[lxc-devel] Request for update Jenkins script for plamo images (Re: [PATCH] Update plamo template)
TAMUKI Shoichi
tamuki at linet.gr.jp
Mon Aug 25 23:13:10 UTC 2014
Hello Stephane,
From: TAMUKI Shoichi <tamuki at linet.gr.jp>
Subject: Re: [lxc-devel] [PATCH] Update plamo template
Date: Tue, 19 Aug 2014 12:30:07 +0900
> One more thing is about the user/group ownership. I investigated
> /etc/{passwd,group} between Ubuntu and Plamo Linux, and found that
> there are some user/group names in Plamo Linux, which do not exist in
> Ubuntu, so that means there may be some files/directories which are
> extracted with wrong user/group ownership.
>
> So, would you please add the procedures below to the Jenkins script in
> the preparation phase for the above 4 configurations.
>
> for i in postfix pop wnn polkituser mysql ; do useradd $i ; done
> for i in wheel postfix postdrop telnetd mysql cgred ; do groupadd $i ; done
I will explain step by step why we need this workaround.
Previously, there were some files/directories with wrong user/group
ownership in rootfs.tar.xz created on Jenkins server (maybe Ubuntu.)
There is no problem in rootfs.tar.xz created on Plamo Linux itself.
[The list of plamo-mini rootfs created on Ubuntu (wrong ownership)]
----------------------------------------------------------------------
drwxr-xr-x daemon/daemon 0 2011-06-29 09:00:00 var/log/canna/
drwxrwxrwt root/kmem 0 1993-11-25 11:29:52 var/cache/man/cat1/
...
-rw-rw-r-- root/dialout 0 1999-04-13 11:29:10 var/run/utmp
drwxr-xr-x root/16 0 2014-02-28 09:00:00 var/run/saslauthd/
drwxrwxrwt root/man 0 2014-07-31 01:11:16 var/spool/mail/
-rw-rw---- root/man 7111 1998-10-23 07:02:33 var/spool/mail/root
drwxrwx--T bin/bin 0 2012-02-06 16:17:43 var/spool/atspool/
drwxrwx--T bin/bin 0 2012-02-06 16:17:43 var/spool/atjobs/
-rw------- bin/bin 0 2012-02-06 16:17:43 var/spool/atjobs/.SEQ
drwxrwxr-x daemon/daemon 0 2011-06-29 09:00:00 var/lib/canna/dic/
...
drwxr-x--- root/video 0 2012-01-10 13:06:04 var/mlocate/
drwxrwxr-x root/utmp 0 2014-07-31 01:21:51 var/games/
...
-rw-r----- root/bin 144 2012-02-06 16:17:43 etc/at.deny
-rwsr-sr-x bin/bin 39304 2012-02-06 16:17:43 usr/bin/at
-rwsr-x--- root/uucp 9108 2012-02-13 09:00:00 usr/bin/crontab
-rwxr-sr-x root/video 30444 2012-01-10 13:06:04 usr/bin/locate
-rwsr-sr-x root/man 68152 2009-01-13 10:55:32 usr/bin/procmail
-rwsr-sr-x root/man 12528 2009-01-13 10:55:32 usr/bin/lockfile
-rws--x--x 17/root 143676 2013-08-07 09:00:00 usr/bin/Wnn4/jserver
...
-rwsr-x--- root/35 6152 2012-11-05 09:00:00 usr/sbin/telnetlogin
-rwxr-sr-x root/dialout 6904 2012-11-30 09:00:00 usr/sbin/utempter
drwxr-xr-x root/daemon 0 1993-11-25 02:32:04 usr/local/bin/
drwxr-xr-x root/daemon 0 1993-11-25 02:32:04 usr/local/sbin/
-rw-r--r-- root/kmem 11244 2012-04-20 15:17:40 usr/share/man/man1/sar.1.gz
...
-rw-r--r-- proxy/tty 8764 2012-11-06 09:00:00 usr/share/man/man8/dump.8.gz
...
drwxr-x--- root/utmp 0 2014-01-09 09:00:00 usr/libexec/games/dm/
-rwsr-xr-x root/uucp 14184 2011-06-29 09:00:00 usr/libexec/sptagent
-rwsr-x--- root/operator 1036749 2013-11-17 09:00:00 usr/libexec/dbus-daemon-launch-helper
-rwxr-sr-x root/utmp 10004 2014-01-09 09:00:00 usr/games/dm
drwxr-xr-x root/uucp 0 1994-08-01 14:30:37 home/ftp/
...
----------------------------------------------------------------------
[The list of plamo-mini rootfs created on Plamo Linux (right ownership)]
----------------------------------------------------------------------
drwxr-xr-x bin/bin 0 2011-06-29 09:00:00 var/log/canna/
drwxrwxrwt root/man 0 1993-11-25 11:29:52 var/cache/man/cat1/
...
-rw-rw-r-- root/utmp 0 1999-04-13 11:29:10 var/run/utmp
drwxr-xr-x root/postfix 0 2014-02-28 09:00:00 var/run/saslauthd/
drwxrwxrwt root/mail 0 2014-08-12 01:20:58 var/spool/mail/
-rw-rw---- root/mail 7111 1998-10-23 07:02:33 var/spool/mail/root
drwxrwx--T daemon/daemon 0 2012-02-06 16:17:43 var/spool/atspool/
drwxrwx--T daemon/daemon 0 2012-02-06 16:17:43 var/spool/atjobs/
-rw------- daemon/daemon 0 2012-02-06 16:17:43 var/spool/atjobs/.SEQ
drwxrwxr-x bin/bin 0 2011-06-29 09:00:00 var/lib/canna/dic/
...
drwxr-x--- root/mlocate 0 2012-01-10 13:06:04 var/mlocate/
drwxrwxr-x root/games 0 2014-08-12 01:29:05 var/games/
...
-rw-r----- root/daemon 144 2012-02-06 16:17:43 etc/at.deny
-rwsr-sr-x daemon/daemon 39304 2012-02-06 16:17:43 usr/bin/at
-rwsr-x--- root/wheel 9108 2012-02-13 09:00:00 usr/bin/crontab
-rwxr-sr-x root/mlocate 30444 2012-01-10 13:06:04 usr/bin/locate
-rwsr-sr-x root/mail 68152 2009-01-13 10:55:32 usr/bin/procmail
-rwsr-sr-x root/mail 12528 2009-01-13 10:55:32 usr/bin/lockfile
-rws--x--x wnn/root 143676 2013-08-07 09:00:00 usr/bin/Wnn4/jserver
...
-rwsr-x--- root/telnetd 6152 2012-11-05 09:00:00 usr/sbin/telnetlogin
-rwxr-sr-x root/utmp 6904 2012-11-30 09:00:00 usr/sbin/utempter
drwxr-xr-x root/bin 0 1993-11-25 02:32:04 usr/local/bin/
drwxr-xr-x root/bin 0 1993-11-25 02:32:04 usr/local/sbin/
-rw-r--r-- root/man 11244 2012-04-20 15:17:40 usr/share/man/man1/sar.1.gz
...
-rw-r--r-- man/tty 8764 2012-11-06 09:00:00 usr/share/man/man8/dump.8.gz
...
drwxr-x--- root/games 0 2014-01-09 09:00:00 usr/libexec/games/dm/
-rwsr-xr-x root/wheel 14184 2011-06-29 09:00:00 usr/libexec/sptagent
-rwsr-x--- root/messagebus 1036749 2013-11-17 09:00:00 usr/libexec/dbus-daemon-launch-helper
-rwxr-sr-x root/games 10004 2014-01-09 09:00:00 usr/games/dm
drwxr-xr-x root/wheel 0 1994-08-01 14:30:37 home/ftp/
...
----------------------------------------------------------------------
So, I updated lxc-plamo template (commit: ea00a20) in order to solve
this problem:
| - If "installpkg" command does not exist, lxc-plamo temporarily
| install the command with static linked tar command into the lxc
| cache directory. The tar command does not refer to passwd/group
| files, which means that only a few files/directories are extracted
| with wrong user/group ownership. To avoid this, the installpkg
| command now uses the standard tar command in the system.
However, there are still some files/directories with wrong user/group
ownership in rootfs.tar.xz created on our local Ubuntu environment.
[The list of plamo-mini rootfs created on Ubuntu (wrong ownership)]
----------------------------------------------------------------------
drwxr-xr-x root/16 0 2014-02-28 09:00:00 var/run/saslauthd/
-rwsr-x--- root/uucp 9108 2012-02-13 09:00:00 usr/bin/crontab
-rws--x--x 17/root 143676 2013-08-07 09:00:00 usr/bin/Wnn4/jserver
...
-rwsr-x--- root/35 6152 2012-11-05 09:00:00 usr/sbin/telnetlogin
-rwsr-xr-x root/uucp 14184 2011-06-29 09:00:00 usr/libexec/sptagent
drwxr-xr-x root/uucp 0 1994-08-01 14:30:37 home/ftp/
...
----------------------------------------------------------------------
[The list of plamo-mini rootfs created on Plamo Linux (right ownership)]
----------------------------------------------------------------------
drwxr-xr-x root/postfix 0 2014-02-28 09:00:00 var/run/saslauthd/
-rwsr-x--- root/wheel 9108 2012-02-13 09:00:00 usr/bin/crontab
-rws--x--x wnn/root 143676 2013-08-07 09:00:00 usr/bin/Wnn4/jserver
...
-rwsr-x--- root/telnetd 6152 2012-11-05 09:00:00 usr/sbin/telnetlogin
-rwsr-xr-x root/wheel 14184 2011-06-29 09:00:00 usr/libexec/sptagent
drwxr-xr-x root/wheel 0 1994-08-01 14:30:37 home/ftp/
...
----------------------------------------------------------------------
These user/group names exist in passwd/group files on Plamo Linux, but
they do not exist in passwd/group files on Ubuntu.
I then investigated the user/group names only in Plamo Linux comparing
with Ubuntu: --> (1)
[/etc/passwd] [/etc/group]
adm 3 mem 8
shutdown 6 wheel 10
halt 7 postfix 16
operator 11 postdrop 17
postmaster 14 sshd 18
postfix 15 ftp 19
pop 16 polkituser 21
wnn 17 avahi 22
ftp 19 gdm 23
polkituser 21 stb-admin 25
avahi 22 pgsql 30
gdm 23 apache 31
haldaemon 24 haldaemon 34
pulse 26 telnetd 35
kdm 27 kvm 36
postgres 30 pulse 38
www 31 pulse-access 39
wadm 32 mysql 40
mysql 33 storage 41
usbmux 40 power 42
libvirt-qemu 50 kdm 45
guest 999 scanner 46
pcguest 999 libvirt 47
cgred 48
On the other hand, this is everything that the user/group names are
stored in rootfs as a result of installing Plamo Linux: --> (2)
[user name] [group name]
root root
bin bin
daemon daemon
lp sys
uucp tty
games disk
man lp
postfix wheel
pop mail
wnn uucp
polkituser man
mysql postfix
nobody postdrop
utmp
telnetd
messagebus
mysql
games
mlocate
cgred
users
nogroup
Therefore, the user/group names which belong to both (1) and (2), will
have to be added temporarily to the Jenkins server when creating plamo
images.
[user name] [group name]
postfix wheel
pop postfix
wnn postdrop
polkituser telnetd
mysql mysql
cgred
It is important that each user/group names are stored correctly into
rootfs tar archives. Here are the tar behaviors about ownership:
- When archiving, tar stores both user/group names and uid/gid.
- When extracting, tar uses user/group names as priority. If there
are not same user/group names in the system, it uses uid/gid
instead.
This means that creating containers may be done with right ownership
on any distributions other than Ubuntu or Plamo Linux.
According to the Jenkins log, I will suggest you to insert the
commands like below:
==> Executing: "for i in postfix pop wnn polkituser mysql ; do useradd $i ; done" in /
==> Executing: "for i in wheel postfix postdrop telnetd mysql cgred ; do groupadd $i ; done" in /
just before the command:
==> Executing: "mkdir -p /build/containers/LXC_NAME/rootfs" in /
> So, KATOH-san prepared a new mirror server repository.plamolinux.org.
> Would you please add the environment variable below to the Jenkins
> script before invoking lxc-plamo.
>
> export MIRRORSRV="repository.plamolinux.org"
>
> This overrides the default MIRRORSRV in lxc-plamo.
According to the Jenkins log, I will suggest you to insert the
environment variable like below:
==> Executing: "env MIRRORSRV=repository.plamolinux.org <-- add this
/usr/share/lxc/templates/lxc-plamo
--path /build/containers/LXC_NAME
--rootfs /build/containers/LXC_NAME/rootfs
--name LXC_NAME -r 5.x -a x86_64" in /
Thanks in advance.
Regards,
TAMUKI Shoichi
More information about the lxc-devel
mailing list