First Last Prev Next    This bug is not in your last search results.
Bug 53031 - hooks-available functionality for Kelvin Hooks
hooks-available functionality for Kelvin Hooks
Status: REOPENED
Product: UCS@school
Classification: Unclassified
Component: HTTP-API (Kelvin)
UCS@school 4.4
Other Linux
: P5 normal with 2 votes (vote)
: ---
Assigned To: UCS@school maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-04-06 15:24 CEST by Jan-Luca Kiok
Modified: 2021-05-21 13:40 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Feature Request
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?: Yes
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Workaround is available
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jan-Luca Kiok univentionstaff 2021-04-06 15:24:42 CEST 
Currently hooks for the Kelvin API are only executed if copied to the directory "/var/lib/ucs-school-import/kelvin-hooks" because the container cannot resolve symlinks. In case of hooks like "create_new_ox_contexts_kelvin.py" which are part of UCS@School (via package "ucs-school-import" in this case), one has to manually watch for updates and copy the hook over again.
It would be nice to have a generic kelvin-hook available directory mounted to the container in which hooks for kelvin are stored and can be linked to from "/var/lib/ucs-school-import/kelvin-hooks" as it is the case with "/usr/share/ucs-school-import/pyhooks-available" and "/usr/share/ucs-school-import/pyhooks".
Comment 1 Daniel Tröder univentionstaff 2021-04-09 11:10:52 CEST 
* Docker containers can resolve symlinks.
* /var/lib/ucs-school-import/kelvin-hooks is mounted into the container.
* A current version of /usr/share/ucs-school-import/ is available in the container - not mounted, though.

Docker bind mounts:
-------------------------------------------------------------------------
root@m20:~# docker inspect --format='{{.HostConfig.Binds}}' "$(ucr get appcenter/apps/ucsschool-kelvin-rest-api/container)"

[
  /sys/fs/cgroup:/sys/fs/cgroup:ro
  /var/lib/univention-appcenter/apps/ucsschool-kelvin-rest-api/data:/var/lib/univention-appcenter/apps/ucsschool-kelvin-rest-api/data
  /var/log/univention/ucsschool-kelvin-rest-api:/var/log/univention/ucsschool-kelvin-rest-api
  /var/lib/univention-appcenter/apps/ucsschool-kelvin-rest-api/conf:/var/lib/univention-appcenter/apps/ucsschool-kelvin-rest-api/conf
  /etc/apt/apt.conf.d/80proxy:/etc/apt/apt.conf.d/81proxy:ro
  /var/lib/ucs-school-import/configs:/var/lib/ucs-school-import/configs
  /var/lib/ucs-school-import/kelvin-hooks:/var/lib/ucs-school-import/kelvin-hooks
]
-------------------------------------------------------------------------

A symlink created in the host works, if the file exists in the container:

-------------------------------------------------------------------------
root@m20:~# ln -s /usr/share/ucs-school-import/pyhooks-available/create_new_ox_contexts_kelvin.py /var/lib/ucs-school-import/kelvin-hooks

root@m20:~# univention-app shell ucsschool-kelvin-rest-api

/kelvin # ls -l /var/lib/ucs-school-import/kelvin-hooks/
total 12
-rw-r--r--    1 root     root          2012 Feb 18 13:09 README.txt
drwxr-xr-x    2 root     root          4096 Apr  2 05:02 __pycache__
lrwxrwxrwx    1 root     root            79 Apr  2 05:02 create_new_ox_contexts_kelvin.py -> /usr/share/ucs-school-import/pyhooks-available/create_new_ox_contexts_kelvin.py

/kelvin # /etc/init.d/ucsschool-kelvin-rest-api restart

# PATCH a user

/kelvin # grep CreateNewContexts /var/log/univention/ucsschool-kelvin-rest-api/http.log
2021-04-02 05:06:42 INFO  pyhooks_loader.get_hook_classes:138  Found hook classes: CreateNewContexts
2021-04-02 05:06:42 INFO  pyhooks_loader.get_hook_objects:183  Loaded hooks: {'pre_create': ['CreateNewContexts._check_context'], 'pre_modify': ['CreateNewContexts._check_context']}.
2021-04-02 05:06:42 DEBUG import_user.call_hooks:252  Running pre_modify hook CreateNewContexts._check_context for ImportStaff(name='demo_staff', school='DEMOSCHOOL', dn='uid=demo_staff,cn=mitarbeiter,cn=users,ou=DEMOSCHOOL,dc=uni,dc=dtr')...
-------------------------------------------------------------------------

So it works.

In case a hook has not yet been delivered with the Kelvin App, but is available in the host, you can copy it from the host into the container like this:

-------------------------------------------------------------------------
CONTAINER="$(docker ps | grep ucsschool-kelvin-rest-api | awk '{print $NF}')"
docker cp /u/s/u/pyhooks-available/example.py "$CONTAINER:/usr/share/ucs-school-import/pyhooks-available/"
-------------------------------------------------------------------------
the you can use "ln -s" in the host or the container as before.
Comment 2 Dirk Ahrnke univentionstaff 2021-04-12 13:32:08 CEST 
The solution provided by copying manually hooks contained the package "ucs-school-import" may be considered as a workaround. In case there are updates for those hooks one would have to copy them again.

This issue was created as a feature request and I still see it as valid. 
As it does not make much sense to install Kelvin-Hooks to a system which would never run them directly I'd suggest rather to put them into the container, e.g. by keeping the directory /usr/share/ucs-school-import/pyhooks-available in sync with the one on the host itself, where it is maintained by the ucs-school-import package
Comment 3 Daniel Tröder univentionstaff 2021-04-13 08:00:37 CEST 
Yes, I also think a bind mounted directory is better. It is easier to maintain and more transparent to the user.

Would you prefer a separate directory (in both the host and the Docker container) for hooks for Kelvin? I think in the future it will become confusing to see them together in the same directory as the one for the import. My suggestion would be /usr/share/ucs-school-import/pyhooks-kelvin-available.
Comment 4 Jan-Luca Kiok univentionstaff 2021-04-13 09:15:53 CEST 
A separate directory like /usr/share/ucs-school-import/pyhooks-kelvin-available sounds great, indeed this was what I had in mind when opening this feature request.
My only question is if you think there could be kelvin hooks apart from the import in the future so that "ucs-school-import" would be misleading? But I guess as long as the whole config resides in /var/lib/ucs-school-import there is no need to change this for now.
Comment 5 Daniel Tröder univentionstaff 2021-04-13 09:33:13 CEST 
Ah yes… there are more than a few files in that package that should be in others… In Debian it is bit tricky to move files between packages…
First Last Prev Next    This bug is not in your last search results.