Add error handling + fix permissions

Author: harishsurf

.gitignore

@@ -6,6 +6,7 @@ terraform-key.json
 terraform.tfstate*
 ansible/context
 image-archive.tar
+sqlite3.tar
 execution-environment.tar
 quay-aioi
 mirror-registry*

ansible-runner/context/app/project/roles/mirror_appliance/tasks/autodetect-sqlite-archive.yaml

@@ -10,5 +10,5 @@
 
 - name: Load sqlite image if sqlite3.tar exists
   shell: 
-    cmd: podman image import --change 'ENV PATH=/opt/app-root/src/bin:/opt/app-root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' --change 'ENV container=oci' --change 'ENTRYPOINT=["/usr/bin/sqlite3"]' - {{ sqlite_image }} < {{ quay_root }}/sqlite3.tar
+    cmd: podman image import --change 'ENV PATH=/opt/app-root/src/bin:/opt/app-root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' --change 'ENV container=oci' --change 'USER=1001' --change 'ENTRYPOINT=["/usr/bin/sqlite3"]' - {{ sqlite_image }} < {{ quay_root }}/sqlite3.tar
   when: s.stat.exists and local_install == "false"

ansible-runner/context/app/project/roles/mirror_appliance/tasks/install-quay-service.yaml

@@ -159,16 +159,32 @@
 
 - name: Create quay database file with persistent WAL mode and correct permissions
   block:
-    - name: Create sqlite file in WAL mode
+    - name: Create DB file and set permissions with error messages
       command: >
-        podman run --rm -v {{ expanded_sqlite_storage }}:/sqlite:Z --name sqlite-cli
-        {{ sqlite_image }} /sqlite/quay_sqlite.db -cmd "PRAGMA journal_mode=WAL;"
+        podman run --rm
+        -v {{ expanded_sqlite_storage }}:/sqlite:Z
+        --entrypoint /bin/sh
+        {{ sqlite_image }}
+        -c '
+          if ! sqlite3 /sqlite/quay_sqlite.db "PRAGMA journal_mode=WAL;"; then
+            echo "Failed to set WAL mode" >&2
+            exit 1
+          fi
+          if ! chown 1001:1001 /sqlite/quay_sqlite.db; then
+            echo "Failed to chown database file" >&2
+            exit 1
+          fi
+          if ! chmod 0664 /sqlite/quay_sqlite.db; then
+            echo "Failed to chmod database file" >&2
+            exit 1
+          fi
+        '
+      register: db_file_creation_result
+      failed_when: db_file_creation_result.rc != 0
+      changed_when: true
+      retries: 3
+      delay: 5
 
-    - name: Set permissions for the sqlite file
-      file:
-        path: "{{ expanded_sqlite_storage }}/quay_sqlite.db"
-        mode: u=rw,g=rw,o=r
-  when: "sqlite_storage.startswith('/')"
 
 - name: Start Quay service
   systemd:

cmd/utils.go

@@ -193,25 +193,28 @@ func loadSqliteCli() (string, error) {
 	if !pathExists(sqliteArchivePath) {
 		return "", errors.New("Could not find sqlite3.tar at " + sqliteArchivePath)
 	}
-	log.Info("Found sqlite3 cli binary at " + sqliteArchivePath)
-
-	sqliteArchiveMountFlag := fmt.Sprintf(" -v %s:/runner/sqlite3.tar", sqliteArchivePath)
-
-	if isLocalInstall() {
-		// Load sqlite3 as a podman image
-		log.Printf("Loading sqlite3 cli binary from sqlite3.tar")
-		statement := getImageMetadata("sqlite", sqliteImage, sqliteArchivePath)
-		sqliteImportCmd := exec.Command("/bin/bash", "-c", statement)
-		if verbose {
-			sqliteImportCmd.Stderr = os.Stderr
-			sqliteImportCmd.Stdout = os.Stdout
-		}
-		log.Debug("Importing sqlite3 cli binary with command: ", sqliteImportCmd)
-		err = sqliteImportCmd.Run()
-		if err != nil {
-			return "", err
+
+	var sqliteArchiveMountFlag string
+	if sqliteArchivePath != "" {
+		sqliteArchiveMountFlag = fmt.Sprintf(" -v %s:/runner/sqlite3.tar", sqliteArchivePath)
+		log.Info("Found sqlite archive at " + sqliteArchivePath)
+		if isLocalInstall() {
+			// Load sqlite3 as a podman image
+			log.Printf("Loading sqlite3 cli binary from sqlite3.tar")
+			statement := getImageMetadata("sqlite", sqliteImage, sqliteArchivePath)
+			sqliteImportCmd := exec.Command("/bin/bash", "-c", statement)
+			if verbose {
+				sqliteImportCmd.Stderr = os.Stderr
+				sqliteImportCmd.Stdout = os.Stdout
+			}
+			log.Debug("Importing sqlite3 cli binary with command: ", sqliteImportCmd)
+			err = sqliteImportCmd.Run()
+			if err != nil {
+				return "", err
+			}
 		}
 	}
+
 	log.Infof("Attempting to set SELinux rules on sqlite archive")
 	cmd := exec.Command("chcon", "-Rt", "svirt_sandbox_file_t", sqliteArchivePath)
 	if verbose {
@@ -240,6 +243,7 @@ func getImageMetadata(app, imageName, archivePath string) string {
 		statement = `/usr/bin/podman image import \
 					--change 'ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' \
 					--change 'ENV container=oci' \
+					--change 'USER=1001' \
 					--change 'ENTRYPOINT=["/usr/bin/sqlite3"]' \
 					- ` + imageName + ` < ` + archivePath
 	case "ansible":