Univention Bugzilla – Bug 49799
univention-upgrade aborts in docker container because apt-get update fails to open a file
Last modified: 2019-08-22 15:30:04 CEST
Created attachment 10106 [details] updater.log Short story: In a docker container "apt-get update" fails with E: Failed to fetch store:/var/lib/apt/lists/partial/_var_cache_univention-system-setup_packages_._Packages Could not open file /var/lib/apt/lists/partial/_var_cache_univention-system-setup_packages_._Packages - open (13: Permission denied) Long story: I pulled the docker container univention/ucs-master-amd64:4.3-2 and started univention-upgrade in it. There ist something strange with the versioning, so it first updated successfully from 4.3-0 errata157 to UCS 4.3-1 but after that it aborted during update to UCS 4.3-2, see attached log file: =========================================================================== root@master10:~# docker pull univention/ucs-master-amd64:4.3-2 root@master10:~# docker run -d --name master_container --hostname=master \ -e domainname=testdomain.intranet -e rootpwd=univention -p 8011:80 \ -e container=docker -v /sys/fs/cgroup:/sys/fs/cgroup:ro \ --tmpfs /run --tmpfs /run/lock --cap-add=SYS_ADMIN \ --restart unless-stopped univention/ucs-master-amd64:4.3-2 /sbin/init root@master10:~# docker exec -it [...] /bin/bash root@master:/# univention-upgrade --ignoreterm --n </dev/null [...] Starting univention-upgrade. Current UCS version is 4.3-1 errata282 Checking for local repository: none Checking for package updates: none Checking for app updates: none Checking for release updates: found: UCS 4.3-2 Starting update to UCS version 4.3-2 at Thu Jul 4 17:24:07 2019... Starting update to UCS version 4.3-2 [...] Reading package lists... W: Target Packages (Packages) is configured multiple times in /etc/apt/sources.list.d/00_ucs_temporary_installation.list:3 and /etc/apt/sources.list.d/20_ucs-online-component.list:11 W: Target Packages (Packages) is configured multiple times in /etc/apt/sources.list.d/00_ucs_temporary_installation.list:4 and /etc/apt/sources.list.d/20_ucs-online-component.list:12 E: Failed to fetch store:/var/lib/apt/lists/partial/_var_cache_univention-system-setup_packages_._Packages Could not open file /var/lib/apt/lists/partial/_var_cache_univention-system-setup_packages_._Packages - open (13: Permission denied) E: Some index files failed to download. They have been ignored, or old ones used instead. W: Target Packages (Packages) is configured multiple times in /etc/apt/sources.list.d/00_ucs_temporary_installation.list:3 and /etc/apt/sources.list.d/20_ucs-online-component.list:11 W: Target Packages (Packages) is configured multiple times in /etc/apt/sources.list.d/00_ucs_temporary_installation.list:4 and /etc/apt/sources.list.d/20_ucs-online-component.list:12 Error: Failed to execute "apt-get update" exitcode of univention-updater: 1 ERROR: update failed. Please check /var/log/univention/updater.log =========================================================================== Bug the file seems to be threre: =========================================================================== root@master:/# ls -l /var/lib/apt/lists/partial/_var_cache_univention-system-setup_packages_._Packages lrwxrwxrwx 1 root root 54 Jul 4 17:24 /var/lib/apt/lists/partial/_var_cache_univention-system-setup_packages_._Packages -> /var/cache/univention-system-setup/packages/./Packages root@master:/# ls -l /var/cache/univention-system-setup/packages/./Packages -rwx------ 1 root root 1812321 Jul 4 17:12 /var/cache/univention-system-setup/packages/./Packages ===========================================================================
This works: apt-get -o "Acquire::GzipIndexes=false" update So, we need to adjust this parameter in /etc/apt/apt.conf.d/docker-gzip-indexes in the containers. This is in git/univention/internal/univention-docker-dev/scripts/create-minbase-image.sh and in git/ucs/container/univention-docker-container-mode/conffiles/etc/apt/apt.conf.d/docker-gzip-indexes rebuild the containers and upload them.
May be the reason for Ticket#: 2019070321000792 , I adjusted the bug flags accordingly.
apt uses the _apt user to gzip the package file. To gzip the package file, is the enabled in our docker images. In this case the local package cache which is created by usr/share/univention-system-setup/download-packages wasn't accessible by the _apt user. While the download of the package file falls back to use root, the gzip process doesn't seem to do this and throws an error. In our appliances it is not enabled to gzip the package file. That's why this doesn't throw an error there.
[4.4-1 da597d9813] Bug #49799: Fix error in "apt update" [4.4-1 970e5fc65c] Bug #49799: yaml Package: univention-system-setup Version: 12.0.2-12A~4.4.0.201908071856 Branch: ucs_4.4-0 Scope: errata4.4-1 I will test the latest dvd tomorrow
"apt-get update -o Acquire::GzipIndexes=true" now works without errors on the latest dvd after booting into appliance mode. A new appliance for testing is currently building: https://jenkins.knut.univention.de:8181/job/UCS-4.4/job/UCS-4.4-1/view/Appliances/job/CreateUCSAppliance/
OK, system-setup creates the directory with the correct permissions.
Reopen, please verify that the latest package version works as intended. At this bug, u-s-s 12.0.2-12 was built, but the current version is 12.0.2-14, which is not reflected in the YAML file
Ok, annoying, that's due to Bug #48698.
Fixed: 25ecd16f75c480c7b7401baf0d387343487fa51f
Reopen: We have a system diagnostic check for the u-s-s cache directory, which shows a warning: File '/var/cache/univention-system-setup' has mode 711, 700 was expected.
(In reply to Erik Damrose from comment #10) > Reopen: We have a system diagnostic check for the u-s-s cache directory, > which shows a warning: > > File '/var/cache/univention-system-setup' has mode 711, 700 was expected. Who ever fixes that, please look at <https://git.knut.univention.de/univention/ucs/commit/f657d5a551ff0d7bfb674de4364ed4159cb7b1a0>, which is a left-over from Bug #48814.
Package: univention-management-console-module-diagnostic Version: 5.0.1-16A~4.4.0.201908191544 Branch: ucs_4.4-0 Scope: errata4.4-1 [4.4-1 420f6d2d54] Bug #49799: Fix file permission test for /var/cache/univention-system-setup
(In reply to Philipp Hahn from comment #11) > (In reply to Erik Damrose from comment #10) > > Reopen: We have a system diagnostic check for the u-s-s cache directory, > > which shows a warning: > > > > File '/var/cache/univention-system-setup' has mode 711, 700 was expected. > > Who ever fixes that, please look at > <https://git.knut.univention.de/univention/ucs/commit/ > f657d5a551ff0d7bfb674de4364ed4159cb7b1a0>, which is a left-over from Bug > #48814. Sorry I think that needs its own bug
OK: Package version OK: diagnostic
<http://errata.software-univention.de/ucs/4.4/240.html> <http://errata.software-univention.de/ucs/4.4/241.html>