Project

Profile

Help

Issue #7443

pulp installer does not set ownership and permissions correctly because it cannot find apache user

Added by ipanova@redhat.com about 2 months ago. Updated 4 days ago.

Status:
NEW
Priority:
High
Assignee:
-
Category:
Installer
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 84
Quarter:

Description

Some steps are skipped because user apache cannot be found and added to the pulp group https://github.com/pulp/pulp_installer/blob/master/roles/pulp_common/tasks/install.yml#L107-L133

TASK [pulp_common : Find the nologin executable] *******************************
ok: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Make sure pulp group exists] *******************************
ok: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Create user vagrant] ***************************************
skipping: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Add user vagrant to extra groups] **************************
skipping: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Add user vagrant to pulp group] ****************************
changed: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Make sure /var/lib/pulp is world executable, and exists] ***
changed: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Create cache dir for Pulp] *********************************
changed: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Check if we have Pulp 2 installed] *************************
ok: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Add user 'apache' to 'pulp' group if it exists] ************
skipping: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Set permissions on '/var/lib/pulp' if pulp2 is installed] ***
skipping: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Find subdirs without setgid] *******************************
skipping: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Set setgid on the /var/lib/pulp subdirs] *******************
skipping: [pulp2-nightly-pulp3-source-centos7]

After install finishes

$ stat /var/lib/pulp
  File: ‘/var/lib/pulp’
  Size: 184       	Blocks: 0          IO Block: 4096   directory
Device: fd01h/64769d	Inode: 5121737     Links: 9
Access: (0775/drwxrwxr-x)  Uid: ( 1000/ vagrant)   Gid: ( 1001/    pulp)
Context: system_u:object_r:httpd_sys_rw_content_t:s0
Access: 2020-09-02 09:59:45.951659170 +0000
Modify: 2020-09-02 09:59:39.995633259 +0000
Change: 2020-09-02 09:59:39.995633259 +0000
 Birth: -


$ ll /var/lib/pulp
total 8
-rw-r--r--. 1 apache  apache     2 Sep  1 19:18 0005_puppet_module_name_change.txt
drwxrwxr-x. 7 vagrant vagrant  103 Sep  1 19:30 assets
-rw-r--r--. 1 root    root       0 Sep  1 19:18 db_initialized.flag
drwxrwxr-x. 7 apache  pulp      73 Sep  1 19:18 published
drwxr-xr-x. 3 vagrant pulp      25 Sep  1 19:25 pulpcore_static
drwxrwxr-x. 2 apache  pulp      25 Sep  1 19:18 static
drwxrwxr-x. 7 vagrant pulp    4096 Sep  1 19:24 tmp
drwxrwxr-x. 2 apache  pulp       6 Jul 13 15:40 uploads

There is no /var/lib/pulp/content because this is a fresh install. I have created and synced a pulp2 repo. Directory is created however it does not belong to the pulp group, in addition the setgid is missing and there is no write permission for the group.


$ ll /var//lib/pulp
total 8
-rw-r--r--. 1 apache  apache     2 Sep  1 19:18 0005_puppet_module_name_change.txt
drwxrwxr-x. 7 vagrant vagrant  103 Sep  1 19:30 assets
drwxr-xr-x. 3 apache  apache    19 Sep  2 07:32 content
-rw-r--r--. 1 root    root       0 Sep  1 19:18 db_initialized.flag
drwxrwxr-x. 7 apache  pulp      73 Sep  1 19:18 published
drwxr-xr-x. 3 vagrant pulp      25 Sep  1 19:25 pulpcore_static
drwxrwxr-x. 2 apache  pulp      25 Sep  1 19:18 static
drwxrwxr-x. 7 vagrant pulp    4096 Sep  1 19:24 tmp
drwxrwxr-x. 2 apache  pulp       6 Jul 13 15:40 uploads

This makes it impossible to create hard link during the migration https://pulp.plan.io/issues/7244

History

#1 Updated by ipanova@redhat.com about 2 months ago

  • Description updated (diff)

#2 Updated by ipanova@redhat.com about 2 months ago

  • Description updated (diff)

#3 Updated by ipanova@redhat.com about 2 months ago

  • Description updated (diff)

#4 Updated by ipanova@redhat.com about 2 months ago

  • Description updated (diff)

#5 Updated by ipanova@redhat.com about 2 months ago

  • Description updated (diff)

#6 Updated by fao89 about 2 months ago

  • Triaged changed from No to Yes
  • Sprint set to Sprint 80

#7 Updated by rchan about 2 months ago

  • Sprint changed from Sprint 80 to Sprint 81

#8 Updated by rchan about 1 month ago

  • Sprint changed from Sprint 81 to Sprint 82

#9 Updated by fao89 about 1 month ago

  • Category set to Installer

#10 Updated by jsherril@redhat.com 29 days ago

  • Tags Katello added

#11 Updated by jsherril@redhat.com 29 days ago

  • Tags deleted (Katello)

#12 Updated by rchan 22 days ago

  • Sprint changed from Sprint 82 to Sprint 83

#13 Updated by rchan 9 days ago

  • Sprint changed from Sprint 83 to Sprint 84

#14 Updated by ipanova@redhat.com 4 days ago

  • Priority changed from Normal to High

I am bumping the priority on this issue because it makes it non trivial to test whether the permissions are correctly set in pulp2 for the migration box. I needed to performs those skipped steps manually.

Please register to edit this issue

Also available in: Atom PDF