Bug 43823 - Docker Apps: store /etc/machine.secret during image update
Docker Apps: store /etc/machine.secret during image update
Product: UCS
Classification: Unclassified
Component: App Center
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.2-2-errata
Assigned To: Felix Botner
Dirk Wiesenthal
Depends on:
Blocks: 45290 45565
  Show dependency treegraph
Reported: 2017-03-13 11:58 CET by Felix Botner
Modified: 2017-10-19 10:51 CEST (History)
4 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 2: Improvement: Would be a product improvement
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.023
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number: 2017011221000324
Bug group (optional):
Max CVSS v3 score:


Note You need to log in before you can comment on or make changes to this bug.
Description Felix Botner univentionstaff 2017-03-13 11:58:29 CET
At least for non appbox images we need to store the /ect/machine.secret (password for the docker container host object) before an image update and restore the file after the update.
Comment 1 Felix Botner univentionstaff 2017-03-13 12:00:48 CET
It can be done with the "store_data" and "restore_data_before_setup" app life cycle scripts, but i think this should be done by the appcenter.
Comment 2 Eduard Mai univentionstaff 2017-08-10 13:49:53 CEST
Package: univention-appcenter
Version: 6.0.8-20A~
Branch: ucs_4.2-0

univention-appcenter (6.0.8-20):
r81987 | Bug #43823: yaml
r81984 | Bug #43823: don't use a new machine secret on container upgrades
Comment 3 Eduard Mai univentionstaff 2017-08-11 12:21:14 CEST
Reverted with r81994 due to conflicting errata. Recommitted with r82054.
Comment 4 Eduard Mai univentionstaff 2017-08-11 12:23:38 CEST
(In reply to Eduard Mai from comment #3)
> Reverted with r81994 due to conflicting errata. Recommitted with r82054.

As discussed, slightly changed: docker_cp() to docker.cp_from_container()
Comment 5 Dirk Wiesenthal univentionstaff 2017-08-28 12:52:58 CEST
I am getting

'Register' object has no attribute '_get_docker'
Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/appcenter/actions/__init__.py", line 245, in call_with_namespace
    result = self.main(namespace)
  File "/usr/lib/pymodules/python2.7/univention/appcenter/actions/register.py", line 82, in main
    self._register_host_for_apps(apps, args) 
  File "/usr/lib/pymodules/python2.7/univention/appcenter/actions/register.py", line 249, in _register_host_for_apps
    self._register_host(app, args) 
  File "/usr/lib/pymodules/python2.7/univention/appcenter/actions/register.py", line 262, in _register_host
    docker = self._get_docker(self.old_app)
AttributeError: 'Register' object has no attribute '_get_docker'

_get_docker is defined in DockerActionMixin (python/appcenter-docker/actions/docker_base.py).

Better do a manual
  from univention.appcenter.docker import Docker
  docker = Docker(app, self.logger)

Catch ImportError, though, univention-appcenter-docker might not be installed
Comment 6 Felix Botner univentionstaff 2017-08-29 15:30:52 CEST
moved docker cp machine.secret to docker_upgrade.py._upgrade_image()
univention-appcenter r82518 errata4.2-1
Comment 7 Dirk Wiesenthal univentionstaff 2017-08-30 10:22:33 CEST
Works fine
Comment 8 Arvid Requate univentionstaff 2017-09-06 17:10:10 CEST