First Last Prev Next    This bug is not in your last search results.
Bug 49799 - univention-upgrade aborts in docker container because apt-get update fails to open a file
univention-upgrade aborts in docker container because apt-get update fails to...
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Docker
UCS 4.3
Other Linux
: P5 normal (vote)
: UCS 4.4-1-errata
Assigned To: Jürn Brodersen
Dirk Wiesenthal
https://github.com/nginxinc/docker-ng...
:
Depends on: 48698
Blocks: 49800
  Show dependency treegraph
 
Reported: 2019-07-04 20:03 CEST by Arvid Requate
Modified: 2019-08-22 15:30 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 6: Setup Problem: Issue for the setup process
Who will be affected by this bug?: 3: Will affect average number of installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.309
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support: Yes
Flags outvoted (downgraded) after PO Review:
Ticket number: 2019070321000792
Bug group (optional):
Max CVSS v3 score:

Attachments
updater.log (144.41 KB, text/x-log)
2019-07-04 20:03 CEST, Arvid Requate 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2019-07-04 20:03:28 CEST 
Created attachment 10106 [details]
updater.log

Short story: In a docker container "apt-get update" fails with

E: Failed to fetch store:/var/lib/apt/lists/partial/_var_cache_univention-system-setup_packages_._Packages  Could not open file /var/lib/apt/lists/partial/_var_cache_univention-system-setup_packages_._Packages - open (13: Permission denied)


Long story: I pulled the docker container univention/ucs-master-amd64:4.3-2 and started univention-upgrade in it. There ist something strange with the versioning, so it first updated successfully from 4.3-0 errata157 to UCS 4.3-1 but after that it aborted during update to UCS 4.3-2, see attached log file:

===========================================================================
root@master10:~# docker pull univention/ucs-master-amd64:4.3-2
root@master10:~# docker run -d --name master_container --hostname=master  \
  -e domainname=testdomain.intranet     -e rootpwd=univention -p 8011:80  \
  -e container=docker     -v /sys/fs/cgroup:/sys/fs/cgroup:ro   \
  --tmpfs /run --tmpfs /run/lock     --cap-add=SYS_ADMIN  \
  --restart unless-stopped     univention/ucs-master-amd64:4.3-2 /sbin/init

root@master10:~# docker exec -it [...] /bin/bash

root@master:/# univention-upgrade --ignoreterm --n </dev/null
[...]
Starting univention-upgrade. Current UCS version is 4.3-1 errata282

Checking for local repository:                          none
Checking for package updates:                           none
Checking for app updates:                               none
Checking for release updates:                           found: UCS 4.3-2
Starting update to UCS version 4.3-2 at Thu Jul  4 17:24:07 2019...
Starting update to UCS version 4.3-2
[...]
Reading package lists...
W: Target Packages (Packages) is configured multiple times in /etc/apt/sources.list.d/00_ucs_temporary_installation.list:3 and /etc/apt/sources.list.d/20_ucs-online-component.list:11
W: Target Packages (Packages) is configured multiple times in /etc/apt/sources.list.d/00_ucs_temporary_installation.list:4 and /etc/apt/sources.list.d/20_ucs-online-component.list:12
E: Failed to fetch store:/var/lib/apt/lists/partial/_var_cache_univention-system-setup_packages_._Packages  Could not open file /var/lib/apt/lists/partial/_var_cache_univention-system-setup_packages_._Packages - open (13: Permission denied)
E: Some index files failed to download. They have been ignored, or old ones used instead.
W: Target Packages (Packages) is configured multiple times in /etc/apt/sources.list.d/00_ucs_temporary_installation.list:3 and /etc/apt/sources.list.d/20_ucs-online-component.list:11
W: Target Packages (Packages) is configured multiple times in /etc/apt/sources.list.d/00_ucs_temporary_installation.list:4 and /etc/apt/sources.list.d/20_ucs-online-component.list:12
Error: Failed to execute "apt-get update"
exitcode of univention-updater: 1
ERROR: update failed. Please check /var/log/univention/updater.log
===========================================================================

Bug the file seems to be threre:

===========================================================================
root@master:/# ls -l /var/lib/apt/lists/partial/_var_cache_univention-system-setup_packages_._Packages
lrwxrwxrwx 1 root root 54 Jul  4 17:24 /var/lib/apt/lists/partial/_var_cache_univention-system-setup_packages_._Packages -> /var/cache/univention-system-setup/packages/./Packages

root@master:/# ls -l /var/cache/univention-system-setup/packages/./Packages
-rwx------ 1 root root 1812321 Jul  4 17:12 /var/cache/univention-system-setup/packages/./Packages
===========================================================================
Comment 1 Arvid Requate univentionstaff 2019-07-04 20:12:30 CEST 
This works:

apt-get -o "Acquire::GzipIndexes=false" update



So, we need to adjust this parameter in /etc/apt/apt.conf.d/docker-gzip-indexes in the containers. This is in

git/univention/internal/univention-docker-dev/scripts/create-minbase-image.sh

and in

git/ucs/container/univention-docker-container-mode/conffiles/etc/apt/apt.conf.d/docker-gzip-indexes

rebuild the containers and upload them.
Comment 2 Arvid Requate univentionstaff 2019-07-04 20:23:57 CEST 
May be the reason for Ticket#: 2019070321000792 , I adjusted the bug flags accordingly.
Comment 3 Jürn Brodersen univentionstaff 2019-08-07 18:23:35 CEST 
apt uses the _apt user to gzip the package file. To gzip the package file, is the enabled in our docker images.

In this case the local package cache which is created by usr/share/univention-system-setup/download-packages wasn't accessible by the _apt user. While the download of the package file falls back to use root, the gzip process doesn't seem to do this and throws an error.
In our appliances it is not enabled to gzip the package file. That's why this doesn't throw an error there.
Comment 4 Jürn Brodersen univentionstaff 2019-08-07 19:04:05 CEST 
[4.4-1 da597d9813] Bug #49799: Fix error in "apt update"
[4.4-1 970e5fc65c] Bug #49799: yaml

Package: univention-system-setup
Version: 12.0.2-12A~4.4.0.201908071856
Branch: ucs_4.4-0
Scope: errata4.4-1

I will test the latest dvd tomorrow
Comment 5 Jürn Brodersen univentionstaff 2019-08-09 13:36:57 CEST 
"apt-get update -o Acquire::GzipIndexes=true" now works without errors on the latest dvd after booting into appliance mode.

A new appliance for testing is currently building:
https://jenkins.knut.univention.de:8181/job/UCS-4.4/job/UCS-4.4-1/view/Appliances/job/CreateUCSAppliance/
Comment 6 Dirk Wiesenthal univentionstaff 2019-08-14 12:22:20 CEST 
OK, system-setup creates the directory with the correct permissions.
Comment 7 Erik Damrose univentionstaff 2019-08-14 15:32:28 CEST 
Reopen, please verify that the latest package version works as intended. At this bug, u-s-s 12.0.2-12 was built, but the current version is 12.0.2-14, which is not reflected in the YAML file
Comment 8 Arvid Requate univentionstaff 2019-08-14 15:38:26 CEST 
Ok, annoying, that's due to Bug #48698.
Comment 9 Philipp Hahn univentionstaff 2019-08-15 14:14:37 CEST 
Fixed: 25ecd16f75c480c7b7401baf0d387343487fa51f
Comment 10 Erik Damrose univentionstaff 2019-08-19 13:41:39 CEST 
Reopen: We have a system diagnostic check for the u-s-s cache directory, which shows a warning:

File '/var/cache/univention-system-setup' has mode 711, 700 was expected.
Comment 11 Philipp Hahn univentionstaff 2019-08-19 14:04:38 CEST 
(In reply to Erik Damrose from comment #10)
> Reopen: We have a system diagnostic check for the u-s-s cache directory,
> which shows a warning:
> 
> File '/var/cache/univention-system-setup' has mode 711, 700 was expected.

Who ever fixes that, please look at <https://git.knut.univention.de/univention/ucs/commit/f657d5a551ff0d7bfb674de4364ed4159cb7b1a0>, which is a left-over from Bug #48814.
Comment 12 Jürn Brodersen univentionstaff 2019-08-19 15:54:52 CEST 
Package: univention-management-console-module-diagnostic
Version: 5.0.1-16A~4.4.0.201908191544
Branch: ucs_4.4-0
Scope: errata4.4-1

[4.4-1 420f6d2d54] Bug #49799: Fix file permission test for /var/cache/univention-system-setup
Comment 13 Jürn Brodersen univentionstaff 2019-08-19 15:55:54 CEST 
(In reply to Philipp Hahn from comment #11)
> (In reply to Erik Damrose from comment #10)
> > Reopen: We have a system diagnostic check for the u-s-s cache directory,
> > which shows a warning:
> > 
> > File '/var/cache/univention-system-setup' has mode 711, 700 was expected.
> 
> Who ever fixes that, please look at
> <https://git.knut.univention.de/univention/ucs/commit/
> f657d5a551ff0d7bfb674de4364ed4159cb7b1a0>, which is a left-over from Bug
> #48814.

Sorry I think that needs its own bug
Comment 14 Dirk Wiesenthal univentionstaff 2019-08-21 14:31:48 CEST 
OK: Package version
OK: diagnostic
First Last Prev Next    This bug is not in your last search results.