From cd5a324a96288c0ce96157335b196471886c6e07 Mon Sep 17 00:00:00 2001 From: Dmitry Ratushnyy <dmitry.ratushnyy@canonical.com> Date: Fri, 29 Sep 2023 08:29:29 +0200 Subject: [PATCH 1/3] Change entry point to peble --- .github/workflows/build.yaml | 2 +- rockcraft.yaml | 29 ++++++++++++++++++++--------- 2 files changed, 21 insertions(+), 10 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index fca8882..4321a4a 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -15,7 +15,7 @@ jobs: - name: Install dependencies run: | sudo snap install yq - sudo snap install rockcraft --classic --edge --revision=687 + sudo snap install rockcraft --classic --edge sudo snap install charmcraft --classic --revision 1349 - name: Build ROCK run: | diff --git a/rockcraft.yaml b/rockcraft.yaml index f031b22..6413635 100644 --- a/rockcraft.yaml +++ b/rockcraft.yaml @@ -10,15 +10,22 @@ description: | as a NoSQL database program, MongoDB uses JSON -like documents with optional schemas. license: Apache-2.0 # your application's SPDX license -entrypoint: - - /usr/bin/setpriv - - --clear-groups - - --reuid - - mongodb - - --regid - - mongodb - - -- - - /usr/bin/mongod + +services: + mongod: + summary: Start Mongod + override: replace + startup: enabled + command: + - /usr/bin/setpriv + - --clear-groups + - --reuid + - mongodb + - --regid + - mongodb + - -- + - /usr/bin/mongod + platforms: # The platforms this ROCK should be built on and run on amd64: @@ -44,13 +51,16 @@ parts: useradd -R $CRAFT_OVERLAY -M -r -g mongodb -u 584788 mongodb override-prime: | craftctl default + # Give permission and create the required directories mkdir -p $CRAFT_PRIME/data/db chmod 0755 $CRAFT_PRIME/data/db chown -R 584788:584788 $CRAFT_PRIME/data/db + # enable security monitoring rocks=usr/share/rocks/ mkdir -p ${rocks} + ## for deb packages declare -a arr=() arr+=('${db:Status-Abbrev},') @@ -59,6 +69,7 @@ parts: arr+=('${source:Package},') arr+=('${Source:Version}\n') dpkg-query -W -f "${arr[*]}" > ${rocks}/dpkg.query + ## for snap packages cp snap.charmed-mongodb/manifest.yaml ${rocks} cp snap.charmed-mongodb/snapcraft.yaml ${rocks} From f321d9c04bc1a0216b245cc393df8792a0220e65 Mon Sep 17 00:00:00 2001 From: Dmitry Ratushnyy <dmitry.ratushnyy@canonical.com> Date: Fri, 29 Sep 2023 08:37:34 +0200 Subject: [PATCH 2/3] Update command --- rockcraft.yaml | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/rockcraft.yaml b/rockcraft.yaml index 6413635..08bf4bd 100644 --- a/rockcraft.yaml +++ b/rockcraft.yaml @@ -16,15 +16,7 @@ services: summary: Start Mongod override: replace startup: enabled - command: - - /usr/bin/setpriv - - --clear-groups - - --reuid - - mongodb - - --regid - - mongodb - - -- - - /usr/bin/mongod + command: "/usr/bin/setpriv --clear-groups --reuid mongodb --regid mongodb -- /usr/bin/mongod" platforms: # The platforms this ROCK should be built on and run on From 9a93f64197e9f307466c5fa046b2fcad68b8bfe7 Mon Sep 17 00:00:00 2001 From: Dmitry Ratushnyy <dmitry.ratushnyy@canonical.com> Date: Fri, 29 Sep 2023 08:43:19 +0200 Subject: [PATCH 3/3] Extract start command to a separate script --- rockcraft.yaml | 2 +- scripts/start.sh | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 scripts/start.sh diff --git a/rockcraft.yaml b/rockcraft.yaml index 08bf4bd..6a6bbb6 100644 --- a/rockcraft.yaml +++ b/rockcraft.yaml @@ -16,7 +16,7 @@ services: summary: Start Mongod override: replace startup: enabled - command: "/usr/bin/setpriv --clear-groups --reuid mongodb --regid mongodb -- /usr/bin/mongod" + command: "/bin/bash /bin/start.sh" platforms: # The platforms this ROCK should be built on and run on diff --git a/scripts/start.sh b/scripts/start.sh new file mode 100644 index 0000000..1f7b4ea --- /dev/null +++ b/scripts/start.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +/usr/bin/setpriv --clear-groups --reuid mongodb --regid mongodb -- /usr/bin/mongod \ No newline at end of file