Univention Bugzilla – Full Text Bug Listing |
Summary: | Installing docker apps with read-only apt proxy config file fails if proxy is configured | ||
---|---|---|---|
Product: | UCS | Reporter: | Valentin Heidelberger <heidelberger> |
Component: | App Center | Assignee: | Christian Castens <castens> |
Status: | CLOSED FIXED | QA Contact: | Felix Botner <botner> |
Severity: | normal | ||
Priority: | P5 | CC: | botner, grandjean, gulden, michelsmidt, requate, steuwer |
Version: | UCS 4.4 | ||
Target Milestone: | UCS 4.4-4-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
See Also: | https://forge.univention.org/bugzilla/show_bug.cgi?id=51031 | ||
What kind of report is it?: | Bug Report | What type of bug is this?: | 5: Major Usability: Impairs usability in key scenarios |
Who will be affected by this bug?: | 1: Will affect a very few installed domains | How will those affected feel about the bug?: | 3: A User would likely not purchase the product |
User Pain: | 0.086 | Enterprise Customer affected?: | |
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: |
Description
Valentin Heidelberger
2020-03-27 18:01:36 CET
The error from listener.log from inside the container: Configure 20univention-directory-policy.inst Fri Mar 27 17:47:29 CET 2020 2020-03-27 17:47:29.788773692+01:00 (in joinscript_init) Create directory/manager/samba3/legacy Create proxy/http Create proxy/https File: /etc/apt/apt.conf.d/80proxy Traceback (most recent call last): File "/usr/lib/univention-directory-policy/univention-policy-update-config-registry", line 146, in <module> main() File "/usr/lib/univention-directory-policy/univention-policy-update-config-registry", line 131, in main confreg.handler_set(new_set_list, {'ldap-policy': True}) File "/usr/lib/pymodules/python2.7/univention/config_registry/frontend.py", line 163, in handler_set None if quiet else 'W: %s is overridden by scope "%s"') File "/usr/lib/pymodules/python2.7/univention/config_registry/frontend.py", line 204, in _run_changed handlers(changed.keys(), (ucr, changed)) File "/usr/lib/pymodules/python2.7/univention/config_registry/handler.py", line 854, in __call__ handler(arg) File "/usr/lib/pymodules/python2.7/univention/config_registry/handler.py", line 432, in __call__ with open(self.to_file, 'w+') as fd: IOError: [Errno 30] Read-only file system: '/etc/apt/apt.conf.d/80proxy' run-parts: /usr/lib/univention-directory-policy/univention-policy-update-config-registry exited with return code 1 mhm, can we merge this with Bug #51031 ? In the end both need to be fixed to have proper proxy configuration in docker apps, right? (In reply to Ingo Steuwer from comment #2) > mhm, can we merge this with Bug #51031 ? In the end both need to be fixed to > have proper proxy configuration in docker apps, right? Maybe but I'm hesitant since they describe different problems. A Ticket-Number is required to qualify a Bug as "School Customer Affected". I've pushed this Bug into the appcenter Taiga Backlog. (In reply to Valentin Heidelberger from comment #0) > When installing a docker app based on UCS, the app gets the proxy settings > configured via UCR. > > During univention-join, which is triggered in the app's installation, > 20univention-directory-policy.inst tries to write these settings to > /etc/apt/apt.conf.d/80proxy - this fails at least in the itslearning app > because that file is read-only. I assume because it's mounted from the host > system but didn't have time to confirm that. What is the context of the files mentioned here? Inside the app's Docker container or on the UCS system? From Comment 1 I assume the problem occurs inside the running Docker container. Furthermore, I assume it is an Appbox based Docker container with UCS. Did you observe the problem with other apps than itslearning, as well? (In reply to Nico Gulden from comment #6) > From Comment 1 I assume the problem occurs inside the running Docker > container. Furthermore, I assume it is an Appbox based Docker container with > UCS. > > Did you observe the problem with other apps than itslearning, as well? Yes it happens inside an UCS based container. I didn't observe it with other apps so far. Reason for the traceback is that the App Center mounts /etc/apt/apt.conf.d/80proxy as read-only from the UCS host system to the container. The listener in the UCS based container tries to write that read-only file and fails with the observed traceback. On possible solution could be that the App Center mounts the file to a different name so that the listener inside the container does not clash anymore with that file. This change would require an errata update. Changed the effect of the bug to 1, since it has only been observed together with itslearning. Merged and built in 4.4-4 Successful build Package: univention-appcenter Version: 8.0.11-132A~4.4.0.202005041147 Branch: ucs_4.4-0 Scope: errata4.4-4 commit 988492d96ff490262df770b0618b7ba33930b38d commit 5e070b4190f15c32f676daa110e36fcc05948bc4 OK - /etc/apt/apt.conf.d/81proxy is used in the container now OK - yaml ls -la /etc/apt/apt.conf.d/8* -rw-r--r-- 1 root root 593 May 4 12:27 /etc/apt/apt.conf.d/80proxy -rw-r--r-- 1 root root 593 May 4 12:17 /etc/apt/apt.conf.d/81proxy and the join works |