First Last Prev Next    This bug is not in your last search results.
Bug 49543 - error handling for "copy /etc/machine.secret into container"
error handling for "copy /etc/machine.secret into container"
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: App Center
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 4.4-0-errata
Assigned To: Felix Botner
Dirk Wiesenthal
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-05-24 11:12 CEST by Felix Botner
Modified: 2019-06-05 15:56 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Felix Botner univentionstaff 2019-05-24 11:12:43 CEST 
_start_docker_image writes the /etc/machine.secret into the container overlay path. If that fails the installation process stops and leaves the app in an undefiend state (neither remove nor re-install is possible now).

We should not break at this point, but add error handling or ignore the error.
Comment 1 Felix Botner univentionstaff 2019-05-24 11:21:49 CEST 
> app in an undefiend state (neither remove nor re-install is possible now).
This is not true, the app is de-installed.

Better error handling would be good anyway.
Comment 2 Felix Botner univentionstaff 2019-05-24 11:29:26 CEST 
6ca5659aa3d0e6a77230210c40c3972ce5f239e2 - univention-appcenter
0fc2d0ae57aedac9fba31b701652e63a8c59d751 - yaml
Comment 3 Dirk Wiesenthal univentionstaff 2019-05-28 23:37:24 CEST 
OK, in my tests the error message is more or less doubled, but maybe in "real world errors"... better safe than sorry.
Comment 4 Felix Botner univentionstaff 2019-05-29 12:36:44 CEST 
This breaks the openid-connect-provider App. This app starts the container read-only and now the docker-cp fails.
Comment 5 Felix Botner univentionstaff 2019-05-29 14:52:14 CEST 
ok, back to creating the file in the overlay directory, if that fails raise DockerCouldNotStartContainer instead of the original exception-
Comment 6 Nico Gulden univentionstaff 2019-06-04 11:44:26 CEST 
Does the error also add some value to the DockerCouldNotStartContainer error? It would be good to get additional feedback like for example "Failed to write /etc/machine.secret to container".
Comment 7 Felix Botner univentionstaff 2019-06-04 11:49:03 CEST 
(In reply to Nico Gulden from comment #6)
> Does the error also add some value to the DockerCouldNotStartContainer
> error? It would be good to get additional feedback like for example "Failed
> to write /etc/machine.secret to container".

yes, in case the creation of the machine.secret fails, DockerCouldNotStartContainer is raised with a message containing the exception and docker.logs from the container.
Comment 8 Dirk Wiesenthal univentionstaff 2019-06-05 10:33:57 CEST 
OK, works
Comment 9 Erik Damrose univentionstaff 2019-06-05 15:56:00 CEST 
<http://errata.software-univention.de/ucs/4.4/141.html>
First Last Prev Next    This bug is not in your last search results.