From 851b918b6eaa4766ca03c3870cd0e43f765134ff Mon Sep 17 00:00:00 2001
From: Ho Kim <ho.kim@ulagbulag.io>
Date: Sat, 3 Jun 2023 01:48:26 +0900
Subject: [PATCH] Fix a bug in logout

---
 .../session/user-session-cleanup.yaml.j2      |  2 +-
 .../templates/session/user-session.yaml.j2    | 27 ++++++++-----------
 vine/rbac/src/logout.rs                       |  2 +-
 vine/session/src/lib.rs                       | 20 +++++++++++---
 4 files changed, 30 insertions(+), 21 deletions(-)

diff --git a/templates/vine/templates/session/user-session-cleanup.yaml.j2 b/templates/vine/templates/session/user-session-cleanup.yaml.j2
index 21d46e91..8a977a22 100644
--- a/templates/vine/templates/session/user-session-cleanup.yaml.j2
+++ b/templates/vine/templates/session/user-session-cleanup.yaml.j2
@@ -9,7 +9,7 @@ spec:
   template:
     metadata:
       labels:
-        name: desktop
+        name: desktop-cleanup
     spec:
       affinity:
         nodeAffinity:
diff --git a/templates/vine/templates/session/user-session.yaml.j2 b/templates/vine/templates/session/user-session.yaml.j2
index 61cd9090..93fdb2e6 100644
--- a/templates/vine/templates/session/user-session.yaml.j2
+++ b/templates/vine/templates/session/user-session.yaml.j2
@@ -32,16 +32,11 @@ spec:
             - bash
             - -c
           args:
-            # - |
-            #   set -e -x -o pipefail
-            #   chown user:user /home/user /mnt/shared
-            #   chmod 700 /home/user
-            #   chmod 777 /mnt/shared
-            #   exec true
             - |
               set -e -x -o pipefail
-              chown user:user /home/user
+              chown user:user /home/user /mnt/public
               chmod 700 /home/user
+              chmod 777 /mnt/public
               exec true
           securityContext:
             privileged: true
@@ -49,6 +44,8 @@ spec:
           volumeMounts:
             - name: home
               mountPath: /home/user
+            - name: home-public
+              mountPath: /mnt/public
       containers:
         - name: desktop-environment
           image: quay.io/ulagbulag/openark-vine-desktop:latest
@@ -86,8 +83,6 @@ spec:
               value: "7.22"
             - name: XDG_RUNTIME_DIR
               value: /run/user/2000
-          lifecycle:
-            terminationGracePeriodSeconds: 5
           ports:
             - name: http
               containerPort: 8080
@@ -109,6 +104,8 @@ spec:
               readOnly: true
             - name: home
               mountPath: /home/user
+            - name: home-public
+              mountPath: /mnt/public
             - name: machine-id
               mountPath: /etc/machine-id
               readOnly: true
@@ -143,6 +140,7 @@ spec:
         runAsNonRoot: false
         runAsUser: 2000
         fsGroup: 2000
+      terminationGracePeriodSeconds: 5
       volumes:
         - name: dev
           hostPath:
@@ -170,9 +168,9 @@ spec:
           #   path: "/opt/vdi/tenants/remote/{{ metadata.namespace }}/desktop-{{ spec.node.metadata.name }}"
           #   type: DirectoryOrCreate
 {% endif %}
-        # - name: home-shared
-        #   persistentVolumeClaim:
-        #     claimName: desktop-shared
+        - name: home-public
+          persistentVolumeClaim:
+            claimName: desktop-public
         - name: machine-id
           hostPath:
             path: /etc/machine-id
@@ -251,8 +249,6 @@ spec:
               value: "false"
             - name: X11VNC_XKB
               value: "true"
-          lifecycle:
-            terminationGracePeriodSeconds: 30
           ports:
             - name: vnc
               protocol: TCP
@@ -273,8 +269,6 @@ spec:
           env:
             - name: NOVNC_VNC_PATH
               value: "/box/vnc/{{ spec.node.metadata.name }}/"
-          lifecycle:
-            terminationGracePeriodSeconds: 30
           ports:
             - name: http
               protocol: TCP
@@ -290,6 +284,7 @@ spec:
       securityContext:
         runAsUser: 2000
         fsGroup: 2000
+      terminationGracePeriodSeconds: 30
       volumes:
         - name: x11
           hostPath:
diff --git a/vine/rbac/src/logout.rs b/vine/rbac/src/logout.rs
index 421538ed..e43893f3 100644
--- a/vine/rbac/src/logout.rs
+++ b/vine/rbac/src/logout.rs
@@ -11,7 +11,7 @@ pub async fn execute(
         client,
         box_name,
         user_name,
-        |session_manager, spec| async move { session_manager.try_create(&spec.as_ref()).await },
+        |session_manager, spec| async move { session_manager.delete(&spec.as_ref()).await },
     )
     .await
 }
diff --git a/vine/session/src/lib.rs b/vine/session/src/lib.rs
index 52a21c90..871eaa4e 100644
--- a/vine/session/src/lib.rs
+++ b/vine/session/src/lib.rs
@@ -8,11 +8,11 @@ use dash_provider::client::job::FunctionActorJobClient;
 use dash_provider_api::SessionContextMetadata;
 use futures::TryFutureExt;
 use k8s_openapi::{
-    api::core::v1::{Namespace, Node},
+    api::core::v1::{Namespace, Node, Pod},
     serde_json::Value,
 };
 use kube::{
-    api::{Patch, PatchParams},
+    api::{DeleteParams, ListParams, Patch, PatchParams},
     Api, Client, Resource, ResourceExt,
 };
 use log::info;
@@ -118,11 +118,12 @@ impl SessionManager {
             .await
     }
 
-    async fn delete(&self, spec: &SessionContextSpec<'_>) -> Result<()> {
+    pub async fn delete(&self, spec: &SessionContextSpec<'_>) -> Result<()> {
         let ctx: SessionContext = spec.into();
 
         self.label_namespace(&ctx, None)
             .and_then(|()| self.delete_template(&ctx))
+            .and_then(|()| self.delete_pods(&ctx))
             .and_then(|()| self.label_user(ctx.spec.node, ctx.spec.user_name, false))
             .and_then(|()| self.create_cleanup(&ctx))
             .and_then(|()| self.label_node(ctx.spec.node, None))
@@ -162,6 +163,19 @@ impl SessionManager {
             .map(|_| ())
     }
 
+    async fn delete_pods(&self, ctx: &SessionContext<'_>) -> Result<()> {
+        let api = Api::<Pod>::namespaced(self.client.kube.clone(), &ctx.metadata.namespace);
+        let dp = DeleteParams::background();
+        let lp = ListParams {
+            label_selector: Some("name=desktop".into()),
+            ..Default::default()
+        };
+        api.delete_collection(&dp, &lp)
+            .await
+            .map(|_| ())
+            .map_err(Into::into)
+    }
+
     async fn create_cleanup(&self, ctx: &SessionContext<'_>) -> Result<()> {
         self.client
             .create_raw_named(Self::TEMPLATE_CLEANUP_FILENAME, ctx)