introduce sysrepo group for sysrepo-related processes
Sysrepo made some changes to file permissions and because of that
rousette began to fail because of insufficient permissions to open
sysrepo shm files.
It started to become tricky to manage all the stuff we decided to go
with what their README says [1], i.e., compile sysrepo with flags that
make sysrepo to create files with a specified group (sysrepo) and with
default umask (0007).
This is done via patches to our buildroot tree.
All sysrepo-related services then must run under sysrepo group so they
have access to sysrepo internal files.
Depends-on: https://gerrit.cesnet.cz/c/CzechLight/dependencies/+/5748
Change-Id: I257b9016bf7ca2af20f5627a2fe1b79b077c0232
diff --git a/package/cla-sysrepo/czechlight-install-yang.sh b/package/cla-sysrepo/czechlight-install-yang.sh
index db2387e..72b3f33 100755
--- a/package/cla-sysrepo/czechlight-install-yang.sh
+++ b/package/cla-sysrepo/czechlight-install-yang.sh
@@ -48,7 +48,7 @@
sysrepoctl --search-dirs ${CLA_YANG} --install ${CLA_YANG}/iana-hardware@2018-03-13.yang
sysrepoctl --search-dirs ${CLA_YANG} --install ${CLA_YANG}/ietf-hardware@2018-03-13.yang
-sysrepoctl --change ietf-hardware --permissions 0664 --enable-feature hardware-sensor
+sysrepoctl --change ietf-hardware --permissions 0660 --enable-feature hardware-sensor
if [[ ${YANG_ROADM} == 1 ]]; then
FEATURE_ARGS=""
@@ -57,54 +57,41 @@
FEATURE_ARGS="${FEATURE_ARGS} --enable-feature ${FEATURE}"
done
fi
- sysrepoctl --search-dirs ${CLA_YANG} --install ${CLA_YANG}/czechlight-roadm-device@2021-03-05.yang ${FEATURE_ARGS}
- sysrepoctl --change czechlight-roadm-device --group optics --permissions 0664
+ sysrepoctl --search-dirs ${CLA_YANG} --install ${CLA_YANG}/czechlight-roadm-device@2021-03-05.yang ${FEATURE_ARGS} --permissions 0660
sysrepocfg --datastore=startup --format=json --module=czechlight-roadm-device --import="${CLA_YANG}/${INITIAL_DATA}.json"
fi
if [[ ${YANG_COHERENT} == 1 ]]; then
- sysrepoctl --search-dirs ${CLA_YANG} --install ${CLA_YANG}/czechlight-coherent-add-drop@2021-03-05.yang
+ sysrepoctl --search-dirs ${CLA_YANG} --install ${CLA_YANG}/czechlight-coherent-add-drop@2021-03-05.yang --permissions 0660
sysrepocfg --datastore=startup --format=json --module=czechlight-coherent-add-drop --new-data="${CLA_YANG}/${INITIAL_DATA}.json"
- sysrepoctl --change czechlight-coherent-add-drop --group optics --permissions 0664
+ sysrepoctl --change czechlight-coherent-add-drop --permissions 0660
fi
if [[ ${YANG_INLINE} == 1 ]]; then
- sysrepoctl --search-dirs ${CLA_YANG} --install ${CLA_YANG}/czechlight-inline-amp@2021-03-05.yang
+ sysrepoctl --search-dirs ${CLA_YANG} --install ${CLA_YANG}/czechlight-inline-amp@2021-03-05.yang --permissions 0660
sysrepocfg --datastore=startup --format=json --module=czechlight-inline-amp --import="${CLA_YANG}/${INITIAL_DATA}.json"
- sysrepoctl --change czechlight-inline-amp --group optics --permissions 0664
fi
if [[ ${YANG_CALIBRATION} == 1 ]]; then
- sysrepoctl --search-dirs ${CLA_YANG} --install ${CLA_YANG}/czechlight-calibration-device@2019-06-25.yang
+ sysrepoctl --search-dirs ${CLA_YANG} --install ${CLA_YANG}/czechlight-calibration-device@2019-06-25.yang --permissions 0660
sysrepocfg --datastore=startup --format=json --module=czechlight-calibration-device --import="${CLA_YANG}/${INITIAL_DATA}.json"
- sysrepoctl --change czechlight-calibration-device --group optics --permissions 0664
fi
-sysrepoctl --search-dirs ${VELIA_YANG} --install ${VELIA_YANG}/ietf-system@2014-08-06.yang
-sysrepoctl --change ietf-system --permissions 0664
+sysrepoctl --search-dirs ${VELIA_YANG} --install ${VELIA_YANG}/ietf-system@2014-08-06.yang --permissions 0660
-sysrepoctl --search-dirs ${VELIA_YANG} --install ${VELIA_YANG}/czechlight-lldp@2020-11-04.yang
-sysrepoctl --change czechlight-lldp --permissions 0664
+sysrepoctl --search-dirs ${VELIA_YANG} --install ${VELIA_YANG}/czechlight-lldp@2020-11-04.yang --permissions 0660
-sysrepoctl --search-dirs ${VELIA_YANG} --install ${VELIA_YANG}/czechlight-system@2021-01-13.yang
-sysrepoctl --change czechlight-system --permissions 0664
+sysrepoctl --search-dirs ${VELIA_YANG} --install ${VELIA_YANG}/czechlight-system@2021-01-13.yang --permissions 0660
sysrepoctl --search-dirs ${VELIA_YANG} --install ${VELIA_YANG}/iana-if-type@2017-01-19.yang
-sysrepoctl --search-dirs ${VELIA_YANG} --install ${VELIA_YANG}/ietf-interfaces@2018-02-20.yang
-sysrepoctl --change ietf-interfaces --permissions 0664
-sysrepoctl --search-dirs ${VELIA_YANG} --install ${VELIA_YANG}/ietf-ip@2018-02-22.yang
-sysrepoctl --change ietf-ip --permissions 0664
-sysrepoctl --search-dirs ${VELIA_YANG} --install ${VELIA_YANG}/ietf-routing@2018-03-13.yang
-sysrepoctl --change ietf-routing --permissions 0664
-sysrepoctl --search-dirs ${VELIA_YANG} --install ${VELIA_YANG}/ietf-ipv4-unicast-routing@2018-03-13.yang
-sysrepoctl --change ietf-ipv4-unicast-routing --permissions 0664
-sysrepoctl --search-dirs ${VELIA_YANG} --install ${VELIA_YANG}/ietf-ipv6-unicast-routing@2018-03-13.yang
-sysrepoctl --change ietf-ipv6-unicast-routing --permissions 0664
-sysrepoctl --search-dirs ${VELIA_YANG} --install ${VELIA_YANG}/czechlight-network@2021-02-22.yang
-sysrepoctl --change czechlight-network --permissions 0664
+sysrepoctl --search-dirs ${VELIA_YANG} --install ${VELIA_YANG}/ietf-interfaces@2018-02-20.yang --permissions 0660
+sysrepoctl --search-dirs ${VELIA_YANG} --install ${VELIA_YANG}/ietf-ip@2018-02-22.yang --permissions 0660
+sysrepoctl --search-dirs ${VELIA_YANG} --install ${VELIA_YANG}/ietf-routing@2018-03-13.yang --permissions 0660
+sysrepoctl --search-dirs ${VELIA_YANG} --install ${VELIA_YANG}/ietf-ipv4-unicast-routing@2018-03-13.yang --permissions 0660
+sysrepoctl --search-dirs ${VELIA_YANG} --install ${VELIA_YANG}/ietf-ipv6-unicast-routing@2018-03-13.yang --permissions 0660
+sysrepoctl --search-dirs ${VELIA_YANG} --install ${VELIA_YANG}/czechlight-network@2021-02-22.yang --permissions 0660
-sysrepoctl --search-dirs ${VELIA_YANG} --install ${VELIA_YANG}/czechlight-firewall@2021-01-25.yang
-sysrepoctl --change czechlight-firewall --permissions 0600
+sysrepoctl --search-dirs ${VELIA_YANG} --install ${VELIA_YANG}/czechlight-firewall@2021-01-25.yang --permissions 0600
sysrepoctl --change ietf-access-control-list --enable-feature match-on-eth --enable-feature eth --enable-feature match-on-ipv4 --enable-feature ipv4 --enable-feature match-on-ipv6 --enable-feature ipv6 --enable-feature mixed-eth-ipv4-ipv6
# If not do not copy here from startup -> running, running might be stale.