New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ceph.spec.in: fix handling of /var/run/ceph #3916
Conversation
SUCCESS: the output of run-make-check.sh on centos-7 for a1cff47 is http://paste2.org/PXnYpf56 |
about the commit message: "...gain the ability to automatically the permissions ..." there seems to be a word missing (e.g. "... automatically set the permissions ...") |
9c6bece
to
54fd4c2
Compare
Great catch, thanks. I've changed "automatically the permissions" to "automatically set the permissions". |
SUCCESS: the output of run-make-check.sh on centos-7 for ba836ef is http://paste2.org/c0w7yDfU |
54fd4c2
to
f4b4131
Compare
SUCCESS: the output of run-make-check.sh on centos-7 for f00b84e is http://paste2.org/NhzZmULe |
Still not sure if this is the right way to do it. It's for example handled differently in openSUSE: https://en.opensuse.org/openSUSE:Systemd_packaging_guidelines#Creating_files_.2F_subdirectories_in_.2Fvar.2Frun_and_.2Frun The SUSE Ceph package still uses in the %install dir: %if 0%{?suse_version} >= 1310 and in %files: %if 0%{?suse_version} < 1310 https://build.opensuse.org/package/view_file/filesystems:ceph/ceph/ceph.spec?expand=1 |
Thanks for the links. I see now that I did not catch up with the latest information regarding systemd here. On older systems that don't have systemd (ie. RHEL 6), @dalgaaf , how does that sound? |
I still wonder what the actual problem with the |
The problem with So the immediate issue is for RGW, and from what Sage has said, there's also work in progress to make Ceph itself run as a non-root user too. Since we want Ceph (and RGW) to eventually stop running as root, it makes sense for us to stop using Regarding your question of how other daemons do this, I checked the
There's no On RHEL 7, the mariadb package has
If this sounds good to you, I can re-work this pull request to include the tmpfiles.d snippet on distros with systemd in addition to removing the |
I guess for now we can leave systemd out of the picture, we don't even package systemd atm to rpm. I take a separate look into it, we have to check which Fedora/SUSE products already use systemd. Go ahead with the patch, but may use %attr(0755,root,root) %dir %{_localstatedir}/run/ceph. I will merge it then. |
Thanks Danny! new patch coming up. |
Prior to this commit, we didn't install /var/run/ceph as a normal directory. We used the %ghost directive and created the directory with a "mkdir" command in %post. This was lacking in several ways: 1) Simplicy: there is no need to use %ghost; other packages (eg. mariadb) simply use a normal %dir for their socket directory. 2) RPM does not have control over the permissions of the /var/run/ceph directory. This does not interact well with "rpm -V". Moreover, once Ceph itself gets unprivileged user support, RPM itself won't be able to set the permissions of the directory for a (future) unprivileged UID. 3) On distributions that use systemd as an init system, /var/run is a symlink to /run, which is tmpfs. This means that /var/run/ceph does not persist across reboots on those systems. Remove the %ghost directive; it makes more sense for RPM to simply install this directory like the rest of the %files. Add a "_with_systemd" conditional so we know which distros use systemd as their init system. Add the /etc/tmpfiles.d/ceph.conf file on those distros. See http://www.freedesktop.org/software/systemd/man/tmpfiles.d.html Signed-off-by: Ken Dreyer <kdreyer@redhat.com>
f4b4131
to
71a5090
Compare
SUCCESS: the output of run-make-check.sh on centos-7 for 110d87e is http://paste2.org/DXw7jzH4 |
ceph.spec.in: fix handling of /var/run/ceph Reviewed-by: Danny Al-Gaaf <danny.al-gaaf@bisect.de>
welp, this broke master. The fix is in #4181 |
We want the RPM to install this.
%ghost
won't actually install it.The purpose of this change is 1) simplicity and 2) gain the ability to automatically the permissions of the directory once Ceph gains unprivileged user support.
CC'ing @BRANTO1 for review.