Issue #7443: pulp installer does not set ownership and permissions correctly because it cannot find apache user - Pulp

Send by e-mail

Issue #7443

pulp installer does not set ownership and permissions correctly because it cannot find apache user

Added by ipanova@redhat.com about 1 year ago. Updated about 4 hours ago.

Status:

ASSIGNED

Priority:

High

Assignee:

mdepaulo@redhat.com

Category:

Installer - Moved to GitHub issues

Sprint/Milestone:

Start date:

Due date:

Estimated time:

Severity:

2. Medium

Version:

Platform Release:

OS:

Triaged:

Yes

Groomed:

Sprint Candidate:

Tags:

Sprint:

Sprint 108

Quarter:

Description

Some steps are skipped because user apache cannot be found and added to the pulp group https://github.com/pulp/pulp_installer/blob/master/roles/pulp_common/tasks/install.yml#L107-L133

TASK [pulp_common : Find the nologin executable] *******************************
ok: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Make sure pulp group exists] *******************************
ok: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Create user vagrant] ***************************************
skipping: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Add user vagrant to extra groups] **************************
skipping: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Add user vagrant to pulp group] ****************************
changed: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Make sure /var/lib/pulp is world executable, and exists] ***
changed: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Create cache dir for Pulp] *********************************
changed: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Check if we have Pulp 2 installed] *************************
ok: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Add user 'apache' to 'pulp' group if it exists] ************
skipping: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Set permissions on '/var/lib/pulp' if pulp2 is installed] ***
skipping: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Find subdirs without setgid] *******************************
skipping: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Set setgid on the /var/lib/pulp subdirs] *******************
skipping: [pulp2-nightly-pulp3-source-centos7]

After install finishes

$ stat /var/lib/pulp
  File: ‘/var/lib/pulp’
  Size: 184       	Blocks: 0          IO Block: 4096   directory
Device: fd01h/64769d	Inode: 5121737     Links: 9
Access: (0775/drwxrwxr-x)  Uid: ( 1000/ vagrant)   Gid: ( 1001/    pulp)
Context: system_u:object_r:httpd_sys_rw_content_t:s0
Access: 2020-09-02 09:59:45.951659170 +0000
Modify: 2020-09-02 09:59:39.995633259 +0000
Change: 2020-09-02 09:59:39.995633259 +0000
 Birth: -


$ ll /var/lib/pulp
total 8
-rw-r--r--. 1 apache  apache     2 Sep  1 19:18 0005_puppet_module_name_change.txt
drwxrwxr-x. 7 vagrant vagrant  103 Sep  1 19:30 assets
-rw-r--r--. 1 root    root       0 Sep  1 19:18 db_initialized.flag
drwxrwxr-x. 7 apache  pulp      73 Sep  1 19:18 published
drwxr-xr-x. 3 vagrant pulp      25 Sep  1 19:25 pulpcore_static
drwxrwxr-x. 2 apache  pulp      25 Sep  1 19:18 static
drwxrwxr-x. 7 vagrant pulp    4096 Sep  1 19:24 tmp
drwxrwxr-x. 2 apache  pulp       6 Jul 13 15:40 uploads

There is no /var/lib/pulp/content because this is a fresh install. I have created and synced a pulp2 repo. Directory is created however it does not belong to the pulp group, in addition the setgid is missing and there is no write permission for the group.


$ ll /var//lib/pulp
total 8
-rw-r--r--. 1 apache  apache     2 Sep  1 19:18 0005_puppet_module_name_change.txt
drwxrwxr-x. 7 vagrant vagrant  103 Sep  1 19:30 assets
drwxr-xr-x. 3 apache  apache    19 Sep  2 07:32 content
-rw-r--r--. 1 root    root       0 Sep  1 19:18 db_initialized.flag
drwxrwxr-x. 7 apache  pulp      73 Sep  1 19:18 published
drwxr-xr-x. 3 vagrant pulp      25 Sep  1 19:25 pulpcore_static
drwxrwxr-x. 2 apache  pulp      25 Sep  1 19:18 static
drwxrwxr-x. 7 vagrant pulp    4096 Sep  1 19:24 tmp
drwxrwxr-x. 2 apache  pulp       6 Jul 13 15:40 uploads

This makes it impossible to create hard link during the migration https://pulp.plan.io/issues/7244

History

#1 Updated by ipanova@redhat.com about 1 year ago

Description updated (diff)

#2 Updated by ipanova@redhat.com about 1 year ago

Description updated (diff)

#3 Updated by ipanova@redhat.com about 1 year ago

Description updated (diff)

#4 Updated by ipanova@redhat.com about 1 year ago

Description updated (diff)

#5 Updated by ipanova@redhat.com about 1 year ago

Description updated (diff)

#6 Updated by fao89 about 1 year ago

Triaged changed from No to Yes
Sprint set to Sprint 80

#7 Updated by rchan about 1 year ago

Sprint changed from Sprint 80 to Sprint 81

#8 Updated by rchan about 1 year ago

Sprint changed from Sprint 81 to Sprint 82

#9 Updated by fao89 about 1 year ago

Category set to Installer - Moved to GitHub issues

#10 Updated by jsherril@redhat.com about 1 year ago

Tags Katello added

#11 Updated by jsherril@redhat.com about 1 year ago

Tags deleted (~~Katello~~)

#12 Updated by rchan about 1 year ago

Sprint changed from Sprint 82 to Sprint 83

#13 Updated by rchan about 1 year ago

Sprint changed from Sprint 83 to Sprint 84

#14 Updated by ipanova@redhat.com about 1 year ago

Priority changed from Normal to High

I am bumping the priority on this issue because it makes it non trivial to test whether the permissions are correctly set in pulp2 for the migration box. I needed to performs those skipped steps manually.

#15 Updated by rchan 12 months ago

Sprint changed from Sprint 84 to Sprint 85

#16 Updated by rchan 11 months ago

Sprint changed from Sprint 85 to Sprint 86

#17 Updated by rchan 11 months ago

Sprint changed from Sprint 86 to Sprint 87

#18 Updated by rchan 10 months ago

Sprint changed from Sprint 87 to Sprint 88

#19 Updated by rchan 9 months ago

Sprint changed from Sprint 88 to Sprint 89

#20 Updated by rchan 9 months ago

Sprint changed from Sprint 89 to Sprint 90

#21 Updated by rchan 8 months ago

Sprint changed from Sprint 90 to Sprint 91

#22 Updated by rchan 8 months ago

Sprint changed from Sprint 91 to Sprint 92

#23 Updated by rchan 7 months ago

Sprint changed from Sprint 92 to Sprint 93

#24 Updated by rchan 7 months ago

Sprint changed from Sprint 93 to Sprint 94

#25 Updated by mdepaulo@redhat.com 6 months ago

Assignee set to mdepaulo@redhat.com

Hi @ipanova

What's happening here is that the name of this task is incorrect:

TASK [pulp_common : Add user 'apache' to 'pulp' group if it exists] ************

It actually adds it to the group only if Pulp 2 is already deployed.

We determine that Pulp 2 was already deployed by checking if the owner of /var/lib/pulp is "apache".

If this is incorrect logic (or logic that does not cover every use case by the migration plugin), let me know.

#26 Updated by mdepaulo@redhat.com 6 months ago

Status changed from NEW to ASSIGNED

#27 Updated by rchan 6 months ago

Sprint changed from Sprint 94 to Sprint 95

#28 Updated by rchan 6 months ago

Sprint changed from Sprint 95 to Sprint 96

#29 Updated by rchan 5 months ago

Sprint changed from Sprint 96 to Sprint 97

#30 Updated by rchan 5 months ago

Sprint changed from Sprint 97 to Sprint 98

#31 Updated by rchan 4 months ago

Sprint changed from Sprint 98 to Sprint 99

#32 Updated by rchan 4 months ago

Sprint changed from Sprint 99 to Sprint 100

#33 Updated by rchan 3 months ago

Sprint changed from Sprint 100 to Sprint 101

#34 Updated by ipanova@redhat.com 3 months ago

Sprint changed from Sprint 101 to Sprint 102

#35 Updated by rchan 2 months ago

Sprint changed from Sprint 102 to Sprint 103

#36 Updated by rchan about 2 months ago

Sprint changed from Sprint 103 to Sprint 104

#37 Updated by rchan about 1 month ago

Sprint changed from Sprint 104 to Sprint 105

#38 Updated by rchan 28 days ago

Sprint changed from Sprint 105 to Sprint 106

#39 Updated by rchan 13 days ago

Sprint changed from Sprint 106 to Sprint 107

#40 Updated by rchan about 4 hours ago

Sprint changed from Sprint 107 to Sprint 108

Please register to edit this issue