Issue #7443: pulp installer does not set ownership and permissions correctly because it cannot find apache user - Pulp

Send by e-mail

Issue #7443

pulp installer does not set ownership and permissions correctly because it cannot find apache user

Added by ipanova@redhat.com 5 months ago. Updated 28 days ago.

Status:

NEW

Priority:

High

Assignee:

Category:

Installer

Sprint/Milestone:

Start date:

Due date:

Estimated time:

Severity:

2. Medium

Version:

Platform Release:

OS:

Triaged:

Yes

Groomed:

Sprint Candidate:

Tags:

Sprint:

Sprint 88

Quarter:

Description

Some steps are skipped because user apache cannot be found and added to the pulp group https://github.com/pulp/pulp_installer/blob/master/roles/pulp_common/tasks/install.yml#L107-L133

TASK [pulp_common : Find the nologin executable] *******************************
ok: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Make sure pulp group exists] *******************************
ok: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Create user vagrant] ***************************************
skipping: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Add user vagrant to extra groups] **************************
skipping: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Add user vagrant to pulp group] ****************************
changed: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Make sure /var/lib/pulp is world executable, and exists] ***
changed: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Create cache dir for Pulp] *********************************
changed: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Check if we have Pulp 2 installed] *************************
ok: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Add user 'apache' to 'pulp' group if it exists] ************
skipping: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Set permissions on '/var/lib/pulp' if pulp2 is installed] ***
skipping: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Find subdirs without setgid] *******************************
skipping: [pulp2-nightly-pulp3-source-centos7]

TASK [pulp_common : Set setgid on the /var/lib/pulp subdirs] *******************
skipping: [pulp2-nightly-pulp3-source-centos7]

After install finishes

$ stat /var/lib/pulp
  File: ‘/var/lib/pulp’
  Size: 184       	Blocks: 0          IO Block: 4096   directory
Device: fd01h/64769d	Inode: 5121737     Links: 9
Access: (0775/drwxrwxr-x)  Uid: ( 1000/ vagrant)   Gid: ( 1001/    pulp)
Context: system_u:object_r:httpd_sys_rw_content_t:s0
Access: 2020-09-02 09:59:45.951659170 +0000
Modify: 2020-09-02 09:59:39.995633259 +0000
Change: 2020-09-02 09:59:39.995633259 +0000
 Birth: -


$ ll /var/lib/pulp
total 8
-rw-r--r--. 1 apache  apache     2 Sep  1 19:18 0005_puppet_module_name_change.txt
drwxrwxr-x. 7 vagrant vagrant  103 Sep  1 19:30 assets
-rw-r--r--. 1 root    root       0 Sep  1 19:18 db_initialized.flag
drwxrwxr-x. 7 apache  pulp      73 Sep  1 19:18 published
drwxr-xr-x. 3 vagrant pulp      25 Sep  1 19:25 pulpcore_static
drwxrwxr-x. 2 apache  pulp      25 Sep  1 19:18 static
drwxrwxr-x. 7 vagrant pulp    4096 Sep  1 19:24 tmp
drwxrwxr-x. 2 apache  pulp       6 Jul 13 15:40 uploads

There is no /var/lib/pulp/content because this is a fresh install. I have created and synced a pulp2 repo. Directory is created however it does not belong to the pulp group, in addition the setgid is missing and there is no write permission for the group.


$ ll /var//lib/pulp
total 8
-rw-r--r--. 1 apache  apache     2 Sep  1 19:18 0005_puppet_module_name_change.txt
drwxrwxr-x. 7 vagrant vagrant  103 Sep  1 19:30 assets
drwxr-xr-x. 3 apache  apache    19 Sep  2 07:32 content
-rw-r--r--. 1 root    root       0 Sep  1 19:18 db_initialized.flag
drwxrwxr-x. 7 apache  pulp      73 Sep  1 19:18 published
drwxr-xr-x. 3 vagrant pulp      25 Sep  1 19:25 pulpcore_static
drwxrwxr-x. 2 apache  pulp      25 Sep  1 19:18 static
drwxrwxr-x. 7 vagrant pulp    4096 Sep  1 19:24 tmp
drwxrwxr-x. 2 apache  pulp       6 Jul 13 15:40 uploads

This makes it impossible to create hard link during the migration https://pulp.plan.io/issues/7244

History

#1 Updated by ipanova@redhat.com 5 months ago

Description updated (diff)

#2 Updated by ipanova@redhat.com 5 months ago

Description updated (diff)

#3 Updated by ipanova@redhat.com 5 months ago

Description updated (diff)

#4 Updated by ipanova@redhat.com 5 months ago

Description updated (diff)

#5 Updated by ipanova@redhat.com 5 months ago

Description updated (diff)

#6 Updated by fao89 5 months ago

Triaged changed from No to Yes
Sprint set to Sprint 80

#7 Updated by rchan 4 months ago

Sprint changed from Sprint 80 to Sprint 81

#8 Updated by rchan 4 months ago

Sprint changed from Sprint 81 to Sprint 82

#9 Updated by fao89 4 months ago

Category set to Installer

#10 Updated by jsherril@redhat.com 4 months ago

Tags Katello added

#11 Updated by jsherril@redhat.com 4 months ago

Tags deleted (~~Katello~~)

#12 Updated by rchan 4 months ago

Sprint changed from Sprint 82 to Sprint 83

#13 Updated by rchan 3 months ago

Sprint changed from Sprint 83 to Sprint 84

#14 Updated by ipanova@redhat.com 3 months ago

Priority changed from Normal to High

I am bumping the priority on this issue because it makes it non trivial to test whether the permissions are correctly set in pulp2 for the migration box. I needed to performs those skipped steps manually.

#15 Updated by rchan 3 months ago

Sprint changed from Sprint 84 to Sprint 85

#16 Updated by rchan 2 months ago

Sprint changed from Sprint 85 to Sprint 86

#17 Updated by rchan about 1 month ago

Sprint changed from Sprint 86 to Sprint 87

#18 Updated by rchan 28 days ago

Sprint changed from Sprint 87 to Sprint 88

Please register to edit this issue