Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1557356
Summary: | etcd.service fails to start: missing system user and rpm scripts | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jan Pazdziora <jpazdziora> |
Component: | etcd | Assignee: | Jan Chaloupka <jchaloup> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 28 | CC: | gscrivan, jcajka, jchaloup, jpazdziora, lacypret, lemenkov, mpitt |
Target Milestone: | --- | Keywords: | Regression |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | etcd-3.2.16-2.fc27 etcd-3.2.16-2.fc28 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-06-16 19:31:48 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jan Pazdziora
2018-03-16 13:26:31 UTC
I am not able to reproduce it with etcd-3.2.16-1.fc28.x86_64 nor with etcd-3.2.16-1.fc29.x86_64 on my f24 local machine. Can you provide output of journalctl -xeu etcd.service ? This is trivial to reproduce on a freshly installed Fedora 28, I see it in our new Cockpit test images, too. The error is simply this: # journalctl -ocat -b -u etcd Starting Etcd Server... etcd.service: Failed to determine user credentials: No such process etcd.service: Failed at step USER spawning /bin/bash: No such process etcd.service: Main process exited, code=exited, status=217/USER # getent passwd etcd # On Fedora-27, the "etcd" system user gets created by the %post script: # rpm -q --scripts etcd preinstall scriptlet (using /bin/sh): getent group etcd >/dev/null || groupadd -r etcd getent passwd etcd >/dev/null || useradd -r -g etcd -d /var/lib/etcd \ -s /sbin/nologin -c "etcd user" etcd Whereas in Fedora 28 it seems to have lost all of its scripts: # rpm -q --scripts etcd I played around with this a bit. In particular whether the %pre script could be avoided with `DynamicUser=yes`, but that also seems to fail: audit[2647]: AVC avc: denied { write } for pid=2647 comm="(bash)" name=".pwd.lock" dev="dm-0" ino=4226691 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file permissive=0 etcd.service: Failed to update dynamic user credentials: Permission denied So this is a bug in Fedora 28 that breaks DynamicUser= in general. However, after `setenforce 0` starting etcd just hangs completely, and so does `getent passwd etcd`. So perhaps let's not get too fancy just yet :) (I'll file a separate bug about this). I ran the groupadd/useradd commands manually, and now it gets a little further, but still fails: cannot access data directory: mkdir /var/lib/etcd/default.etcd: permission denied which isn't too surprising as the directory is owned by root: # ls -ld /var/lib/etcd/ drwxr-xr-x. 2 root root 6 9. Mär 15:56 /var/lib/etcd/ In Fedora 27 there is no chown/chmod in the %pre or %post scripts, so I wonder how that worked there. What works is to not ship /var/lib/etcd/ in the rpm, and let systemd create it with correct ownership at startup: [Service] StateDirectory=etcd etcd-3.2.16-2.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-d9254d3db6 etcd-3.2.16-2.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-713528f10c etcd-3.2.16-2.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-713528f10c etcd-3.2.16-2.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-d9254d3db6 Confirming that on current F28 etcd.service starts correctly. Thanks! etcd-3.2.16-2.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report. etcd-3.2.16-2.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report. |