Issue #7443
openpulp installer does not set ownership and permissions correctly because it cannot find apache user
Description
Some steps are skipped because user apache cannot be found and added to the pulp group https://github.com/pulp/pulp_installer/blob/master/roles/pulp_common/tasks/install.yml#L107-L133
TASK [pulp_common : Find the nologin executable] *******************************
ok: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Make sure pulp group exists] *******************************
ok: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Create user vagrant] ***************************************
skipping: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Add user vagrant to extra groups] **************************
skipping: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Add user vagrant to pulp group] ****************************
changed: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Make sure /var/lib/pulp is world executable, and exists] ***
changed: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Create cache dir for Pulp] *********************************
changed: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Check if we have Pulp 2 installed] *************************
ok: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Add user 'apache' to 'pulp' group if it exists] ************
skipping: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Set permissions on '/var/lib/pulp' if pulp2 is installed] ***
skipping: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Find subdirs without setgid] *******************************
skipping: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Set setgid on the /var/lib/pulp subdirs] *******************
skipping: [pulp2-nightly-pulp3-source-centos7]
After install finishes
$ stat /var/lib/pulp
File: ‘/var/lib/pulp’
Size: 184 Blocks: 0 IO Block: 4096 directory
Device: fd01h/64769d Inode: 5121737 Links: 9
Access: (0775/drwxrwxr-x) Uid: ( 1000/ vagrant) Gid: ( 1001/ pulp)
Context: system_u:object_r:httpd_sys_rw_content_t:s0
Access: 2020-09-02 09:59:45.951659170 +0000
Modify: 2020-09-02 09:59:39.995633259 +0000
Change: 2020-09-02 09:59:39.995633259 +0000
Birth: -
$ ll /var/lib/pulp
total 8
-rw-r--r--. 1 apache apache 2 Sep 1 19:18 0005_puppet_module_name_change.txt
drwxrwxr-x. 7 vagrant vagrant 103 Sep 1 19:30 assets
-rw-r--r--. 1 root root 0 Sep 1 19:18 db_initialized.flag
drwxrwxr-x. 7 apache pulp 73 Sep 1 19:18 published
drwxr-xr-x. 3 vagrant pulp 25 Sep 1 19:25 pulpcore_static
drwxrwxr-x. 2 apache pulp 25 Sep 1 19:18 static
drwxrwxr-x. 7 vagrant pulp 4096 Sep 1 19:24 tmp
drwxrwxr-x. 2 apache pulp 6 Jul 13 15:40 uploads
There is no /var/lib/pulp/content because this is a fresh install. I have created and synced a pulp2 repo. Directory is created however it does not belong to the pulp group, in addition the setgid is missing and there is no write permission for the group.
$ ll /var//lib/pulp
total 8
-rw-r--r--. 1 apache apache 2 Sep 1 19:18 0005_puppet_module_name_change.txt
drwxrwxr-x. 7 vagrant vagrant 103 Sep 1 19:30 assets
drwxr-xr-x. 3 apache apache 19 Sep 2 07:32 content
-rw-r--r--. 1 root root 0 Sep 1 19:18 db_initialized.flag
drwxrwxr-x. 7 apache pulp 73 Sep 1 19:18 published
drwxr-xr-x. 3 vagrant pulp 25 Sep 1 19:25 pulpcore_static
drwxrwxr-x. 2 apache pulp 25 Sep 1 19:18 static
drwxrwxr-x. 7 vagrant pulp 4096 Sep 1 19:24 tmp
drwxrwxr-x. 2 apache pulp 6 Jul 13 15:40 uploads
This makes it impossible to create hard link during the migration https://pulp.plan.io/issues/7244
Updated by fao89 over 4 years ago
- Triaged changed from No to Yes
- Sprint set to Sprint 80
Updated by fao89 about 4 years ago
- Category set to Installer - Moved to GitHub issues
Updated by ipanova@redhat.com about 4 years ago
- Priority changed from Normal to High
I am bumping the priority on this issue because it makes it non trivial to test whether the permissions are correctly set in pulp2 for the migration box. I needed to performs those skipped steps manually.
Updated by mdepaulo@redhat.com over 3 years ago
- Assignee set to mdepaulo@redhat.com
Hi @ipanova
What's happening here is that the name of this task is incorrect:
TASK [pulp_common : Add user 'apache' to 'pulp' group if it exists] ************
It actually adds it to the group only if Pulp 2 is already deployed.
We determine that Pulp 2 was already deployed by checking if the owner of /var/lib/pulp is "apache".
If this is incorrect logic (or logic that does not cover every use case by the migration plugin), let me know.
Updated by mdepaulo@redhat.com over 3 years ago
- Status changed from NEW to ASSIGNED
Updated by ipanova@redhat.com over 3 years ago
- Sprint changed from Sprint 101 to Sprint 102
Updated by rchan about 3 years ago
- Sprint changed from Sprint 105 to Sprint 106
Updated by rchan about 3 years ago
- Sprint changed from Sprint 106 to Sprint 107
Updated by rchan about 3 years ago
- Sprint changed from Sprint 107 to Sprint 108
Updated by rchan about 3 years ago
- Sprint changed from Sprint 108 to Sprint 109
Updated by rchan about 3 years ago
- Sprint changed from Sprint 109 to Sprint 110
Updated by rchan about 3 years ago
- Sprint changed from Sprint 110 to Sprint 111
Updated by rchan almost 3 years ago
- Sprint changed from Sprint 111 to Sprint 112