openstack/tripleo-heat-templates
Code Issues Proposed changes

Use '0' instead of root in container-puppet.py

Browse Source 
Even though the number of user lookups have been reduced from two to one
via https://github.com/containers/libpod/pull/1978, we still see the
following error from time to time:
time="2019-11-22T19:19:33Z" level=debug msg="ExitCode msg: \"unable to find user root: no matching entries in passwd file\""
time="2019-11-22T19:19:33Z" level=error msg="unable to find user root: no matching entries in passwd file"

The TLDR; is that podman/docker, when passed a --user=<name> parameter,
will parse the /etc/passwd file inside the container and detect the
uid/gid to switch to. The problem seems to be that sometimes this
/etc/passwd is either read as empty or non-existant when we try and
parse it (the root-cause of which is the real underlying bug).

Since it seems that root-causing this will take a rather large amount of
time, we can just pass the UID directly which will not fail when
the parsing code cannot find the specified user in /etc/passwd, as it
simply uses the provided UID:
https://github.com/containers/libpod/blob/master/vendor/github.com/opencontainers/runc/libcontainer/user/user.go#L333

Tested this by running a reproducer on three machines for a total
of ~800 runs and had 0 occurrences of this error. Previously I could
reproduce this issue in about 30 to 60 runs at most.

Related rhbz: 1776766
Related-Bug: #1803544

NB: Cherry-pick not 100% clean

Change-Id: Ia9860107c35e543a05775596076873ea950b7400
(cherry picked from commit 393e96b5b9)
This commit is contained in:
Michele Baldessari
2019-11-26 17:18:03 +01:00
parent 8002eb7df2
commit 871c1a3032
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
common/container-puppet.py
+6 -1
View File
@@ -307,7 +307,12 @@ def mp_puppet_config(*args):
pull_image(config_image)
common_dcmd = [cli_cmd, 'run',
'--user', 'root',
# Using '0' and not 'root' because it seems podman is susceptible to a race condition
# https://bugzilla.redhat.com/show_bug.cgi?id=1776766 and
# https://bugs.launchpad.net/tripleo/+bug/1803544 which are still lurking
# by using a UID we skip the code that parses /etc/passwd entirely and basically
# paper over this issue
'--user', '0',
'--name', uname,
'--env', 'PUPPET_TAGS=%s' % puppet_tags,
'--env', 'NAME=%s' % config_volume,