Open dohq opened 5 years ago
Hi!
I have not personally seen this, but I don't know that I've used the UAA ruby CLI since we switched to Xenial. What happens if you redeploy on an Ubuntu Trusty stemcell?
oops!
I totally thought default installed uaac cli.
I manually installed cf-uaac ago...
sorry.
but I think that it is also a problem that the apt
command can not be executed.
Should I create another issue?
thanks.
I have no idea what's wrong with apt
.
Can you provide more information about stemcell version / APT repository configuration? I'll see if I can reproduce this issue.
(we can keep using this GH issue; i'll retitle it)
Thankyou fo reply. ok, I use version
stemcell
bosh-aws-xen-hvm-ubuntu-xenial-go_agent 170.19
and apt repositoty source
$ cat /etc/apt/sources.list
deb http://archive.ubuntu.com/ubuntu xenial main universe multiverse
deb http://archive.ubuntu.com/ubuntu xenial-updates main universe multiverse
deb http://security.ubuntu.com/ubuntu xenial-security main universe multiverse
My first use create-env jumpbox-boshrelease version is v4.4.5. after that updating 4.4.6 -> 4.5.0
Let me know if we can give you any other information.
Deploying 4.5.0 directly, I get the following:
# apt-get update
Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [107 kB]
Hit:2 http://archive.ubuntu.com/ubuntu xenial InRelease
Get:3 http://ppa.launchpad.net/adiscon/v8-stable/ubuntu xenial InRelease [17.5 kB]
Get:4 http://archive.ubuntu.com/ubuntu xenial-updates InRelease [109 kB]
Get:5 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages [600 kB]
Get:6 http://security.ubuntu.com/ubuntu xenial-security/main Translation-en [249 kB]
Get:7 http://security.ubuntu.com/ubuntu xenial-security/universe amd64 Packages [415 kB]
Get:8 http://security.ubuntu.com/ubuntu xenial-security/universe Translation-en [163 kB]
Get:9 http://ppa.launchpad.net/adiscon/v8-stable/ubuntu xenial/main amd64 Packages [6,648 B]
Get:10 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages [902 kB]
Get:11 http://archive.ubuntu.com/ubuntu xenial-updates/main Translation-en [365 kB]
Get:12 http://archive.ubuntu.com/ubuntu xenial-updates/universe amd64 Packages [719 kB]
Get:13 http://archive.ubuntu.com/ubuntu xenial-updates/universe Translation-en [295 kB]
Fetched 3,948 kB in 2s (1,570 kB/s)
Reading package lists... Done
# apt install libyaml-2-0
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package libyaml-2-0
I trying install is libyaml-0-2
sorry I missed package name.
but apt-get update
output diffarent my jumpbox...
jumpbox# apt update
Get:1 http://ppa.launchpad.net/adiscon/v8-stable/ubuntu xenial InRelease [17.5 kB]
Hit:2 http://archive.ubuntu.com/ubuntu xenial InRelease
Get:3 http://ppa.launchpad.net/adiscon/v8-stable/ubuntu xenial/main amd64 Packages [6,648 B]
Get:4 http://archive.ubuntu.com/ubuntu xenial-updates InRelease [109 kB]
Get:5 http://security.ubuntu.com/ubuntu xenial-security InRelease [109 kB]
Get:6 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages [902 kB]
Get:7 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages [600 kB]
Get:8 http://archive.ubuntu.com/ubuntu xenial-updates/universe amd64 Packages [720 kB]
Get:9 http://archive.ubuntu.com/ubuntu xenial-updates/universe Translation-en [295 kB]
Get:10 http://archive.ubuntu.com/ubuntu xenial-updates/multiverse amd64 Packages [16.6 kB]
Get:11 http://security.ubuntu.com/ubuntu xenial-security/universe amd64 Packages [415 kB]
Get:12 http://security.ubuntu.com/ubuntu xenial-security/universe Translation-en [163 kB]
Get:13 http://security.ubuntu.com/ubuntu xenial-security/multiverse amd64 Packages [5,600 B]
Get:14 http://security.ubuntu.com/ubuntu xenial-security/multiverse Translation-en [2,676 B]
Fetched 3,363 kB in 3s (841 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
13 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: No sandbox user '_apt' on the system, can not drop privileges
W: No sandbox user '_apt' on the system, can not drop privileges
Hmm...
I don't believe that the _apt
sandbox user warning is the issue here; it's just a warning, and there's another error about statoverrides in the original post. Also see https://askubuntu.com/questions/882039/no-sandbox-user-apt-on-the-system-can-not-drop-privileges
Some digging around on the 'net makes it sound like something was installed, in the past, that references a user that has since been removed from /etc/passwd
.
From my fresh 4.5.0 jumpbox, I get this:
[13:44:09] bosh_696c4995e6ef487@jumpbox ~
$ id messagebus
uid=106(messagebus) gid=110(messagebus) groups=110(messagebus)
Looking for any files owned by UID 106 nets me this:
[13:44:24] bosh_696c4995e6ef487@jumpbox ~
$ sudo find / -uid 106 2>/dev/null
/proc/507
/proc/507/task
/proc/507/task/507
/proc/507/task/507/net
/proc/507/task/507/attr
/proc/507/task/507/attr/selinux
/proc/507/task/507/attr/smack
/proc/507/task/507/attr/apparmor
/proc/507/net
/proc/507/attr
/proc/507/attr/selinux
/proc/507/attr/smack
/proc/507/attr/apparmor
And finally, checking the process table for PID 507 (using the '[p]id trick'):
[13:45:20] bosh_696c4995e6ef487@jumpbox ~
$ ps -ef | grep ' [5]07 '
message+ 507 1 0 Jan22 ? 00:00:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
Which makes sense; dbus is the message bus, so it's user should be messagebus.
A few questions:
1) Do you have a dbus-daemon
process on your system, and if so, what is its effective UID?
2) Do you have a messagebus
user in /etc/passwd? Feel free to post id messagebus
and getent passwd messagebus
output, it's safe.
3) Do you have this issue if you install a fresh 4.4.x jumpbox deployment, and then upgrade immediately to 4.5.x?
Thnkyou for reply. I will try that this weekend.
Sorry very very late for reply...
From then on 4.4 → 4.5, I tried as much as I can think of, but did not reproduce. . . Perhaps there was a problem with my operation. You can close this issue once. I am sorry for taking the trouble.
No worries. Glad the update worked out for you!
More details on the issue. On boxes upgraded from Trusty to Xenial, packages installed via trusty may not correctly work on Xenial. Trying to install new packages (or replace missing packages) fails. This is often noticed when trying to Ruby after libyaml goes missing and RVM can't apt install
it again but happens for any package, for example nmap
.
# apt install nmap
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
libblas-common libblas3 liblinear3 liblua5.2-0 lua-lpeg ndiff python-bs4 python-chardet python-html5lib python-lxml python-six
Suggested packages:
liblinear-tools liblinear-dev python-genshi python-lxml-dbg python-lxml-doc
The following NEW packages will be installed:
libblas-common libblas3 liblinear3 liblua5.2-0 lua-lpeg ndiff nmap python-bs4 python-chardet python-html5lib python-lxml python-six
0 upgraded, 12 newly installed, 0 to remove and 0 not upgraded.
Need to get 6,056 kB of archives.
After this operation, 27.2 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://archive.ubuntu.com/ubuntu xenial/main amd64 libblas-common amd64 3.6.0-2ubuntu2 [5,342 B]
Get:2 http://archive.ubuntu.com/ubuntu xenial/main amd64 libblas3 amd64 3.6.0-2ubuntu2 [147 kB]
Get:3 http://archive.ubuntu.com/ubuntu xenial/main amd64 liblinear3 amd64 2.1.0+dfsg-1 [39.3 kB]
Get:4 http://archive.ubuntu.com/ubuntu xenial/main amd64 liblua5.2-0 amd64 5.2.4-1ubuntu1 [106 kB]
Get:5 http://archive.ubuntu.com/ubuntu xenial/main amd64 lua-lpeg amd64 0.12.2-1 [28.3 kB]
Get:6 http://archive.ubuntu.com/ubuntu xenial/main amd64 python-bs4 all 4.4.1-1 [64.2 kB]
Get:7 http://archive.ubuntu.com/ubuntu xenial/main amd64 python-chardet all 2.3.0-2 [96.3 kB]
Get:8 http://archive.ubuntu.com/ubuntu xenial/main amd64 python-six all 1.10.0-3 [10.9 kB]
Get:9 http://archive.ubuntu.com/ubuntu xenial/main amd64 python-html5lib all 0.999-4 [83.1 kB]
Get:10 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 python-lxml amd64 3.5.0-1ubuntu0.1 [818 kB]
Get:11 http://archive.ubuntu.com/ubuntu xenial/main amd64 ndiff all 7.01-2ubuntu2 [20.1 kB]
Get:12 http://archive.ubuntu.com/ubuntu xenial/main amd64 nmap amd64 7.01-2ubuntu2 [4,638 kB]
Fetched 6,056 kB in 2min 3s (49.1 kB/s)
dpkg: unrecoverable fatal error, aborting:
unknown group 'messagebus' in statoverride file
W: No sandbox user '_apt' on the system, can not drop privileges
E: Sub-process /usr/bin/dpkg returned an error code (2)
==[]=[ 14:37:09 ]=[ jumpbox/1 ]=[ ~ ]=[]==
#
This issue is something removed messagebus and _apt users and groups from the /etc/passwd
and /etc/group
files. apt install can be fixed by properly determining the UID and GID of messagebus and adding it back
# ps auwwx |grep [d]bus
106 522 0.0 0.0 42888 3784 ? Ss Sep13 0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
==[]=[ 14:38:41 ]=[jumpbox/1 ]=[ ~ ]=[]==
#
# cat /var/lib/dpkg/statoverride
root crontab 2755 /usr/bin/crontab
root messagebus 4754 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
==[]=[ 14:41:52 ]=[jumpbox/1 ]=[ ~ ]=[]==
# ls -la /usr/lib/dbus-1.0/dbus-daemon-launch-helper
-rwxr-xr-- 1 root 110 42992 Jun 10 19:46 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
==[]=[ 14:41:58 ]=[jumpbox/1 ]=[ ~ ]=[]==
#
Then run
addgroup --system -gid 110 messagebus
Adding group `messagebus' (GID 110) ...
Done
adduser --system --uid 106 --gid 110 --home /var/run/dbus messagebus
Adding system user `messagebus' (UID 106) ...
Adding new user `messagebus' (UID 106) with group `messagebus' ...
adduser --force-badname --system --home /nonexistent --no-create-home --quiet _apt || true
Apt installs will work for a while, but some process will remove the messagebus and _apt again.
If you try and create the messagebus user with a different UID/GID then originally used, the jumpbox will have permission issues on reboot and can no longer boot.
Does not seem to happen to Jumpboxes created on Xenial, just upgraded from Trusty.
my workarround is to just remove the line
root messagebus 4754 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
from /var/lib/dpkg/statoverride
as stated in https://askubuntu.com/a/522241
Hi Thanks for great job. I updated v4.4.6 to v4.5.0 but use
uaac
comannd return Error message.I think was the need libyaml-2-0 package.
sudo apt install libyaml-2-0
but return new error
Have you noticed the cause?
sorry my poor engilish.
thanks