Fix cluster directory being created with root ownership

[chrisdoherty4]

On occasion we find the cluster directory created by EKS-A is created with root ownership.

When hostpaths used for bind mounting in Docker don't exist at the time the container is created, dockerd creates the directory. dockerd runs as root on most systems hence the directory is created with root ownership.

This ensures the directory exists before we attempt to launch the tools container that bind mounts the cluster directory.

---

The docker command was demonstrated to be executing before the directory is created through an strace.

3195314 21:24:01.454557 execve("/usr/bin/docker", ["docker", "run", "-d", "--name", "eksa_1715203440722790952", "--network", "host", "-w", "/home/chrisdoherty", "-v", "/var/run/docker.sock:/var/run/do"..., "-v", "/home/chrisdoherty:/home/chrisdo"..., "-v", "/home/chrisdoherty:/home/chrisdo"..., "--entrypoint", "sleep", "public.ecr.aws/l0g8r8j6/eks-anyw"..., "infinity"], 0xc000ab2000 /* 32 vars */) = 0
...
3195265 21:24:01.715948 mkdirat(AT_FDCWD, "persistent-mgmt", 0777) = 0
3195265 21:24:01.716067 mkdirat(AT_FDCWD, "persistent-mgmt/generated", 0777) = 0

An analysis of stracing the docker daemon with timestamps suggested on successful runs that the timing was extremely close and on failed runs the container launched first, hence dockerd created the host path with root ownership.

The fix inverts the syscalls removing any race.

18416 21:51:24.197012 mkdirat(AT_FDCWD, "persistent-mgmt", 0777) = 0
18416 21:51:24.197097 mkdirat(AT_FDCWD, "persistent-mgmt/generated", 0777) = 0
...
18470 21:51:24.388620 execve("/usr/bin/docker", ["docker", "run", "-d", "--name", "eksa_1715205084197278143", "--network", "host", "-w", "/home/eksadmin", "-v", "/var/run/docker.sock:/var/run/do"..., "-v", "/home/eksadmin/persistent-mgmt:/"..., "-v", "/home/eksadmin:/home/eksadmin", "-v", "/home/eksadmin:/home/eksadmin", "--entrypoint", "sleep", "public.ecr.aws/l0g8r8j6/eks-anyw"..., "infinity"], 0xc000ab2120 /* 34 vars */) = 0

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 73.40%. Comparing base (713026d) to head (65139db).
Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #8120   +/-   ##
=======================================
  Coverage   73.40%   73.40%           
=======================================
  Files         577      577           
  Lines       35899    35900    +1     
=======================================
+ Hits        26351    26352    +1     
  Misses       7882     7882           
  Partials     1666     1666           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[chrisdoherty4]

/cherry-pick release-0.19

[eks-distro-pr-bot]

@chrisdoherty4: once the present PR merges, I will cherry-pick it on top of release-0.19 in a new PR and assign it to you.

In response to this:

/cherry-pick release-0.19

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[d8660091]

/lgtm

[chrisdoherty4]

/approve

[eks-distro-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: chrisdoherty4

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [chrisdoherty4]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[eks-distro-pr-bot]

@chrisdoherty4: new pull request created: #8121

In response to this:

/cherry-pick release-0.19

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.