Merge ~ogayot/curtin:systemd-offline into curtin:master
Status: | Merged | ||||
---|---|---|---|---|---|
Approved by: | Olivier Gayot | ||||
Approved revision: | 568b903a1dbef12519069b7022f541a889d95187 | ||||
Merge reported by: | Server Team CI bot | ||||
Merged at revision: | not available | ||||
Proposed branch: | ~ogayot/curtin:systemd-offline | ||||
Merge into: | curtin:master | ||||
Diff against target: |
115 lines (+80/-1) 2 files modified
curtin/util.py (+29/-1) tests/unittests/test_util.py (+51/-0) |
||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Dan Bungert | Approve | ||
Server Team CI bot | continuous-integration | Approve | |
Chris Peterson | Approve | ||
Review via email: mp+462140@code.launchpad.net |
Commit message
apt: ensure systemd knows it runs in a chroot, when executing postinst
Since we added the --mount-proc option to unshare, the postinst script
for openssh-server (and most likely other packages) started failing with
the following error when `systemctl daemon-reload` was invoked:
> Failed to connect to bus: No data available
Before the option was added, it would simply do nothing because systemd
rightly understood it was running in a chroot.
To determine if we are running in a chroot, systemd checks if
/proc/1/root (corresponding to the init process) and / are the same
inode. If they are different, systemd assumes we are in a chroot.
However, we are running apt-get in a new PID namespace which means that
in the new namespace, apt-get gets assigned PID 1 and is therefore the
"init" process.
Now that /proc is properly mounted in the chroot, when systemd compares
/proc/1/root and /, it sees they are identical because the init process
(which is apt-get) is actually running inside the chroot.
Without the --mount-proc option, /proc/1 in the chroot would still refer
to the systemd init process (running outside the chroot), so it would
work properly.
With the SYSTEMD_OFFLINE variable, one can "force" systemd to assume
it is running in a chroot. Let's use it when running commands in a
chroot, and when the variable is not already defined.
LP: #2056570
Signed-off-by: Olivier Gayot <email address hidden>
Description of the change
Since we added the --mount-proc option to unshare, the postinst script for openssh-server (and most likely other packages) started failing with the following error when `systemctl daemon-reload` was invoked:
> Failed to connect to bus: No data available
This would cause failed installations of Ubuntu. This happens because systemd fails to determine that we are running in a chroot when executed in the postinst script context.
To determine if we are running in a chroot, systemd checks if /proc/1/root (corresponding to the init process) and / are the same inode. If they are different, systemd assumes we are in a chroot.
However, we are running apt-get in a new PID namespace which means that in the new namespace, apt-get gets assigned PID 1 and is therefore the "init" process.
Now that /proc is properly mounted in the chroot, when systemd compares /proc/1/root and /, it sees they are identical because the init process (which is apt-get) is actually running inside the chroot.
Without the --mount-proc option, /proc/1 in the chroot would still refer to the systemd init process (running outside the chroot), so it would work properly.
With the SYSTEMD_OFFLINE variable, one can "force" systemd to assume it is running in a chroot. Let's use it.
FAILED: Continuous integration, rev:8147f701907 1577fb3ba49de55 739fcc49460773 /jenkins. canonical. com/server- team/job/ curtin- ci/251/ /jenkins. canonical. com/server- team/job/ curtin- ci/nodes= metal-amd64/ 251/ /jenkins. canonical. com/server- team/job/ curtin- ci/nodes= metal-arm64/ 251/ /jenkins. canonical. com/server- team/job/ curtin- ci/nodes= metal-ppc64el/ 251/ /jenkins. canonical. com/server- team/job/ curtin- ci/nodes= metal-s390x/ 251/
https:/
Executed test runs:
FAILURE: https:/
FAILURE: https:/
FAILURE: https:/
FAILURE: https:/
Click here to trigger a rebuild: /jenkins. canonical. com/server- team/job/ curtin- ci/251/ /rebuild
https:/