Project

Profile

Help

Send by e-mail

Issue #7443

pulp installer does not set ownership and permissions correctly because it cannot find apache user

Added by ipanova@redhat.com 11 months ago. Updated 12 days ago.

Status:
ASSIGNED
Priority:
High
Assignee:
mdepaulo@redhat.com
Category:
Installer
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 101
Quarter:

Description

Some steps are skipped because user apache cannot be found and added to the pulp group https://github.com/pulp/pulp_installer/blob/master/roles/pulp_common/tasks/install.yml#L107-L133

TASK [pulp_common : Find the nologin executable] *******************************
ok: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Make sure pulp group exists] *******************************
ok: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Create user vagrant] ***************************************
skipping: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Add user vagrant to extra groups] **************************
skipping: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Add user vagrant to pulp group] ****************************
changed: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Make sure /var/lib/pulp is world executable, and exists] ***
changed: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Create cache dir for Pulp] *********************************
changed: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Check if we have Pulp 2 installed] *************************
ok: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Add user 'apache' to 'pulp' group if it exists] ************
skipping: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Set permissions on '/var/lib/pulp' if pulp2 is installed] ***
skipping: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Find subdirs without setgid] *******************************
skipping: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Set setgid on the /var/lib/pulp subdirs] *******************
skipping: [pulp2-nightly-pulp3-source-centos7]

After install finishes

$ stat /var/lib/pulp
  File: ‘/var/lib/pulp’
  Size: 184       	Blocks: 0          IO Block: 4096   directory
Device: fd01h/64769d	Inode: 5121737     Links: 9
Access: (0775/drwxrwxr-x)  Uid: ( 1000/ vagrant)   Gid: ( 1001/    pulp)
Context: system_u:object_r:httpd_sys_rw_content_t:s0
Access: 2020-09-02 09:59:45.951659170 +0000
Modify: 2020-09-02 09:59:39.995633259 +0000
Change: 2020-09-02 09:59:39.995633259 +0000
 Birth: -


$ ll /var/lib/pulp
total 8
-rw-r--r--. 1 apache  apache     2 Sep  1 19:18 0005_puppet_module_name_change.txt
drwxrwxr-x. 7 vagrant vagrant  103 Sep  1 19:30 assets
-rw-r--r--. 1 root    root       0 Sep  1 19:18 db_initialized.flag
drwxrwxr-x. 7 apache  pulp      73 Sep  1 19:18 published
drwxr-xr-x. 3 vagrant pulp      25 Sep  1 19:25 pulpcore_static
drwxrwxr-x. 2 apache  pulp      25 Sep  1 19:18 static
drwxrwxr-x. 7 vagrant pulp    4096 Sep  1 19:24 tmp
drwxrwxr-x. 2 apache  pulp       6 Jul 13 15:40 uploads

There is no /var/lib/pulp/content because this is a fresh install. I have created and synced a pulp2 repo. Directory is created however it does not belong to the pulp group, in addition the setgid is missing and there is no write permission for the group.


$ ll /var//lib/pulp
total 8
-rw-r--r--. 1 apache  apache     2 Sep  1 19:18 0005_puppet_module_name_change.txt
drwxrwxr-x. 7 vagrant vagrant  103 Sep  1 19:30 assets
drwxr-xr-x. 3 apache  apache    19 Sep  2 07:32 content
-rw-r--r--. 1 root    root       0 Sep  1 19:18 db_initialized.flag
drwxrwxr-x. 7 apache  pulp      73 Sep  1 19:18 published
drwxr-xr-x. 3 vagrant pulp      25 Sep  1 19:25 pulpcore_static
drwxrwxr-x. 2 apache  pulp      25 Sep  1 19:18 static
drwxrwxr-x. 7 vagrant pulp    4096 Sep  1 19:24 tmp
drwxrwxr-x. 2 apache  pulp       6 Jul 13 15:40 uploads

This makes it impossible to create hard link during the migration https://pulp.plan.io/issues/7244

History

#1 Updated by ipanova@redhat.com 11 months ago

  • Description updated (diff)

#2 Updated by ipanova@redhat.com 11 months ago

  • Description updated (diff)

#3 Updated by ipanova@redhat.com 11 months ago

  • Description updated (diff)

#4 Updated by ipanova@redhat.com 11 months ago

  • Description updated (diff)

#5 Updated by ipanova@redhat.com 11 months ago

  • Description updated (diff)

#6 Updated by fao89 11 months ago

  • Triaged changed from No to Yes
  • Sprint set to Sprint 80

#7 Updated by rchan 11 months ago

  • Sprint changed from Sprint 80 to Sprint 81

#8 Updated by rchan 10 months ago

  • Sprint changed from Sprint 81 to Sprint 82

#9 Updated by fao89 10 months ago

  • Category set to Installer

#10 Updated by jsherril@redhat.com 10 months ago

  • Tags Katello added

#11 Updated by jsherril@redhat.com 10 months ago

  • Tags deleted (Katello)

#12 Updated by rchan 10 months ago

  • Sprint changed from Sprint 82 to Sprint 83

#13 Updated by rchan 9 months ago

  • Sprint changed from Sprint 83 to Sprint 84

#14 Updated by ipanova@redhat.com 9 months ago

  • Priority changed from Normal to High

I am bumping the priority on this issue because it makes it non trivial to test whether the permissions are correctly set in pulp2 for the migration box. I needed to performs those skipped steps manually.

#15 Updated by rchan 9 months ago

  • Sprint changed from Sprint 84 to Sprint 85

#16 Updated by rchan 9 months ago

  • Sprint changed from Sprint 85 to Sprint 86

#17 Updated by rchan 8 months ago

  • Sprint changed from Sprint 86 to Sprint 87

#18 Updated by rchan 7 months ago

  • Sprint changed from Sprint 87 to Sprint 88

#19 Updated by rchan 6 months ago

  • Sprint changed from Sprint 88 to Sprint 89

#20 Updated by rchan 6 months ago

  • Sprint changed from Sprint 89 to Sprint 90

#21 Updated by rchan 5 months ago

  • Sprint changed from Sprint 90 to Sprint 91

#22 Updated by rchan 5 months ago

  • Sprint changed from Sprint 91 to Sprint 92

#23 Updated by rchan 4 months ago

  • Sprint changed from Sprint 92 to Sprint 93

#24 Updated by rchan 4 months ago

  • Sprint changed from Sprint 93 to Sprint 94

#25 Updated by mdepaulo@redhat.com 4 months ago

  • Assignee set to mdepaulo@redhat.com

Hi @ipanova

What's happening here is that the name of this task is incorrect:

TASK [pulp_common : Add user 'apache' to 'pulp' group if it exists] ************

It actually adds it to the group only if Pulp 2 is already deployed.

We determine that Pulp 2 was already deployed by checking if the owner of /var/lib/pulp is "apache".

If this is incorrect logic (or logic that does not cover every use case by the migration plugin), let me know.

#26 Updated by mdepaulo@redhat.com 4 months ago

  • Status changed from NEW to ASSIGNED

#27 Updated by rchan 3 months ago

  • Sprint changed from Sprint 94 to Sprint 95

#28 Updated by rchan 3 months ago

  • Sprint changed from Sprint 95 to Sprint 96

#29 Updated by rchan 2 months ago

  • Sprint changed from Sprint 96 to Sprint 97

#30 Updated by rchan about 2 months ago

  • Sprint changed from Sprint 97 to Sprint 98

#31 Updated by rchan about 1 month ago

  • Sprint changed from Sprint 98 to Sprint 99

#32 Updated by rchan 25 days ago

  • Sprint changed from Sprint 99 to Sprint 100

#33 Updated by rchan 12 days ago

  • Sprint changed from Sprint 100 to Sprint 101

Please register to edit this issue

Send by e-mail

Also available in: Atom PDF