Ubuntu Repository Cache Charm

cluster-relation-changed runs as 'www-sync' user causing permissions issues with rendering configs

Bug #1835136 reported by Haw Loeung
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Ubuntu Repository Cache Charm
Fix Released
Undecided
Haw Loeung

Bug Description

Hi,

| root 1728 0.0 1.0 558812 72204 ? Sl Jul02 0:00 \_ /var/lib/juju/tools/unit-ubuntu-repository-cache-6/jujud unit --data-dir /var/lib/juju --unit-name ubuntu-repository-cache/6 --debug
| www-sync 16493 0.0 0.2 72592 16144 ? S Jul02 0:00 \_ /usr/bin/python3 /var/lib/juju/agents/unit-ubuntu-repository-cache-6/charm/hooks/cluster-relation-changed
| www-sync 17210 0.0 0.0 8644 796 ? S Jul02 0:00 \_ timeout rsync ...

As far as I can see in the charm, only ubuntu_repository_cache_sync() should be running as www-sync per below:

| @HOOKS.hook('ubuntu_repository_cache_sync')
| @util.run_as_user('www-sync')
| def ubuntu_repository_cache_sync():
| ...

But this does not appear to be the case, likely to do with implementation of util.run_as_user() or it's usage. Anyways, the cluster-relation-changed hook can fail per below:

| 2019-07-02 23:38:26 INFO juju-log cluster:1: Rendering configuration templates
| 2019-07-02 23:38:26 INFO juju-log cluster:1: Rendering apache2 configuration templates
| 2019-07-02 23:38:26 INFO juju-log cluster:1: Writing file /etc/apache2/sites-available/archive_ubuntu_com.conf root:root 444
| 2019-07-02 23:38:26 INFO juju-log cluster:1: Writing file /etc/apache2/conf-available/000mpm-worker.conf root:root 444
| 2019-07-02 23:38:26 DEBUG cluster-relation-changed Conf 000mpm-worker already enabled
| 2019-07-02 23:38:26 INFO juju-log cluster:1: Writing file /etc/apache2/conf-available/security.conf root:root 444
| 2019-07-02 23:38:26 DEBUG cluster-relation-changed Conf security already enabled
| 2019-07-02 23:38:26 INFO juju-log cluster:1: Rendering squid configuration templates
| 2019-07-02 23:38:26 INFO juju-log cluster:1: Writing file /etc/squid-deb-proxy/squid-deb-proxy.conf root:root 444
| 2019-07-02 23:38:26 INFO juju-log cluster:1: Writing file /etc/squid-deb-proxy/allowed-networks-src.acl root:root 444
| 2019-07-02 23:38:26 INFO juju-log cluster:1: Writing file /etc/squid-deb-proxy/mirror-dstdomain.acl.d/99-ubuntu-repository-cache root:root 444
| 2019-07-02 23:38:26 INFO juju-log cluster:1: Writing file /etc/logrotate.d/apache2 root:root 444
| 2019-07-02 23:38:26 DEBUG cluster-relation-changed Traceback (most recent call last):
| 2019-07-02 23:38:26 DEBUG cluster-relation-changed File "/var/lib/juju/agents/unit-ubuntu-repository-cache-6/charm/hooks/cluster-relation-changed", line 265, in <module>
| 2019-07-02 23:38:26 DEBUG cluster-relation-changed HOOKS.execute(sys.argv)
| 2019-07-02 23:38:26 DEBUG cluster-relation-changed File "/var/lib/juju/agents/unit-ubuntu-repository-cache-6/charm/lib/charmhelpers/core/hookenv.py", line 715, in execute
| 2019-07-02 23:38:26 DEBUG cluster-relation-changed self._hooks[hook_name]()
| 2019-07-02 23:38:26 DEBUG cluster-relation-changed File "/var/lib/juju/agents/unit-ubuntu-repository-cache-6/charm/hooks/cluster-relation-changed", line 197, in cluster_relation_changed
| 2019-07-02 23:38:26 DEBUG cluster-relation-changed service.render_configs()
| 2019-07-02 23:38:26 DEBUG cluster-relation-changed File "/var/lib/juju/agents/unit-ubuntu-repository-cache-6/charm/lib/ubuntu_repository_cache/service.py", line 224, in wrapped_f
| 2019-07-02 23:38:26 DEBUG cluster-relation-changed function(*args)
| 2019-07-02 23:38:26 DEBUG cluster-relation-changed File "/var/lib/juju/agents/unit-ubuntu-repository-cache-6/charm/lib/ubuntu_repository_cache/service.py", line 256, in render_configs
| 2019-07-02 23:38:26 DEBUG cluster-relation-changed logrotate_filename, logrotate_context)
| 2019-07-02 23:38:26 DEBUG cluster-relation-changed File "/var/lib/juju/agents/unit-ubuntu-repository-cache-6/charm/lib/charmhelpers/core/templating.py", line 83, in render
| 2019-07-02 23:38:26 DEBUG cluster-relation-changed host.write_file(target, content.encode(encoding), owner, group, perms)
| 2019-07-02 23:38:26 DEBUG cluster-relation-changed File "/var/lib/juju/agents/unit-ubuntu-repository-cache-6/charm/lib/charmhelpers/core/host.py", line 360, in write_file
| 2019-07-02 23:38:26 DEBUG cluster-relation-changed with open(path, 'wb') as target:
| 2019-07-02 23:38:26 DEBUG cluster-relation-changed PermissionError: [Errno 13] Permission denied: '/etc/logrotate.d/apache2'
| 2019-07-02 23:38:26 ERROR juju.worker.uniter.operation runhook.go:132 hook "cluster-relation-changed" failed: exit status 1
| 2019-07-02 23:38:26 INFO juju.worker.uniter resolver.go:124 awaiting error resolution for "relation-changed" hook

Related branches

lp:~hloeung/ubuntu-repository-cache/fix-logrotate-apache2-perms
Paul Collins: Approve (lgtm)
Canonical IS Reviewers: Pending requested
Diff: 12 lines (+1/-1)
1 file modified
lib/ubuntu_repository_cache/service.py (+1/-1)
Haw Loeung (hloeung)
Changed in ubuntu-repository-cache:
status: New → In Progress
assignee: nobody → Haw Loeung (hloeung)
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.