Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] manifests/group: drop all group entries #1839

Closed
wants to merge 3 commits into from
Closed

[WIP] manifests/group: drop all group entries #1839

wants to merge 3 commits into from

Conversation

lucab
Copy link
Contributor

@lucab lucab commented Jul 13, 2022

Do not merge: this is an experiment to check how the whole CI will react to an empty group file.

@lucab
overlay/sysusers: add fragments for all FCOS system groups
ac7ab2e 
This translates all Fedora CoreOS system groups (i.e. those coming
from group manifest) into equivalent sysusers.d fragments.

We currently ship four kinds of system groups:
 * basic groups coming from the `/etc/group` file in the `setup`
   package (10-groups-basic.conf)
 * the legacy GID for the `nobody` group (00-group-nobody.conf)
 * extra groups with static GIDs that adhere to the Fedora
   allocation table (10-groups-static-extra.conf)
 * extra groups with static GIDs that are specific to CoreOS
   (00-groups-coreos-static.conf)

These sysusers.d fragments are meant as a transitory measure to
help migrate the existing group entries from the current nss-altfiles
setup to a plain sysusers.d world.
@lucab
manifests/group: drop all group entries
d1778d9
@lucab
Copy link
Contributor Author

lucab commented Jul 13, 2022

An empty group manifest fails with:

[2022-07-13T07:33:53.310Z] error: While applying overrides for pkg util-linux: Could not find group 'tty' in group file
[...]
[2022-07-13T07:33:53.310Z] dnsmasq.prein: useradd: group '100' does not exist
[2022-07-13T07:33:53.310Z] dnsmasq.prein: useradd: the GROUP= configuration in /etc/default/useradd will be ignored
[2022-07-13T07:33:53.310Z] clevis.prein: useradd: group '100' does not exist
[2022-07-13T07:33:53.310Z] clevis.prein: useradd: the GROUP= configuration in /etc/default/useradd will be ignored

@lucab lucab mentioned this pull request Jul 13, 2022
Merged
@lucab
Copy link
Contributor Author

lucab commented Jul 14, 2022

With a minimal amount of group entries the compose managed to finish, but then the CI fails this way:

[   20.992422] ignition[833]: DEBUG    : files: ensureUsers: op(1): executing: "useradd" "--root" "/sysroot" "--create-home" "--password" "*" "--comment" "CoreOS Admin" "--groups" "adm,sudo,systemd-journal,wheel" "core"
[   20.998270] ignition[833]: CRITICAL : files: ensureUsers: op(1): [failed]   creating or modifying user "core": exit status 6:
Cmd: "useradd" "--root" "/sysroot" "--create-home" "--password" "*" "--comment" "CoreOS Admin" "--groups" "adm,sudo,systemd-journal,wheel" "core"
Stdout: ""
Stderr: "useradd: group 'adm' does not exist\nuseradd: group 'sudo' does not exist\nuseradd: group 'systemd-journal' does not exist\nuseradd: group 'wheel' does not exist\n"

I think I've reached the point where I need to land something like coreos/ignition#1153 or #774 before being able to pull off all the nss-altfiles bandaids.

@lucab lucab closed this Aug 9, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@lucab