Initial support for hotfix integration as outlined in milestone 6.

Adds a new `/hotfixes` folder in containers and `${PERSISTENT_ROOT}/hotfixes`
with `scripts` and `patches` in it on the host.
Adds a simple script to help apply hotfixes from a folder and installs it in
`/app/apply-hotfixes.sh` in all containers.
All containers mount `${PERSISTENT_ROOT}/hotfixes` on `/hotfixes` and
`docker-entry.sh` is extended to first run `/app/apply-hotfixes.sh`.
It traverses `/hotfixes` and sequentially applies any patches found in
`/hotfix/patches` and runs any scripts found in `/hotfix/scripts` before
proceeding with the usual container execution to effectively hotfix everything
inside the container before running.

Author: jonasbardino

Dockerfile.rocky9

@@ -596,12 +596,14 @@ RUN useradd -l -u $UID -g $GID -ms /bin/bash $USER
 ENV MIG_ROOT=/home/$USER
 ENV WEB_DIR=/etc/httpd
 ENV CERT_DIR=$WEB_DIR/MiG-certificates
+ENV HOTFIXES_DIR=/hotfixes
 
 USER root
 
-RUN mkdir -p ${CERT_DIR}/MiG/${WILDCARD_DOMAIN} \
+RUN mkdir -p ${CERT_DIR}/MiG/${WILDCARD_DOMAIN} ${HOTFIXES_DIR} \
     && chown $USER:$GROUP ${CERT_DIR} \
-    && chmod 775 ${CERT_DIR}
+    && chmod 775 ${CERT_DIR} \
+    && chmod 700 ${HOTFIXES_DIR}
 
 #------------------------- next stage -----------------------------#
 # Certs and keys
@@ -1635,6 +1637,7 @@ ENTRYPOINT ["/tini", "--"]
 
 # NOTE: it's recommended to use COPY over ADD except when URL/unpack is needed
 COPY docker-entry.sh /app/docker-entry.sh
+COPY apply-hotfixes.sh /app/apply-hotfixes.sh
 COPY migrid-httpd.env /app/migrid-httpd.env
 COPY migrid-httpd-init.sh /app/migrid-httpd-init.sh
 COPY apache-init-helper /etc/init.d/apache-minimal

Makefile

@@ -133,6 +133,7 @@ initdirs: initcomposevars
 	mkdir -p ${PERSISTENT_ROOT}/wwwpublic-vgrid
 	mkdir -p ${PERSISTENT_ROOT}/wwwpublic-download
 	mkdir -p ${PERSISTENT_ROOT}/secrets
+	mkdir -p ${PERSISTENT_ROOT}/hotfixes/{scripts,patches}
 	mkdir -p ${PERSISTENT_ROOT}/mig-server-extconfs
 	mkdir -p ${LOG_ROOT}/miglog
 	mkdir -p ${LOG_ROOT}/syslog/migrid

apply-hotfixes.sh

@@ -0,0 +1,58 @@
+#!/bin/bash
+#
+# Apply all hot-fixes in specified folder
+
+APPLIED_DIR="/tmp/hotfixes-applied"
+HOTFIXES_DIR="/hotfixes"
+if [ $# -gt 0 ]; then
+    HOTFIXES_DIR="$1"
+fi
+PATCH_SOURCE="${HOTFIXES_DIR}/patches"
+SCRIPT_SOURCE="${HOTFIXES_DIR}/scripts"
+PATCHES_APPLIED="${APPLIED_DIR}/patches"
+SCRIPTS_APPLIED="${APPLIED_DIR}/scripts"
+
+if [ -d "${HOTFIXES_DIR}" ]; then
+    echo "DEBUG: Applying hot-fixes available in ${HOTFIXES_DIR}"
+    mkdir -p ${PATCHES_APPLIED} ${SCRIPTS_APPLIED}
+    if [ -d "${PATCH_SOURCE}" ]; then
+        echo "DEBUG: Applying any patches available in ${PATCH_SOURCE}"
+        for PATCH_PATH in "${PATCH_SOURCE}"/* ; do
+            PATCH_NAME=$(basename "${PATCH_PATH}")
+            if [ ! -f "${PATCH_PATH}" ]; then
+                # skip anything but files
+                continue
+            fi
+            if [ -f "${PATCHES_APPLIED}/${PATCH_NAME}" ]; then
+                echo "DEBUG: skip already applied patch: ${PATCH_NAME}"
+            else
+                echo "Applying patch ${PATCH_PATH}"
+                patch -p0 < "${PATCH_PATH}" && \
+                    cp "${PATCH_PATH}" "${PATCHES_APPLIED}/"
+            fi
+        done
+    fi
+    if [ -d "${SCRIPT_SOURCE}" ]; then
+        echo "Applying any scripts available in ${SCRIPT_SOURCE}"
+        for SCRIPT_PATH in "${SCRIPT_SOURCE}"/* ; do
+            SCRIPT_NAME=$(basename "${SCRIPT_PATH}")
+            if [ ! -f "${SCRIPT_PATH}" ]; then
+                # skip anything but files
+                continue
+            fi
+            if [ -f "${SCRIPTS_APPLIED}/${SCRIPT_NAME}" ]; then
+                echo "DEBUG: skip already applied script: ${SCRIPT_NAME}"
+            else
+                echo "Running script ${SCRIPT_PATH}"
+                ${SCRIPT_PATH} && \
+                    cp "${SCRIPT_PATH}" "${SCRIPTS_APPLIED}/"
+            fi
+        done
+    fi
+    echo "DEBUG: Applied hot-fixes available in ${HOTFIXES_DIR}"
+else
+    echo "WARNING: no such hot-fixes folder ${HOTFIXES_DIR}"
+    exit 1
+fi
+exit 0
+

docker-compose_development.yml

@@ -51,6 +51,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: mig-server-extconfs
         target: /home/mig/mig/server/MiGserver.d
@@ -114,6 +117,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: mig-server-extconfs
         target: /home/mig/mig/server/MiGserver.d
@@ -182,6 +188,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: mig-server-extconfs
         target: /home/mig/mig/server/MiGserver.d
@@ -236,6 +245,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: mig-server-extconfs
         target: /home/mig/mig/server/MiGserver.d
@@ -298,6 +310,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: mig-server-extconfs
         target: /home/mig/mig/server/MiGserver.d
@@ -355,6 +370,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: mig-server-extconfs
         target: /home/mig/mig/server/MiGserver.d
@@ -446,6 +464,14 @@ volumes:
       device: ${DOCKER_MIGRID_ROOT}/mig
       o: bind
 
+  hotfixes:
+    # Volume used to contain the optional additional container hotfixes
+    driver: local
+    driver_opts:
+      type: none
+      device: ${PERSISTENT_ROOT}/hotfixes
+      o: bind
+
   mig-server-extconfs:
     # Volume used to contain the optional additional mig server config snippets
     driver: local

docker-compose_development_gdp.yml

@@ -51,6 +51,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: mig-server-extconfs
         target: /home/mig/mig/server/MiGserver.d
@@ -114,6 +117,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: mig-server-extconfs
         target: /home/mig/mig/server/MiGserver.d
@@ -186,6 +192,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: mig-server-extconfs
         target: /home/mig/mig/server/MiGserver.d
@@ -240,6 +249,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: mig-server-extconfs
         target: /home/mig/mig/server/MiGserver.d
@@ -302,6 +314,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: mig-server-extconfs
         target: /home/mig/mig/server/MiGserver.d
@@ -359,6 +374,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: mig-server-extconfs
         target: /home/mig/mig/server/MiGserver.d
@@ -450,6 +468,14 @@ volumes:
       device: ${DOCKER_MIGRID_ROOT}/mig
       o: bind
 
+  hotfixes:
+    # Volume used to contain the optional additional container hotfixes
+    driver: local
+    driver_opts:
+      type: none
+      device: ${PERSISTENT_ROOT}/hotfixes
+      o: bind
+
   mig-server-extconfs:
     # Volume used to contain the optional additional mig server config snippets
     driver: local

docker-compose_production.yml

@@ -41,6 +41,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: mig-server-extconfs
         target: /home/mig/mig/server/MiGserver.d
@@ -95,6 +98,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: mig-server-extconfs
         target: /home/mig/mig/server/MiGserver.d
@@ -243,6 +249,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: mig-server-extconfs
         target: /home/mig/mig/server/MiGserver.d
@@ -386,6 +395,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: mig-server-extconfs
         target: /home/mig/mig/server/MiGserver.d
@@ -528,6 +540,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: mig-server-extconfs
         target: /home/mig/mig/server/MiGserver.d
@@ -670,6 +685,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: mig-server-extconfs
         target: /home/mig/mig/server/MiGserver.d
@@ -812,6 +830,9 @@ services:
       - type: volume
         source: mig
         target: /home/mig/mig
+      - type: volume
+        source: hotfixes
+        target: /hotfixes
       - type: volume
         source: mig-server-extconfs
         target: /home/mig/mig/server/MiGserver.d
@@ -891,6 +912,14 @@ volumes:
       device: ${DOCKER_MIGRID_ROOT}/mig
       o: bind
 
+  hotfixes:
+    # Volume used to contain the optional additional container hotfixes
+    driver: local
+    driver_opts:
+      type: none
+      device: ${PERSISTENT_ROOT}/hotfixes
+      o: bind
+
   mig-server-extconfs:
     # Volume used to contain the optional additional mig server config snippets
     driver: local

docker-entry.sh

@@ -7,6 +7,7 @@
 CHECKCONF=0
 KEEPALIVE=0
 VERSIONINFO=0
+APPLYHOTFIXES="/app/apply-hotfixes.sh"
 
 # Make sure requested timezone is actually used everywhere for consistent 
 # log time stamps.
@@ -46,6 +47,13 @@ if [ ! -d "${MIG_ROOT}" ]; then
     exit 1
 fi
 
+if [ ! -f "${APPLYHOTFIXES}" ]; then
+    echo "No hot-fix support available in ${APPLYHOTFIXES}"
+else
+    echo "Apply hot-fixes with ${APPLYHOTFIXES}"
+    ${APPLYHOTFIXES}
+fi
+
 
 # Create any user requested
 while getopts cku:p:s:V option; do