[Bug 804435] New: lxc-opensuse-12.2.patch removes device node creation
https://bugzilla.novell.com/show_bug.cgi?id=804435 https://bugzilla.novell.com/show_bug.cgi?id=804435#c0 Summary: lxc-opensuse-12.2.patch removes device node creation Classification: openSUSE Product: openSUSE 12.3 Version: RC 1 Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: jslaby@suse.com ReportedBy: mvyskocil@suse.com QAContact: qa-bugs@suse.de CC: fcrozat@suse.com Found By: --- Blocker: --- I was a bit surprise when I made chroot /var/lib/lxc/tomcat/rootfs to change a root password and realized the /dev/urandom does not exists, so password can't be salted and stored. Looking on opensuse template it is obvious the device node creation code is missing. It seems to cause this lxc-create error (see bnc#804232 for details) Copying rootfs to /var/lib/lxc/tomcat/rootfs ...Please change root-password ! chpasswd: PAM: Authentication failure where -t debian ends with Root password is 'root', please change I wanted to fix that, but once I've downloaded lxc package, it become clear that this has been intentionally removed by lxc-opensuse-12.2.patch. But this change is against the ContainerInterface [1] for systemd stating """ Also, make sure to create device nodes for /dev/null, /dev/zero, /dev/full, /dev/random, /dev/urandom, /dev/tty, /dev/ptmx in /dev """ neither is described in lxc.changes, please consider reverting of it back. [1] http://www.freedesktop.org/wiki/Software/systemd/ContainerInterface -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804435 https://bugzilla.novell.com/show_bug.cgi?id=804435#c1 Jiri Slaby <jslaby@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |fcrozat@suse.com --- Comment #1 from Jiri Slaby <jslaby@suse.com> 2013-02-19 13:38:23 UTC --- Frederic removed that -- setting needinfo. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804435 https://bugzilla.novell.com/show_bug.cgi?id=804435#c2 --- Comment #2 from Michal Vyskocil <mvyskocil@suse.com> 2013-02-19 13:39:22 UTC --- BTW: it might be a good idea to replace the DISTRO= variable in openSUSE template by DISTRO=${DISTRO:-@@DISTRO@@} and then do in a %prep or %build source /etc/os-release if [[ ${NAME} != "openSUSE" ]]; then VERSION_ID="12.2" #<---- or latest? would that work? fi sed -e "s/@@DISTRO@@/${VERSION_ID}/" -i templates/lxc-opensuse.in I saw the SUITE=${SUITE:-squeeze} in debian's template, so I assume the call SUITE="wheezy" lxc-create will install container with wheezy instead. So I've run it and now I have "7.0 (wheezy)" in /var/lib/lxc/wheezy/rootfs/etc/os-release, which seems like reasonable way how to configure a script. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804435 https://bugzilla.novell.com/show_bug.cgi?id=804435#c3 Frederic Crozat <fcrozat@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|fcrozat@suse.com | --- Comment #3 from Frederic Crozat <fcrozat@suse.com> 2013-02-19 14:53:46 UTC --- I removed manual node creation at container creation time to be compatible with systemd. /dev is a tmpfs and lxc will take care of creating the needed devices when container is booted (you need to set lxc.autodev=1 in your container configuration to have this feature). I prefer to hardcode version in lxc opensuse template because bumping from one release to another is usually not as easy as changing install repositories.. It needs manual testing, which is why I only bump release once it has been tested as working. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804435 https://bugzilla.novell.com/show_bug.cgi?id=804435#c4 Jiri Slaby <jslaby@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jslaby@suse.com AssignedTo|jslaby@suse.com |fcrozat@suse.com --- Comment #4 from Jiri Slaby <jslaby@suse.com> 2013-02-19 17:00:05 UTC --- Leaving up to you to decide what to do with this one... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804435 https://bugzilla.novell.com/show_bug.cgi?id=804435#c5 Frederic Crozat <fcrozat@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |mvyskocil@suse.com --- Comment #5 from Frederic Crozat <fcrozat@suse.com> 2013-02-19 17:14:49 UTC --- Michal, could you test with lxc.autodev=1 ? (it should be set in the created config for openSUSE, anyway) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804435 https://bugzilla.novell.com/show_bug.cgi?id=804435#c6 Michal Vyskocil <mvyskocil@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- InfoProvider|mvyskocil@suse.com |fcrozat@suse.com --- Comment #6 from Michal Vyskocil <mvyskocil@suse.com> 2013-02-20 10:09:35 UTC --- Hi Frederic, you are right, the nodes are created when lxc.autodev=1 is in, which is btw the default. They appear if you log into the container and are not visible by ls /var/lib/lxc/tomcat/rootfs/dev, neither by chroot. Unfortunately there is still a problem with chpasswd - my tests shows it is not connected with urandom, but something else in a PAM stack is not happy. I try to debug it using strace, but did not realize the problem. Unfortunately w/o /dev/log the pam debugging is almost impossible. I've some strace -f outputs - are you interested to check them? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804435 https://bugzilla.novell.com/show_bug.cgi?id=804435#c7 Frederic Crozat <fcrozat@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|fcrozat@suse.com | --- Comment #7 from Frederic Crozat <fcrozat@suse.com> 2013-02-20 11:03:42 UTC --- Well, I could re-create some devices there, even if they are hidden when container is booted (I really thought it was useless, not thinking about running software in chroot, before booting the container). Another possibility could be to create the needed devices at container creation time, then remove them when container is done (but it is probably too much trouble). opinions welcome. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804435 https://bugzilla.novell.com/show_bug.cgi?id=804435#c8 --- Comment #8 from Jiri Slaby <jslaby@suse.com> 2013-02-20 15:26:55 UTC --- (In reply to comment #7)
opinions welcome.
Wouldn't a bind-mount of /dev suffice for that very chpasswd moment? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804435 https://bugzilla.novell.com/show_bug.cgi?id=804435#c9 --- Comment #9 from Frederic Crozat <fcrozat@suse.com> 2013-02-20 15:43:58 UTC --- (In reply to comment #8)
(In reply to comment #7)
opinions welcome.
Wouldn't a bind-mount of /dev suffice for that very chpasswd moment?
probably.. This is strange because I'm working right now on updating lxc openSUSE template to install 12.3 (and it requires some changes, not only release number change) and I didn't saw the need for /dev/urandom nor /dev/log when container was installed (chpasswd worked). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804435 https://bugzilla.novell.com/show_bug.cgi?id=804435#c10 --- Comment #10 from Frederic Crozat <fcrozat@suse.com> 2013-02-20 17:46:45 UTC --- I've update template for 12.3, please test at https://build.opensuse.org/package/show?package=lxc&project=home%3Afcrozat%3Abranches%3AVirtualization I'd like to push it for 12.3 final, if it is still possible (otherwise, as an update). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804435 https://bugzilla.novell.com/show_bug.cgi?id=804435#c11 --- Comment #11 from Michal Vyskocil <mvyskocil@suse.com> 2013-02-21 15:29:11 UTC --- The chpasswd problem still appears :-( -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804435 https://bugzilla.novell.com/show_bug.cgi?id=804435#c12 --- Comment #12 from Frederic Crozat <fcrozat@suse.com> 2013-02-21 15:38:16 UTC --- I don't have the issue.. Very strange, chpasswd works for me.. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804435 https://bugzilla.novell.com/show_bug.cgi?id=804435#c13 --- Comment #13 from Frederic Crozat <fcrozat@suse.com> 2013-02-21 15:39:31 UTC --- oh, my bad, you try to run chpasswd while chrooting in the container, right ? Does it works if you use chpasswd -R /path_to_container, without chrooting ? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804435 https://bugzilla.novell.com/show_bug.cgi?id=804435#c14 --- Comment #14 from Jiri Slaby <jslaby@suse.com> 2013-02-21 15:41:20 UTC --- (In reply to comment #13)
Does it works if you use chpasswd -R /path_to_container, without chrooting ?
Not for me... It fails while lxc-create is proceeding. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804435 https://bugzilla.novell.com/show_bug.cgi?id=804435#c15 --- Comment #15 from Frederic Crozat <fcrozat@suse.com> 2013-02-21 15:52:49 UTC --- (In reply to comment #14)
(In reply to comment #13)
Does it works if you use chpasswd -R /path_to_container, without chrooting ?
Not for me... It fails while lxc-create is proceeding.
hmm, so we have some different config, because I don't have this issue, neither running passwd in the chroot itself to change root password.. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804435 https://bugzilla.novell.com/show_bug.cgi?id=804435#c16 --- Comment #16 from Michal Vyskocil <mvyskocil@suse.com> 2013-02-25 14:51:55 UTC --- Hi, @jiri: I assume you have to remove the cache /var/cache/lxc/opensuse, because I'd say the 12.2 packages are still installed, so it is inconsistent with a new template for 12.3. @frederic: maybe it is a good idea to use opensuse-${DISTRO} cache directory Anyway with cleaned cache, chpasswd no longer fail Checking cache download in /var/cache/lxc/opensuse/rootfs-x86_64 ... Copy /var/cache/lxc/opensuse/rootfs-x86_64 to /var/lib/lxc/test2/rootfs ... Copying rootfs to /var/lib/lxc/test2/rootfs ...Please change root-password ! BAD PASSWORD: it is too short BAD PASSWORD: is too simple 'opensuse' template installed 'test2' created BTW: I've got a lot of when container is started <46>systemd-journal[446]: Received SIGURS1 This is relevant log (root logout from a system) Feb 25 15:46:04 test2 login[414]: pam_unix(login:session): session opened for user root by LOGIN(uid=0) Feb 25 15:46:04 test2 systemd-logind[30]: New session 21 of user root. Feb 25 15:46:04 test2 login[414]: ROOT LOGIN ON console Feb 25 15:47:23 test2 login[414]: pam_unix(login:session): session closed for user root Feb 25 15:47:24 test2 systemd-journal[464]: Allowing system journal files to grow to 4.0G. Feb 25 15:47:24 test2 systemd-journal[464]: Journal started Feb 25 15:47:23 test2 systemd[1]: console-getty.service holdoff time over, scheduling restart. Feb 25 15:47:23 test2 systemd[1]: Stopping Console Getty... Feb 25 15:47:23 test2 systemd[1]: Starting Console Getty... Feb 25 15:47:23 test2 systemd[1]: Started Console Getty. Feb 25 15:47:24 test2 systemd[1]: systemd-journald.service: main process exited, code=exited, status=1/FAILURE Feb 25 15:47:24 test2 systemd[1]: Started Trigger Flushing of Journal to Persistent Storage. BTW: I've got an issue when I've switched the LAN cable during a lxc-create, which triggered a new gateway and a connection failure. However template fails on an attempt to readd repo-oss and update repos. Please consider following change (or maybe the is a zypper switch for that purpose) + if [[ ! -f $cache/partial-$arch-packages/etc/zypp/repos.d/repo-oss.repo ]]; then + zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss/ repo-oss || return 1 + fi + if [[ ! -f $cache/partial-$arch-packages/etc/zypp/repos.d/update.repo ]]; then + zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update || return 1 + fi -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804435 https://bugzilla.novell.com/show_bug.cgi?id=804435#c17 --- Comment #17 from Frederic Crozat <fcrozat@suse.com> 2013-02-25 14:59:25 UTC --- (In reply to comment #16)
Hi,
@jiri: I assume you have to remove the cache /var/cache/lxc/opensuse, because I'd say the 12.2 packages are still installed, so it is inconsistent with a new template for 12.3.
@frederic: maybe it is a good idea to use opensuse-${DISTRO} cache directory
Well, versioning the cache wouldn't remove the old one (which would become irrelevant as soon as the template is updated). This is indeed a shortcoming in the current way we handle template and cache :(
Anyway with cleaned cache, chpasswd no longer fail
Good :)
BTW: I've got a lot of when container is started
<46>systemd-journal[446]: Received SIGURS1
Yes, I saw that. But I didn't spend time to debug it.
BTW: I've got an issue when I've switched the LAN cable during a lxc-create, which triggered a new gateway and a connection failure. However template fails on an attempt to readd repo-oss and update repos.
Please consider following change (or maybe the is a zypper switch for that purpose)
+ if [[ ! -f $cache/partial-$arch-packages/etc/zypp/repos.d/repo-oss.repo ]]; then + zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss/ repo-oss || return 1 + fi + if [[ ! -f $cache/partial-$arch-packages/etc/zypp/repos.d/update.repo ]]; then + zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update || return 1 + fi
Could you do a sr against lxc package with this change ? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804435 https://bugzilla.novell.com/show_bug.cgi?id=804435#c18 Michal Vyskocil <mvyskocil@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |fcrozat@suse.com --- Comment #18 from Michal Vyskocil <mvyskocil@suse.com> 2013-02-26 10:09:13 UTC --- (In reply to comment #17)
(In reply to comment #16)
Hi,
@jiri: I assume you have to remove the cache /var/cache/lxc/opensuse, because I'd say the 12.2 packages are still installed, so it is inconsistent with a new template for 12.3.
@frederic: maybe it is a good idea to use opensuse-${DISTRO} cache directory
Well, versioning the cache wouldn't remove the old one (which would become irrelevant as soon as the template is updated).
This is indeed a shortcoming in the current way we handle template and cache :(
Well, it is probably better than using a template with 12.3, with packages from 12.2. What about to check if VERSION_ID in /etc/os-release matches the DISTRO and if no, remove cache? Maybe install_opensuse can do it.
Could you do a sr against lxc package with this change ?
Sure 156404 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804435 https://bugzilla.novell.com/show_bug.cgi?id=804435#c19 Frederic Crozat <fcrozat@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|fcrozat@suse.com | --- Comment #19 from Frederic Crozat <fcrozat@suse.com> 2013-02-26 12:06:25 UTC --- (In reply to comment #18)
(In reply to comment #17)
(In reply to comment #16)
Hi,
@jiri: I assume you have to remove the cache /var/cache/lxc/opensuse, because I'd say the 12.2 packages are still installed, so it is inconsistent with a new template for 12.3.
@frederic: maybe it is a good idea to use opensuse-${DISTRO} cache directory
Well, versioning the cache wouldn't remove the old one (which would become irrelevant as soon as the template is updated).
This is indeed a shortcoming in the current way we handle template and cache :(
Well, it is probably better than using a template with 12.3, with packages from 12.2. What about to check if VERSION_ID in /etc/os-release matches the DISTRO and if no, remove cache? Maybe install_opensuse can do it.
Yes, it sounds cleaner..
Could you do a sr against lxc package with this change ?
Sure 156404
Jiri accepted it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804435 https://bugzilla.novell.com/show_bug.cgi?id=804435#c20 --- Comment #20 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-02-26 14:00:09 CET --- This is an autogenerated message for OBS integration: This bug (804435) was mentioned in https://build.opensuse.org/request/show/156416 Factory / lxc -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804435 https://bugzilla.novell.com/show_bug.cgi?id=804435#c21 --- Comment #21 from Michal Vyskocil <mvyskocil@suse.com> 2013-02-26 14:37:15 UTC ---
This is indeed a shortcoming in the current way we handle template and cache :(
Well, it is probably better than using a template with 12.3, with packages from 12.2. What about to check if VERSION_ID in /etc/os-release matches the DISTRO and if no, remove cache? Maybe install_opensuse can do it.
Yes, it sounds cleaner..
sent to Virtualization by 156437 - I would say this bug can be then marked as RESOLVED/FIXED. Thanks for your valuable help! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804435 https://bugzilla.novell.com/show_bug.cgi?id=804435#c22 Frederic Crozat <fcrozat@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #22 from Frederic Crozat <fcrozat@suse.com> 2013-02-26 16:09:33 UTC --- looks good for me. Jiri, please accept it. Closing as fixed -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804435 https://bugzilla.novell.com/show_bug.cgi?id=804435#c23 --- Comment #23 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-02-26 20:00:24 CET --- This is an autogenerated message for OBS integration: This bug (804435) was mentioned in https://build.opensuse.org/request/show/156461 Factory / lxc -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804435 https://bugzilla.novell.com/show_bug.cgi?id=804435#c24 --- Comment #24 from Frederic Crozat <fcrozat@suse.com> 2013-03-07 17:18:23 UTC --- it looks like some of the changes broke container generation on 12.3 / x86_64 (was working fine on i586). I've pushed sr#157927 Let's do a maintenance update with this fix (and the cache cleaning fix) for 12.3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804435 https://bugzilla.novell.com/show_bug.cgi?id=804435#c25 --- Comment #25 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-03-08 15:00:08 CET --- This is an autogenerated message for OBS integration: This bug (804435) was mentioned in https://build.opensuse.org/request/show/158004 Factory / lxc -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com