Univention Bugzilla – Full Text Bug Listing |
Summary: | univention-upgrade aborts in docker container because apt-get update fails to open a file | ||
---|---|---|---|
Product: | UCS | Reporter: | Arvid Requate <requate> |
Component: | Docker | Assignee: | Jürn Brodersen <brodersen> |
Status: | CLOSED FIXED | QA Contact: | Dirk Wiesenthal <wiesenthal> |
Severity: | normal | ||
Priority: | P5 | CC: | brodersen, damrose, hahn |
Version: | UCS 4.3 | ||
Target Milestone: | UCS 4.4-1-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
URL: | https://github.com/nginxinc/docker-nginx/blob/master/mainline/stretch/Dockerfile | ||
See Also: |
https://forge.univention.org/bugzilla/show_bug.cgi?id=49790 https://forge.univention.org/bugzilla/show_bug.cgi?id=48814 |
||
What kind of report is it?: | Bug Report | What type of bug is this?: | 6: Setup Problem: Issue for the setup process |
Who will be affected by this bug?: | 3: Will affect average number of installed domains | How will those affected feel about the bug?: | 3: A User would likely not purchase the product |
User Pain: | 0.309 | Enterprise Customer affected?: | Yes |
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Yes | Flags outvoted (downgraded) after PO Review: | |
Ticket number: | 2019070321000792 | Bug group (optional): | |
Max CVSS v3 score: | |||
Bug Depends on: | 48698 | ||
Bug Blocks: | 49800 | ||
Attachments: | updater.log |
This works: apt-get -o "Acquire::GzipIndexes=false" update So, we need to adjust this parameter in /etc/apt/apt.conf.d/docker-gzip-indexes in the containers. This is in git/univention/internal/univention-docker-dev/scripts/create-minbase-image.sh and in git/ucs/container/univention-docker-container-mode/conffiles/etc/apt/apt.conf.d/docker-gzip-indexes rebuild the containers and upload them. May be the reason for Ticket#: 2019070321000792 , I adjusted the bug flags accordingly. apt uses the _apt user to gzip the package file. To gzip the package file, is the enabled in our docker images. In this case the local package cache which is created by usr/share/univention-system-setup/download-packages wasn't accessible by the _apt user. While the download of the package file falls back to use root, the gzip process doesn't seem to do this and throws an error. In our appliances it is not enabled to gzip the package file. That's why this doesn't throw an error there. [4.4-1 da597d9813] Bug #49799: Fix error in "apt update" [4.4-1 970e5fc65c] Bug #49799: yaml Package: univention-system-setup Version: 12.0.2-12A~4.4.0.201908071856 Branch: ucs_4.4-0 Scope: errata4.4-1 I will test the latest dvd tomorrow "apt-get update -o Acquire::GzipIndexes=true" now works without errors on the latest dvd after booting into appliance mode. A new appliance for testing is currently building: https://jenkins.knut.univention.de:8181/job/UCS-4.4/job/UCS-4.4-1/view/Appliances/job/CreateUCSAppliance/ OK, system-setup creates the directory with the correct permissions. Reopen, please verify that the latest package version works as intended. At this bug, u-s-s 12.0.2-12 was built, but the current version is 12.0.2-14, which is not reflected in the YAML file Ok, annoying, that's due to Bug #48698. Fixed: 25ecd16f75c480c7b7401baf0d387343487fa51f Reopen: We have a system diagnostic check for the u-s-s cache directory, which shows a warning: File '/var/cache/univention-system-setup' has mode 711, 700 was expected. (In reply to Erik Damrose from comment #10) > Reopen: We have a system diagnostic check for the u-s-s cache directory, > which shows a warning: > > File '/var/cache/univention-system-setup' has mode 711, 700 was expected. Who ever fixes that, please look at <https://git.knut.univention.de/univention/ucs/commit/f657d5a551ff0d7bfb674de4364ed4159cb7b1a0>, which is a left-over from Bug #48814. Package: univention-management-console-module-diagnostic Version: 5.0.1-16A~4.4.0.201908191544 Branch: ucs_4.4-0 Scope: errata4.4-1 [4.4-1 420f6d2d54] Bug #49799: Fix file permission test for /var/cache/univention-system-setup (In reply to Philipp Hahn from comment #11) > (In reply to Erik Damrose from comment #10) > > Reopen: We have a system diagnostic check for the u-s-s cache directory, > > which shows a warning: > > > > File '/var/cache/univention-system-setup' has mode 711, 700 was expected. > > Who ever fixes that, please look at > <https://git.knut.univention.de/univention/ucs/commit/ > f657d5a551ff0d7bfb674de4364ed4159cb7b1a0>, which is a left-over from Bug > #48814. Sorry I think that needs its own bug OK: Package version OK: diagnostic |
Created attachment 10106 [details] updater.log Short story: In a docker container "apt-get update" fails with E: Failed to fetch store:/var/lib/apt/lists/partial/_var_cache_univention-system-setup_packages_._Packages Could not open file /var/lib/apt/lists/partial/_var_cache_univention-system-setup_packages_._Packages - open (13: Permission denied) Long story: I pulled the docker container univention/ucs-master-amd64:4.3-2 and started univention-upgrade in it. There ist something strange with the versioning, so it first updated successfully from 4.3-0 errata157 to UCS 4.3-1 but after that it aborted during update to UCS 4.3-2, see attached log file: =========================================================================== root@master10:~# docker pull univention/ucs-master-amd64:4.3-2 root@master10:~# docker run -d --name master_container --hostname=master \ -e domainname=testdomain.intranet -e rootpwd=univention -p 8011:80 \ -e container=docker -v /sys/fs/cgroup:/sys/fs/cgroup:ro \ --tmpfs /run --tmpfs /run/lock --cap-add=SYS_ADMIN \ --restart unless-stopped univention/ucs-master-amd64:4.3-2 /sbin/init root@master10:~# docker exec -it [...] /bin/bash root@master:/# univention-upgrade --ignoreterm --n </dev/null [...] Starting univention-upgrade. Current UCS version is 4.3-1 errata282 Checking for local repository: none Checking for package updates: none Checking for app updates: none Checking for release updates: found: UCS 4.3-2 Starting update to UCS version 4.3-2 at Thu Jul 4 17:24:07 2019... Starting update to UCS version 4.3-2 [...] Reading package lists... W: Target Packages (Packages) is configured multiple times in /etc/apt/sources.list.d/00_ucs_temporary_installation.list:3 and /etc/apt/sources.list.d/20_ucs-online-component.list:11 W: Target Packages (Packages) is configured multiple times in /etc/apt/sources.list.d/00_ucs_temporary_installation.list:4 and /etc/apt/sources.list.d/20_ucs-online-component.list:12 E: Failed to fetch store:/var/lib/apt/lists/partial/_var_cache_univention-system-setup_packages_._Packages Could not open file /var/lib/apt/lists/partial/_var_cache_univention-system-setup_packages_._Packages - open (13: Permission denied) E: Some index files failed to download. They have been ignored, or old ones used instead. W: Target Packages (Packages) is configured multiple times in /etc/apt/sources.list.d/00_ucs_temporary_installation.list:3 and /etc/apt/sources.list.d/20_ucs-online-component.list:11 W: Target Packages (Packages) is configured multiple times in /etc/apt/sources.list.d/00_ucs_temporary_installation.list:4 and /etc/apt/sources.list.d/20_ucs-online-component.list:12 Error: Failed to execute "apt-get update" exitcode of univention-updater: 1 ERROR: update failed. Please check /var/log/univention/updater.log =========================================================================== Bug the file seems to be threre: =========================================================================== root@master:/# ls -l /var/lib/apt/lists/partial/_var_cache_univention-system-setup_packages_._Packages lrwxrwxrwx 1 root root 54 Jul 4 17:24 /var/lib/apt/lists/partial/_var_cache_univention-system-setup_packages_._Packages -> /var/cache/univention-system-setup/packages/./Packages root@master:/# ls -l /var/cache/univention-system-setup/packages/./Packages -rwx------ 1 root root 1812321 Jul 4 17:12 /var/cache/univention-system-setup/packages/./Packages ===========================================================================