new file mode 100644

@@ -0,0 +1,25 @@

+package main

+

+import (

+	"fmt"

+	"os"

+

+	"github.com/openshift/origin/pkg/cmd/recycle"

+)

+

+func main() {

+	basename := os.Args[0]

+	args := os.Args[1:]

+	if len(args) == 0 || len(args[0]) == 0 {

+		fmt.Printf("Usage: %s DIR\n", basename)

+		os.Exit(1)

+	}

+

+	if err := recycle.Recycle(args[0]); err != nil {

+		fmt.Printf("Scrub failed: %v\n", err)

+		os.Exit(1)

+	}

+

+	fmt.Println("Scrub OK")

+	os.Exit(0)

+}

@@ -49,6 +49,7 @@ cp -pf "${imagedir}/hello-openshift" examples/hello-openshift/bin

 cp -pf "${imagedir}/deployment"      examples/deployment/bin

 cp -pf "${imagedir}/gitserver"       examples/gitserver/bin

 cp -pf "${imagedir}/dockerregistry"  images/dockerregistry/bin

+cp -pf "${imagedir}/recycle"         images/recycler/bin

 # Copy SDN scripts into images/node

 os::util::install-sdn "${OS_ROOT}" "${OS_ROOT}/images/node"

@@ -31,6 +31,7 @@ readonly OS_IMAGE_COMPILE_TARGETS=(

   images/pod

   cmd/dockerregistry

   cmd/gitserver

+  cmd/recycle

 )

 readonly OS_SCRATCH_IMAGE_COMPILE_TARGETS=(

   examples/hello-openshift

@@ -59,7 +60,6 @@ readonly OS_ALL_BINARIES=("${OS_ALL_TARGETS[@]##*/}")

 readonly OPENSHIFT_BINARY_SYMLINKS=(

   openshift-router

   openshift-deploy

-  openshift-recycle

   openshift-sti-build

   openshift-docker-build

   origin

@@ -1,17 +1,10 @@

 #

-# This is the default deployment strategy image for OpenShift Origin. It expects a set of

-# environment variables to parameterize the deploy:

-#

-#   KUBERNETES_MASTER - the address of the OpenShift master

-#   KUBERNETES_DEPLOYMENT_ID - the deployment identifier that is running this build

+# This is the default OpenShift Origin persistent volume recycler image.

 #

 # The standard name for this image is openshift/origin-recycler

 #

-FROM openshift/origin

-

-RUN yum install -y sudo && \

-    sed -i -e "s/Defaults    requiretty.*/ #Defaults    requiretty/g" /etc/sudoers

+FROM scratch

-ADD scripts/recycler.sh /usr/share/openshift/scripts/volumes/recycler.sh

+ADD bin/recycle /usr/bin/recycle

-ENTRYPOINT ["/usr/share/openshift/scripts/volumes/recycler.sh"]

+ENTRYPOINT ["/usr/bin/recycle"]

new file mode 100644

@@ -0,0 +1 @@

+recycle

deleted file mode 100755

@@ -1,49 +0,0 @@

-#!/bin/bash

-

-# 'recycler' performs an 'rm -rf' on a volume to scrub it clean before it's

-# reused as a cluster resource. This script is intended to be used in a pod that

-# performs the scrub. The container in the pod should succeed or fail based on

-# the exit status of this script.

-

-set -o errexit

-set -o noglob

-set -o nounset

-set -o pipefail

-

-if [[ $# -ne 1 ]]; then

-    echo >&2 "Usage: $0 some/path/to/scrub"

-    exit 1

-fi

-

-# first and only arg is the directory to scrub

-dir="${1}"

-

-if [[ ! -d "${dir}" ]]; then

-    echo >&2 "Error: scrub directory '${dir}' does not exist"

-    exit 1

-fi

-

-# shred regular files

-function recycle_file() {

-    filename="${1}"

-    uid=$(stat -c "#%u" "${filename}")

-    sudo -u "${uid}" shred "${filename}"

-}

-export -f recycle_file

-

-find "${dir}" -type f -print0 | xargs -r -n 1 -0 bash -c 'recycle_file "$@"' {}

-

-# rm all

-function rm_all() {

-    filename="${1}"

-    uid=$(stat -c "#%u" "${filename}")

-    sudo -u "${uid}" rm -rf "${filename}"

-}

-export -f rm_all

-

-find "${dir}" ! -type d -print0 | xargs -r -n 1 -0 bash -c 'rm_all "$@"' {}

-

-find "${dir}" -mindepth 1 -type d -print0 | sort -zrg | xargs -r -n 1 -0 bash -c 'rm_all "$@"' {}

-

-echo "Scrub OK"

-exit 0

new file mode 100644

@@ -0,0 +1,16 @@

+package recycle

+

+import "os"

+

+// Recycle recursively deletes files and folders within the given path. It does not delete the path itself.

+func Recycle(dir string) error {

+	return newWalker(func(path string, info os.FileInfo) error {

+		// Leave the root dir alone

+		if path == dir {

+			return nil

+		}

+

+		// Delete all subfiles/subdirs

+		return os.Remove(path)

+	}).Walk(dir)

+}

new file mode 100644

@@ -0,0 +1,89 @@

+package recycle

+

+import (

+	"io/ioutil"

+	"os"

+	"path"

+	"path/filepath"

+	"testing"

+)

+

+func TestRecycle(t *testing.T) {

+	root, err := ioutil.TempDir("", "recycler-test-")

+	if err != nil {

+		t.Fatal(err)

+	}

+	defer func() {

+		if err := os.RemoveAll(root); err != nil {

+			t.Fatal(err)

+		}

+	}()

+

+	filenames := []string{

+		string([]byte{3}), // Ctrl+C

+		string([]byte{4}), // Ctrl+D

+

+		`white space`,

+		`new

+	line`,

+

+		`*`,

+		`~`,

+		`\`,

+		`\\`,

+

+		` && touch and-escape`,

+		` || touch or-escape`,

+		` ; touch semi-escape`,

+		` " touch quote-escape`,

+		` ' touch apos-escape`,

+		` }"; touch brace-escape`,

+

+		`env x='() { :;}; echo vulnerable'`, // shellshock

+

+		`$USER`,

+

+		`...`,

+		`.file`,

+

+		`中文`,                   // utf-8

+		`κόσμε`,                // utf-8

+		`Iñtërnâtiônàlizætiøn`, // utf-8

+	}

+

+	for _, dir := range filenames {

+		dirpath := path.Join(root, dir)

+		if err := os.Mkdir(dirpath, os.FileMode(0755)); err != nil {

+			t.Errorf("Error writing dir %s\n%v", dirpath, err)

+			continue

+		}

+

+		for _, file := range filenames {

+			filepath := path.Join(dirpath, file)

+			if err := ioutil.WriteFile(filepath, []byte(filepath), os.FileMode(0755)); err != nil {

+				t.Errorf("Error writing file %s\n%v", filepath, err)

+			}

+

+			if _, err := os.Stat(filepath); err != nil {

+				t.Errorf("Error verifying file %s\n%v", filepath, err)

+			}

+		}

+	}

+

+	err = Recycle(root)

+	if err != nil {

+		t.Error(err)

+	}

+

+	remaining := []string{}

+	err = filepath.Walk(root, func(path string, info os.FileInfo, err error) error {

+		remaining = append(remaining, path)

+		return err

+	})

+	if err != nil {

+		t.Errorf("Unexpected error: %v", err)

+	}

+	if len(remaining) != 1 || remaining[0] != root {

+		t.Errorf("Unexpected files left after recycling: %#v", remaining)

+	}

+}

new file mode 100644

@@ -0,0 +1,179 @@

+package recycle

+

+import (

+	"fmt"

+	"os"

+	"path/filepath"

+	"runtime"

+	"sort"

+)

+

+type walkFunc func(path string, info os.FileInfo) error

+

+// Walker visits a directory tree, depth-first, calling walkFn for every file/directory.

+// It calls setfsuid with the owning UID of each directory before calling walkFn for the direct children of that directory.

+type walker struct {

+	walkFn walkFunc

+

+	// fsuid holds our current fsuid

+	fsuid int64

+

+	// lstat is for testing, defaults to os.Lstat

+	lstat func(path string) (os.FileInfo, error)

+

+	// getuid is for testing, defaults to fileinfo.Sys().(*syscall.Stat_t).Uid

+	getuid func(info os.FileInfo) (int64, error)

+

+	// setfsuid is for testing, defaults to syscall.Setfsuid

+	setfsuid func(uid int) error

+

+	// readDirNames is for testing, defaults to readDirNames

+	readDirNames func(dirname string) ([]string, error)

+}

+

+type walkError struct {

+	path      string

+	info      os.FileInfo

+	operation string

+	err       error

+}

+

+func (w walkError) Error() string {

+	var mode interface{} = "unknown"

+	if w.info != nil {

+		mode = w.info.Mode()

+	}

+	return fmt.Sprintf("%s (%s), %s: %s", w.path, mode, w.operation, w.err)

+}

+

+func makeWalkError(path string, info os.FileInfo, err error, operation string) error {

+	if _, isWalkError := err.(walkError); isWalkError {

+		return err

+	}

+	return walkError{path, info, operation, err}

+}

+

+func newWalker(walkFn walkFunc) *walker {

+	return &walker{

+		walkFn:       walkFn,

+		fsuid:        int64(os.Getuid()), // default to the uid of the process

+		lstat:        os.Lstat,

+		getuid:       getuid,

+		setfsuid:     setfsuid,

+		readDirNames: readDirNames,

+	}

+}

+

+func (w *walker) Walk(root string) error {

+	// Lock threads, so our Setfsuid calls always apply to the same thread

+	runtime.LockOSThread()

+	defer runtime.UnlockOSThread()

+

+	// The launching process must have the ability to stat the root dir

+	info, err := w.lstat(root)

+	if err != nil {

+		return makeWalkError(root, info, err, "lstat root dir")

+	}

+

+	// become the root dir's owner to begin

+	err = w.becomeOwner(info)

+	if err != nil {

+		return makeWalkError(root, info, err, "becoming root dir owner")

+	}

+

+	return w.walk(root, info)

+}

+

+func (w *walker) walk(path string, info os.FileInfo) error {

+	var err error

+

+	// Descend first

+	if info.IsDir() {

+		// Remember our current fsuid

+		previousFSuid := w.fsuid

+

+		// become the dir's owner, in order to list/rmdir/unlink child files

+		err = w.becomeOwner(info)

+		if err != nil {

+			return makeWalkError(path, info, err, "becoming dir owner")

+		}

+

+		// read dir info

+		names, err := w.readDirNames(path)

+		if err != nil {

+			return makeWalkError(path, info, err, fmt.Sprintf("reading dir names as %d", w.fsuid))

+		}

+

+		// visit files

+		for _, name := range names {

+			filename := filepath.Join(path, name)

+

+			fileInfo, err := w.lstat(filename)

+			if err != nil {

+				return makeWalkError(path, info, err, fmt.Sprintf("lstat child as %d", w.fsuid))

+			}

+

+			err = w.walk(filename, fileInfo)

+			if err != nil {

+				return err

+			}

+		}

+

+		// Return to our previous fsuid, in order to rmdir the current directory

+		err = w.becomeUid(previousFSuid)

+		if err != nil {

+			return makeWalkError(path, info, err, "returning to previous uid")

+		}

+	}

+

+	// visit the current file

+	err = w.walkFn(path, info)

+	if err != nil {

+		return makeWalkError(path, info, err, "calling walkFn")

+	}

+

+	return nil

+}

+

+func (w *walker) becomeOwner(info os.FileInfo) error {

+	// get the UID

+	uid, err := w.getuid(info)

+	if err != nil {

+		return err

+	}

+

+	return w.becomeUid(uid)

+}

+

+func (w *walker) becomeUid(uid int64) error {

+	// if we already were the UID, no-op

+	if w.fsuid == uid {

+		return nil

+	}

+

+	// become the UID

+	if err := w.setfsuid(int(uid)); err != nil {

+		return err

+	}

+

+	// remember the last UID we became

+	w.fsuid = uid

+

+	return nil

+}

+

+// readDirNames reads the directory named by dirname and returns a sorted list of directory entries.

+func readDirNames(dirname string) ([]string, error) {

+	f, err := os.Open(dirname)

+	if err != nil {

+		return nil, err

+	}

+	defer f.Close()

+

+	names, err := f.Readdirnames(-1)

+	if err != nil {

+		return nil, err

+	}

+	sort.Strings(names)

+	return names, nil

+}

new file mode 100644

@@ -0,0 +1,23 @@

+// +build linux

+

+package recycle

+

+import (

+	"errors"

+	"os"

+	"syscall"

+)

+

+var StatError = errors.New("fileinfo.Sys() is not *syscall.Stat_t")

+

+func getuid(info os.FileInfo) (int64, error) {

+	stat_t, ok := info.Sys().(*syscall.Stat_t)

+	if !ok {

+		return 0, StatError

+	}

+	return int64(stat_t.Uid), nil

+}

+

+func setfsuid(uid int) (err error) {

+	return syscall.Setfsuid(uid)

+}

new file mode 100644

@@ -0,0 +1,15 @@

+// +build !linux

+

+package recycle

+

+import "os"

+

+func getuid(info os.FileInfo) (int64, error) {

+	// no-op on non-linux platforms

+	return 0, nil

+}

+

+func setfsuid(uid int) (err error) {

+	// no-op on non-linux platforms

+	return nil

+}

new file mode 100644

@@ -0,0 +1,154 @@

+package recycle

+

+import (

+	"io/ioutil"

+	"os"

+	"path/filepath"

+	"reflect"

+	"testing"

+)

+

+func TestStatUID(t *testing.T) {

+	root, err := ioutil.TempDir("", "walker-test-")

+	if err != nil {

+		t.Fatal(err)

+	}

+	defer func() {

+		if err := os.RemoveAll(root); err != nil {

+			t.Fatal(err)

+		}

+	}()

+

+	rootName := filepath.Base(root)

+

+	files := map[string]testFile{

+		filepath.Join(root):                  {uid: 0, dir: true},

+		filepath.Join(root, "dir1"):          {uid: 1, dir: true},

+		filepath.Join(root, "dir2"):          {uid: 2, dir: true},

+		filepath.Join(root, "dir2/subdir"):   {uid: 2, dir: true},

+		filepath.Join(root, "dir2/subfile1"): {uid: 123},

+		filepath.Join(root, "dir2/subfile2"): {uid: 234},

+		filepath.Join(root, "file1"):         {uid: 345},

+		filepath.Join(root, "file2"):         {uid: 456},

+	}

+	for path, fileinfo := range files {

+		if fileinfo.dir {

+			if err := os.MkdirAll(path, os.FileMode(0755)); err != nil {

+				t.Fatalf("Error writing dir %s\n%v", path, err)

+				continue

+			}

+		} else {

+			if err := os.MkdirAll(filepath.Dir(path), os.FileMode(0755)); err != nil {

+				t.Fatalf("Error writing dir %s\n%v", path, err)

+				continue

+			}

+			if err := ioutil.WriteFile(path, []byte(path), os.FileMode(0755)); err != nil {

+				t.Fatalf("Error writing file %s\n%v", path, err)

+			}

+		}

+	}

+

+	expectedActions := []testAction{

+		// get root info, list files

+		// no setfsuid call, because we are already uid 0

+		{"lstat", rootName},

+		{"readDirNames", rootName},

+

+		// get dir1 info, become owner, list files, change back to root owner, walk dir1 (as owner of root dir, so we can rmdir dir1)

+		{"lstat", "dir1"},

+		{"setfsuid", 1},

+		{"readDirNames", "dir1"},

+		{"setfsuid", 0},

+		{"walk", "dir1"},

+

+		// get dir2 info, become owner, list files

+		{"lstat", "dir2"},

+		{"setfsuid", 2},

+		{"readDirNames", "dir2"},

+		// get subdir info, list files, walk

+		// no setfsuid calls to subdir owner or back to dir2 owner, because we are already uid 2

+		{"lstat", "subdir"},

+		{"readDirNames", "subdir"},

+		{"walk", "subdir"},

+		// stat and walk subfiles, no fsuid changes needed for files

+		{"lstat", "subfile1"},

+		{"walk", "subfile1"},

+		{"lstat", "subfile2"},

+		{"walk", "subfile2"},

+		// change back to root owner, walk dir2 (as owner of root dir, so we can rmdir dir2)

+		{"setfsuid", 0},

+		{"walk", "dir2"},

+

+		// stat and walk files, no fsuid changes needed for files

+		{"lstat", "file1"},

+		{"walk", "file1"},

+		{"lstat", "file2"},

+		{"walk", "file2"},

+

+		// finally, walk the root

+		{"walk", rootName},

+	}

+	actions := []testAction{}

+

+	w := &walker{

+		fsuid: 0, // mock starting as uid 0

+		walkFn: func(path string, info os.FileInfo) error {

+			actions = append(actions, testAction{"walk", filepath.Base(path)})

+			return nil

+		},

+		lstat: func(path string) (os.FileInfo, error) {

+			actions = append(actions, testAction{"lstat", filepath.Base(path)})

+			l, err := os.Lstat(path)

+			return testFileInfoWrapper{l, files[path]}, err

+		},

+		getuid: func(info os.FileInfo) (int64, error) {

+			return info.(testFileInfoWrapper).testData.uid, nil

+		},

+		setfsuid: func(uid int) error {

+			actions = append(actions, testAction{"setfsuid", uid})

+			return nil

+		},

+		readDirNames: func(path string) ([]string, error) {

+			actions = append(actions, testAction{"readDirNames", filepath.Base(path)})

+			return readDirNames(path)

+		},

+	}

+

+	err = w.Walk(root)

+	if err != nil {

+		t.Fatalf("Unexpected error: %v", err)

+	}

+

+	for i, action := range actions {

+		if len(expectedActions) < i+1 {

+			t.Errorf("%d unexpected actions: %+v", len(actions)-len(expectedActions), actions[i:])

+			break

+		}

+

+		expectedAction := expectedActions[i]

+		if !reflect.DeepEqual(expectedAction, action) {

+			t.Errorf("%d: expected %#v\ngot                      %#v", i, expectedAction, action)

+			continue

+		}

+	}

+

+	if len(expectedActions) > len(actions) {

+		t.Errorf("%d additional expected actions:%+v", len(expectedActions)-len(actions), expectedActions[len(actions):])

+	}

+

+}

+

+type testFile struct {

+	uid int64

+	dir bool

+}

+

+type testAction struct {

+	Action string

+	Data   interface{}

+}

+

+type testFileInfoWrapper struct {

+	os.FileInfo

+	testData testFile

+}

@@ -80,9 +80,10 @@ func (c *MasterConfig) RunPersistentVolumeClaimRecycler(recyclerImageName string

 	uid := int64(0)

 	defaultScrubPod := volume.NewPersistentVolumeRecyclerPodTemplate()

 	defaultScrubPod.Spec.Containers[0].Image = recyclerImageName

-	defaultScrubPod.Spec.Containers[0].Command = []string{"/usr/share/openshift/scripts/volumes/recycler.sh"}

+	defaultScrubPod.Spec.Containers[0].Command = []string{"/usr/bin/recycle"}

 	defaultScrubPod.Spec.Containers[0].Args = []string{"/scrub"}

 	defaultScrubPod.Spec.Containers[0].SecurityContext = &kapi.SecurityContext{RunAsUser: &uid}

+	defaultScrubPod.Spec.Containers[0].ImagePullPolicy = kapi.PullIfNotPresent

 	hostPathConfig := volume.VolumeConfig{

 		RecyclerMinimumTimeout:   30,