Bug 50200 - change group for prometheus data dir in 4.4-2 postup.sh
change group for prometheus data dir in 4.4-2 postup.sh
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: App Center
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 4.4-2
Assigned To: Dirk Wiesenthal
Johannes Keiser
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-09-17 10:37 CEST by Felix Botner
Modified: 2019-10-29 10:53 CET (History)
0 users

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Felix Botner univentionstaff 2019-09-17 10:37:55 CEST
The new docker version in 4.4-2 breaks the prometheus app. You can't change into the container as root 

exec -u root -it c1ad76a178ab3bb9234da0a8cc9dd3023fef73114c251f8b8cced7604c2e7678 /bin/sh
OCI runtime exec failed: exec failed: container_linux.go:345: starting container process caused "chdir to cwd ("/prometheus") set in config.json failed: permission denied": unknown

because root has no permissions for the default working dir (seems that docker root != root), we need to explicitly allow "root" to access the working dir
 

chgrp 0 var/lib/univention-appcenter/apps/prometheus/data/ 

in 4.4-2 preup.sh
Comment 1 Dirk Wiesenthal univentionstaff 2019-09-20 11:49:45 CEST
Fixed in
  univention-updater 14.0.0-23A~4.4.0.201909191819

To test:
Setup plain UCS 4.4-1
  * No Test App Center
  * No unpublished errata Updates
  * No unmaintained repository

Install Prometheus
  univention-app install admin-dashboard

Verify that
  univention-app shell prometheus
works

Verify that
  ls -l /var/lib/univention-appcenter/apps/prometheus/data/
shows nobody / nogroup

Update to UCS 4.4-2
  ucr set repository/online/server=updates-test.software-univention.de
  univention-upgrade

Verify that the new Docker version is installed and running (reboot if you want to be sure)

Verify that
  univention-app shell prometheus
still works

Verify that
  ls -l /var/lib/univention-appcenter/apps/prometheus/data/
shows nobody / root
Comment 2 Johannes Keiser univentionstaff 2019-09-23 12:44:44 CEST
OK: docs
OK: update/reboot/required=true
OK: root group / univention-app shell
OK: prmetheus and dashboard runs after reboot
-> verified
Comment 3 Erik Damrose univentionstaff 2019-10-29 10:53:56 CET
UCS 4.4-2 has been released.