,8 +203,8 @@ install -DpZm 0755 etc/greenboot/check/wanted.d/* %{buildroot}%{_sysconfdir}/%{n
 %{_unitdir}/redboot-auto-reboot.service
 
 %files update-platforms-check
-%{_sysconfdir}/%{name}/check/required.d/01_repository_dns_check.sh
-%{_sysconfdir}/%{name}/check/wanted.d/01_update_platforms_check.sh
+%{_prefix}/lib/%{name}/check/required.d/01_repository_dns_check.sh
+%{_prefix}/lib/%{name}/check/wanted.d/01_update_platforms_check.sh
 %{_unitdir}/greenboot-healthcheck.service.d/10-network-online.conf
 
 %changelog

diff --git a/tests/common.bash b/tests/common.bash
@@ -1,11 +1,13 @@
 GREENBOOT_USR_ROOT_PATH="/usr/libexec/greenboot"
 GREENBOOT_ETC_ROOT_PATH="/etc/greenboot"
+GREENBOOT_USR_LIB_ROOT_PATH="/usr/lib/greenboot"
 
 GREENBOOT_BIN_PATH="$GREENBOOT_USR_ROOT_PATH/greenboot"
 GRUB2_SET_COUNTER_BIN_PATH="$GREENBOOT_USR_ROOT_PATH/greenboot-grub2-set-counter"
 RPM_OSTREE_CHECK_FALLBACK_PATH="$GREENBOOT_USR_ROOT_PATH/greenboot-rpm-ostree-grub2-check-fallback"
 GRUB2_EDITENV=/usr/bin/grub2-editenv
 
-GREENBOOT_CHECK_PATH="$GREENBOOT_ETC_ROOT_PATH/check"
+GREENBOOT_DEFAULT_CHECK_PATH="$GREENBOOT_USR_LIB_ROOT_PATH/check"
+GREENBOOT_ETC_CHECK_PATH="$GREENBOOT_ETC_ROOT_PATH/check"
 GREENBOOT_GREEN_PATH="$GREENBOOT_ETC_ROOT_PATH/green.d"
 GREENBOOT_RED_PATH="$GREENBOOT_ETC_ROOT_PATH/red.d"
diff --git a/tests/greenboot_check.bats b/tests/greenboot_check.bats
@@ -1,13 +1,23 @@
 load common.bash
 
+function setup() {
+  # This checks that the /etc/greenboot/check path works as well 
+  # as the /usr/lib/greenboot/check one
+  mv $GREENBOOT_DEFAULT_CHECK_PATH/wanted.d/* $GREENBOOT_ETC_CHECK_PATH/wanted.d/
+}
+
 @test "Test greenboot with illegal command" {
   run $GREENBOOT_BIN_PATH bananas
   [ "$status" -eq 127 ]
   [ "$output" = "Illegal Command" ]
 }
 
 @test "Test greenboot check with the default hc scripts" {
-    run $GREENBOOT_BIN_PATH check
-    [ "$status" -eq 0 ]
-    [[ "$output" == *"Running Required Health Check Scripts..."* ]]
+  run $GREENBOOT_BIN_PATH check
+  [ "$status" -eq 0 ]
+  [[ "$output" == *"Running Required Health Check Scripts..."* ]]
+}
+
+function teardown() {
+  mv $GREENBOOT_ETC_CHECK_PATH/wanted.d/* $GREENBOOT_DEFAULT_CHECK_PATH/wanted.d/
 }
diff --git a/tests/greenboot_check_fail_required.bats b/tests/greenboot_check_fail_required.bats
@@ -1,7 +1,7 @@
 load common.bash
 
 function setup() {
-    cp testing_files/10_failing_check.sh $GREENBOOT_CHECK_PATH/required.d/
+    cp testing_files/10_failing_check.sh $GREENBOOT_DEFAULT_CHECK_PATH/required.d/
 }
 
 @test "Test greenboot check with required scripts failing" {
@@ -10,5 +10,5 @@ function setup() {
 }
 
 function teardown() {
-    rm $GREENBOOT_CHECK_PATH/required.d/10_failing_check.sh
+    rm $GREENBOOT_DEFAULT_CHECK_PATH/required.d/10_failing_check.sh
 }
diff --git a/tests/greenboot_check_fail_wanted.bats b/tests/greenboot_check_fail_wanted.bats
@@ -1,7 +1,7 @@
 load common.bash
 
 function setup() {
-    cp testing_files/10_failing_check.sh $GREENBOOT_CHECK_PATH/wanted.d/
+    cp testing_files/10_failing_check.sh $GREENBOOT_DEFAULT_CHECK_PATH/wanted.d/
 }
 
 @test "Test greenboot check with wanted scripts failing" {
@@ -10,5 +10,5 @@ function setup() {
 }
 
 function teardown() {
-    rm $GREENBOOT_CHECK_PATH/wanted.d/10_failing_check.sh
+    rm $GREENBOOT_DEFAULT_CHECK_PATH/wanted.d/10_failing_check.sh
 }
diff --git a/...k/required.d/00_required_scripts_start.sh → ...k/required.d/00_required_scripts_start.sh b/...k/required.d/00_required_scripts_start.sh → ...k/required.d/00_required_scripts_start.sh
diff --git a/...eck/required.d/01_repository_dns_check.sh → ...eck/required.d/01_repository_dns_check.sh b/...eck/required.d/01_repository_dns_check.sh → ...eck/required.d/01_repository_dns_check.sh
diff --git a/...check/wanted.d/00_wanted_scripts_start.sh → ...check/wanted.d/00_wanted_scripts_start.sh b/...check/wanted.d/00_wanted_scripts_start.sh → ...check/wanted.d/00_wanted_scripts_start.sh
diff --git a/...eck/wanted.d/01_update_platforms_check.sh → ...eck/wanted.d/01_update_platforms_check.sh b/...eck/wanted.d/01_update_platforms_check.sh → ...eck/wanted.d/01_update_platforms_check.sh
diff --git a/usr/libexec/greenboot/greenboot b/usr/libexec/greenboot/greenboot
@@ -3,6 +3,8 @@ set -euo pipefail
 IFS=$'\n\t'
 LC_ALL=C
 
+SCRIPTS_PATHS=("/usr/lib/greenboot/check" "/etc/greenboot/check")
+
 script_runner () {
   local scripts_dir=$1; shift
   local mode=$1; shift
@@ -30,8 +32,10 @@ script_runner () {
 
 case "$1" in
   "check")
-    script_runner "/etc/greenboot/check/required.d" "strict" "Running Required Health Check Scripts..." || exit 1
-    script_runner "/etc/greenboot/check/wanted.d" "relaxed" "Running Wanted Health Check Scripts..."
+    for health_check_path in "${SCRIPTS_PATHS[@]}"; do
+      script_runner "$health_check_path/required.d" "strict" "Running Required Health Check Scripts..." || exit 1
+      script_runner "$health_check_path/wanted.d" "relaxed" "Running Wanted Health Check Scripts..."
+    done
     ;;
   "green")
     echo "<5>Boot Status is GREEN - Health Check SUCCESS"

diff --git a/usr/libexec/greenboot/greenboot-rpm-ostree-grub2-check-fallback b/usr/libexec/greenboot/greenboot-rpm-ostree-grub2-check-fallback