Hi,
thank you for the suggestion and the postintall template.
We are doing a similar things with slurm/munge and others to ensure that we've
got the same uid/gid on every node, using
ansible in a chroot context.
I don't want to freeze every system uid/gid. I think I'll shrink my pkglist to
the absolutely strict necessary -insand
do most of my package installation in the chroot context, without using
--installroot.
Jean-Baptiste
On 7/15/20 5:55 AM, Carl wrote:
> Hi,
>
> Chrony seems to pickup the correct file ownership for our environment,
> so I cant really comment on where it might be going wrong for you.
>
> However, I can provide a workaround. The code below is based on the
> compute.postinstall template and what we use to setup SLURM. So it
> would be trivial to adapt to your situation.
>
> Cheers,
>
> Carl.
>
> ----
> #
>
> installroot=$1
> osver=$2
> arch=$3
> profile=$4
> workdir=$5
>
> # Create the munge user and group
> cat << EOF | chroot $installroot
> /usr/sbin/groupadd -r -g 900 munge
> /usr/sbin/useradd -r -u 900 -g munge -d /var/run/munge -s
> /sbin/nologin -c "Runs Uid 'N' Gid Emporium" munge
> /usr/sbin/groupadd -r -g 901 slurm
> /usr/sbin/useradd -r -u 901 -g slurm -d /var/run/slurm -s
> /sbin/nologin -c "SLURM resource manager" slurm
> EOF
>
> # Install munge
> /usr/bin/yum --installroot=$installroot -y localinstall
> /install/post/otherpkgs/centos7/x86_64/munge*
> /usr/bin/rsync -a /etc/munge $installroot/etc/
>
> # Setup slurmd
> cp -f /usr/local/src/SLURM/current/etc/slurmd.service
> $installroot/usr/lib/systemd/system/
>
> # Enable munge and slurm services to start on boot
> cat << EOF | chroot $installroot
> /usr/bin/systemctl enable munge
> /usr/bin/systemctl enable slurmd
> EOF
> ----
>
> On Wed, 15 Jul 2020 at 01:06, Jean-Baptiste Denis <jbde...@pasteur.fr> wrote:
>>
>> Tedious indeed. Here is the list of users with different uid/gid between
>> xcat server and my stateless image:
>>
>> # join -j 1 <(awk -F: '{print $1" "$3":"$4}'
>> /install/image/netboot/cpu/netboot-cpu-centos8.1/img/rootimg/etc/passwd|sort)
>> <(awk -F: '{print $1" "$3":"$4}'
>> /etc/passwd | sort) | column -t | awk '{ if ($2!=$3) { print $0} }'
>> chrony 994:990 995:992
>> pcp 997:994 400:399
>> polkitd 998:995 998:996
>> sssd 995:991 996:993
>> unbound 996:993 997:995
>>
>> I need to think about the best way to handle this. I can't say if there is a
>> solution on the xcat side though, aside of
>> not using yum --installroot and run yum in the chroot context ?
>>
>> Jean-Baptiste
>>
>> On 7/14/20 1:15 PM, Jean-Baptiste Denis wrote:
>>> Details here:
>>>
>>> https://bugzilla.redhat.com/show_bug.cgi?id=1718146
>>> https://github.com/rpm-software-management/rpm/issues/882
>>>
>>> I was not aware of this behavior, but it makes sense.
>>>
>>> The only viable solution seems to remove all the xcat pkglist packages that
>>> are creating user and directories during
>>> installation. That's doable, but it's quite tedious.
>>>
>>> Jean-Baptiste
>>>
>>> On 7/14/20 1:01 PM, Jean-Baptiste Denis wrote:
>>>> In fact, I can reproduce the problem only using yum:
>>>>
>>>> $ yum --installroot /tmp/chronytest install chrony
>>>>
>>>> The resulting /tmp/chronytest/var/lib/chrony has the uid/gid of the chrony
>>>> user of /etc/passwd, not
>>>> /tmp/chronytest/etc/passwd.
>>>>
>>>> Jean-Baptiste
>>>>
>>>> On 7/14/20 12:41 PM, Jean-Baptiste Denis wrote:
>>>>> Hello,
>>>>>
>>>>> I've got a problem regarding some uid inside a stateless image.
>>>>>
>>>>> I've got my xcat server with chrony installed:
>>>>>
>>>>> $ grep chrony /etc/passwd
>>>>> chrony:x:995:992::/var/lib/chrony:/sbin/nologin
>>>>>
>>>>> The chrony user has uid 995 and gid 992 on the xcat server.
>>>>>
>>>>> Inside the stateless image, just after the genimage (chrony is installed
>>>>> using a pkglist), the chrony user has uid 994
>>>>> and gid 990:
>>>>>
>>>>> $ grep chrony
>>>>> /install/image/netboot/cpu/netboot-cpu-centos8.1/img/rootimg/etc/passwd
>>>>> chrony:x:994:990::/var/lib/chrony:/sbin/nologin
>>>>>
>>>>> The problem is that the chrony package installation is creating a
>>>>> /var/lib/chrony directory in the rootimg directory
>>>>> using the chrony user from the xcat host and not the one from the image:
>>>>>
>>>>> $ ls -nd
>>>>> /install/image/netboot/cpu/netboot-cpu-centos8.1/img/rootimg/var/lib/chrony/
>>>>> drwxr-xr-x 2 995 992 6 Nov 19 2019
>>>>> /install/image/netboot/cpu/netboot-cpu-centos8.1/img/rootimg/var/lib/chrony/
>>>>>
>>>>> It should be 994:990.
>>>>>
>>>>> This is problematic, because when I boot on the image, the
>>>>> /var/lib/chrony directory owner is 'sssd' and group is
>>>>> 'systemd-coredump'. I've only spotted this specific problem, but it could
>>>>> potentially concerns other users/groups. I'd
>>>>> rather not just 'fixing' the owner/group of this directory. One solution
>>>>> could be to remove all packages that create
>>>>> users from the pkglist and install them after directory in the chroot.
>>>>>
>>>>> It seems to me quite difficult to synchronize *system* user/group on the
>>>>> xcat server and within the images. It basically
>>>>> depends on the package order installation.
>>>>>
>>>>> So I was wondering if I was doing something wrong here ? Maybe I missed
>>>>> something.
>>>>>
>>>>> Thank you,
>>>>>
>>>>> Jean-Baptiste
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> xCAT-user mailing list
>>>>> xCAT-user@lists.sourceforge.net
>>>>> https://lists.sourceforge.net/lists/listinfo/xcat-user
>>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> xCAT-user mailing list
>>>> xCAT-user@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/xcat-user
>>>>
>>>
>>
>>
>>
>> _______________________________________________
>> xCAT-user mailing list
>> xCAT-user@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/xcat-user
>
>
> _______________________________________________
> xCAT-user mailing list
> xCAT-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/xcat-user
>
_______________________________________________
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user
