Merge branch 'monfix' into 'main'

Fixed pv permission issues in OKE run for prometheus and grafana creation

See merge request weblogic-cloud/weblogic-kubernetes-operator!4279

Author: rjeberhard

Jenkinsfile.oke

@@ -119,7 +119,7 @@ pipeline {
                 )
         string(name: 'BRANCH',
                        description: '',
-                       defaultValue: 'okeextfix'
+                       defaultValue: 'main'
                 )
         string(name: 'WEBLOGIC_IMAGE_NAME',
                description: 'WebLogic base image name. Default is the image name in OCIR. Use middleware/weblogic for OCR.',

integration-tests/src/test/java/oracle/weblogic/kubernetes/utils/CommonMiiTestUtils.java

@@ -1204,6 +1204,71 @@ public static void createJobToChangePermissionsOnPvHostPath(String pvName, Strin
     }
   }
 
+  /**
+   * Create a job to change the permissions on the pv host path.
+   *
+   * @param pvName Name of the persistent volume
+   * @param pvcName Name of the persistent volume claim
+   * @param namespace Namespace containing the persistent volume claim and where the job should be created in
+   * @param mountPath path
+   * @param command to change permission
+   */
+  public static void createJobToChangePermissionsOnPvHostPath(String pvName, String pvcName,
+                                                              String namespace, String mountPath, String command) {
+    LoggingFacade logger = getLogger();
+
+    if (!OKD) {
+      logger.info("Running Kubernetes job to create domain");
+      V1Job jobBody = new V1Job()
+          .metadata(
+              new V1ObjectMeta()
+                  .name("change-permissions-onpv-job-" + pvName) // name of the job
+                  .namespace(namespace))
+          .spec(new V1JobSpec()
+              .backoffLimit(0) // try only once
+              .template(new V1PodTemplateSpec()
+                  .spec(new V1PodSpec()
+                      .restartPolicy("Never")
+                      .addContainersItem(
+                          createfixPVCOwnerContainer(pvName,
+                              mountPath,
+                              command))
+                      .volumes(Arrays.asList(
+                          new V1Volume()
+                              .name(pvName)
+                              .persistentVolumeClaim(
+                                  new V1PersistentVolumeClaimVolumeSource()
+                                      .claimName(pvcName))))
+                      .imagePullSecrets(Arrays.asList(
+                          new V1LocalObjectReference()
+                              .name(TEST_IMAGES_REPO_SECRET_NAME)))))); // this secret is used only for non-kind cluster
+
+      String jobName = createJobAndWaitUntilComplete(jobBody, namespace);
+
+      // check job status and fail test if the job failed
+      V1Job job = assertDoesNotThrow(() -> getJob(jobName, namespace),
+          "Getting the job failed");
+      if (job != null) {
+        V1JobCondition jobCondition = job.getStatus().getConditions().stream().filter(
+                v1JobCondition -> "Failed".equals(v1JobCondition.getType()))
+            .findAny()
+            .orElse(null);
+        if (jobCondition != null) {
+          logger.severe("Job {0} failed to change permissions on PV hostpath", jobName);
+          List<V1Pod> pods = assertDoesNotThrow(() -> listPods(
+                  namespace, "job-name=" + jobName).getItems(),
+              "Listing pods failed");
+          if (!pods.isEmpty()) {
+            String podLog = assertDoesNotThrow(() -> getPodLog(pods.get(0).getMetadata().getName(), namespace),
+                "Failed to get pod log");
+            logger.severe(podLog);
+            fail("Change permissions on PV hostpath job failed");
+          }
+        }
+      }
+    }
+  }
+
   /**
    * Check logs are written on PV by running the specified command on the pod.
    * @param domainNamespace Kubernetes namespace that the domain is hosted

integration-tests/src/test/java/oracle/weblogic/kubernetes/utils/PersistentVolumeUtils.java

@@ -42,7 +42,9 @@
 import static oracle.weblogic.kubernetes.assertions.TestAssertions.pvExists;
 import static oracle.weblogic.kubernetes.assertions.TestAssertions.pvNotExists;
 import static oracle.weblogic.kubernetes.assertions.TestAssertions.pvcExists;
+import static oracle.weblogic.kubernetes.utils.CommonMiiTestUtils.createJobToChangePermissionsOnPvHostPath;
 import static oracle.weblogic.kubernetes.utils.CommonTestUtils.testUntil;
+import static oracle.weblogic.kubernetes.utils.ImageUtils.createTestRepoSecret;
 import static oracle.weblogic.kubernetes.utils.ThreadSafeLogger.getLogger;
 import static org.apache.commons.io.FileUtils.deleteDirectory;
 import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
@@ -211,6 +213,7 @@ private static void setVolumeSource(Path pvHostPath, V1PersistentVolume v1pv, St
       String fssDir = FSS_DIR[new Random().nextInt(FSS_DIR.length)];
       LoggingFacade logger = getLogger();
       logger.info("Using FSS PV directory {0}", fssDir);
+      logger.info("Using NFS_SERVER  {0}", NFS_SERVER);
       v1pv.getSpec()
               .storageClassName("oci-fss")
               .nfs(new V1NFSVolumeSource()
@@ -320,13 +323,26 @@ public static synchronized V1Container createfixPVCOwnerContainer(String pvName,
           + mountPath
           + "/. -maxdepth 1 ! -name '.snapshot' ! -name '.' -print0 | xargs -r -0  chown -R 1000:0";
     }
+    return createfixPVCOwnerContainer(pvName, mountPath, argCommand);
+  }
+
+  /**
+   * Create container to fix pvc owner for pod.
+   *
+   * @param pvName name of pv
+   * @param mountPath mounting path for pv
+   * @param command to run for ownership
+   * @return container object with required ownership based on OKE_CLUSTER variable value.
+   */
+  public static synchronized V1Container createfixPVCOwnerContainer(String pvName, String mountPath, String command) {
+
     V1Container container = new V1Container()
         .name("fix-pvc-owner") // change the ownership of the pv to opc:opc
         .image(WEBLOGIC_IMAGE_TO_USE_IN_SPEC)
         .imagePullPolicy(IMAGE_PULL_POLICY)
         .addCommandItem("/bin/sh")
         .addArgsItem("-c")
-        .addArgsItem(argCommand)
+        .addArgsItem(command)
         .volumeMounts(Arrays.asList(
             new V1VolumeMount()
                 .name(pvName)
@@ -404,6 +420,23 @@ public static void createPvAndPvc(String nameSuffix, String namespace,
           .storageClassName(nameSuffix);
     }
 
-    createPVPVCAndVerify(v1pv,v1pvc, labelSelector, namespace);
+    createPVPVCAndVerify(v1pv, v1pvc, labelSelector, namespace);
+    if (nameSuffix.contains("grafana") || nameSuffix.contains("prometheus")) {
+      String mountPath = "/data";
+      if (nameSuffix.contains("grafana")) {
+        mountPath = "/var/lib/grafana";
+      }
+      String argCommand = "chown -R 1000:1000 " + mountPath;
+      if (OKE_CLUSTER) {
+        argCommand = "chown 1000:1000 " + mountPath
+            + "/. && find "
+            + mountPath
+            + "/. -maxdepth 1 ! -name '.snapshot' ! -name '.' -print0 | xargs -r -0  chown -R 1000:1000";
+      }
+      createTestRepoSecret(namespace);
+      createJobToChangePermissionsOnPvHostPath("pv-test" + nameSuffix,
+          "pvc-" + nameSuffix, namespace,
+          mountPath, argCommand);
+    }
   }
 }

integration-tests/src/test/resources/exporter/promvalues.yaml

@@ -66,9 +66,24 @@ server:
     type: NodePort
     nodePort: 30500
   securityContext:
-    runAsGroup: 65534
     runAsNonRoot: true
     runAsUser: 1000
+  initContainers:
+    - command: [ "chown","-R","1000:1000","/data" ]
+      image: busybox
+      name: prometheus-data-permission-fix
+      volumeMounts:
+        - mountPath: /data
+          name: storage-volume
+      securityContext:
+        runAsNonRoot: false
+        runAsUser: 0
+        runAsGroup: 0
+
+  volumes:
+    - name: storage-volume
+      persistentVolumeClaim:
+        claimName: pvc-prometheus
 
   global:
     evaluation_interval: 1m