Issue #7443
open
pulp installer does not set ownership and permissions correctly because it cannot find apache user
Description
Some steps are skipped because user apache cannot be found and added to the pulp group https://github.com/pulp/pulp_installer/blob/master/roles/pulp_common/tasks/install.yml#L107-L133
TASK [pulp_common : Find the nologin executable] *******************************
ok: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Make sure pulp group exists] *******************************
ok: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Create user vagrant] ***************************************
skipping: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Add user vagrant to extra groups] **************************
skipping: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Add user vagrant to pulp group] ****************************
changed: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Make sure /var/lib/pulp is world executable, and exists] ***
changed: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Create cache dir for Pulp] *********************************
changed: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Check if we have Pulp 2 installed] *************************
ok: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Add user 'apache' to 'pulp' group if it exists] ************
skipping: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Set permissions on '/var/lib/pulp' if pulp2 is installed] ***
skipping: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Find subdirs without setgid] *******************************
skipping: [pulp2-nightly-pulp3-source-centos7]
TASK [pulp_common : Set setgid on the /var/lib/pulp subdirs] *******************
skipping: [pulp2-nightly-pulp3-source-centos7]
After install finishes
$ stat /var/lib/pulp
File: ‘/var/lib/pulp’
Size: 184 Blocks: 0 IO Block: 4096 directory
Device: fd01h/64769d Inode: 5121737 Links: 9
Access: (0775/drwxrwxr-x) Uid: ( 1000/ vagrant) Gid: ( 1001/ pulp)
Context: system_u:object_r:httpd_sys_rw_content_t:s0
Access: 2020-09-02 09:59:45.951659170 +0000
Modify: 2020-09-02 09:59:39.995633259 +0000
Change: 2020-09-02 09:59:39.995633259 +0000
Birth: -
$ ll /var/lib/pulp
total 8
-rw-r--r--. 1 apache apache 2 Sep 1 19:18 0005_puppet_module_name_change.txt
drwxrwxr-x. 7 vagrant vagrant 103 Sep 1 19:30 assets
-rw-r--r--. 1 root root 0 Sep 1 19:18 db_initialized.flag
drwxrwxr-x. 7 apache pulp 73 Sep 1 19:18 published
drwxr-xr-x. 3 vagrant pulp 25 Sep 1 19:25 pulpcore_static
drwxrwxr-x. 2 apache pulp 25 Sep 1 19:18 static
drwxrwxr-x. 7 vagrant pulp 4096 Sep 1 19:24 tmp
drwxrwxr-x. 2 apache pulp 6 Jul 13 15:40 uploads
There is no /var/lib/pulp/content because this is a fresh install. I have created and synced a pulp2 repo. Directory is created however it does not belong to the pulp group, in addition the setgid is missing and there is no write permission for the group.
$ ll /var//lib/pulp
total 8
-rw-r--r--. 1 apache apache 2 Sep 1 19:18 0005_puppet_module_name_change.txt
drwxrwxr-x. 7 vagrant vagrant 103 Sep 1 19:30 assets
drwxr-xr-x. 3 apache apache 19 Sep 2 07:32 content
-rw-r--r--. 1 root root 0 Sep 1 19:18 db_initialized.flag
drwxrwxr-x. 7 apache pulp 73 Sep 1 19:18 published
drwxr-xr-x. 3 vagrant pulp 25 Sep 1 19:25 pulpcore_static
drwxrwxr-x. 2 apache pulp 25 Sep 1 19:18 static
drwxrwxr-x. 7 vagrant pulp 4096 Sep 1 19:24 tmp
drwxrwxr-x. 2 apache pulp 6 Jul 13 15:40 uploads
This makes it impossible to create hard link during the migration https://pulp.plan.io/issues/7244
Updated by fao89 almost 3 years ago
- Triaged changed from No to Yes
- Sprint set to Sprint 80
Updated by fao89 over 2 years ago
- Category set to Installer - Moved to GitHub issues
Updated by ipanova@redhat.com over 2 years ago
- Priority changed from Normal to High
I am bumping the priority on this issue because it makes it non trivial to test whether the permissions are correctly set in pulp2 for the migration box. I needed to performs those skipped steps manually.
Updated by mdepaulo@redhat.com about 2 years ago
- Assignee set to mdepaulo@redhat.com
Hi @ipanova
What's happening here is that the name of this task is incorrect:
TASK [pulp_common : Add user 'apache' to 'pulp' group if it exists] ************
It actually adds it to the group only if Pulp 2 is already deployed.
We determine that Pulp 2 was already deployed by checking if the owner of /var/lib/pulp is "apache".
If this is incorrect logic (or logic that does not cover every use case by the migration plugin), let me know.
Updated by mdepaulo@redhat.com about 2 years ago
- Status changed from NEW to ASSIGNED
Updated by rchan almost 2 years ago
- Sprint changed from Sprint 99 to Sprint 100
Updated by rchan almost 2 years ago
- Sprint changed from Sprint 100 to Sprint 101
Updated by ipanova@redhat.com almost 2 years ago
- Sprint changed from Sprint 101 to Sprint 102
Updated by rchan almost 2 years ago
- Sprint changed from Sprint 102 to Sprint 103
Updated by rchan almost 2 years ago
- Sprint changed from Sprint 103 to Sprint 104
.