search

inverse-inc / packetfence

PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, powerful BYOD management options, 802.1X support, layer-2 isolation of problematic devices; PacketFence can be used to effectively secure networks small to very large heterogeneous networks.
https://packetfence.org
GNU General Public License v2.0
1.38k stars 289 forks source link

packetfence-tracking-config broken on fresh 12.2 install #7600

Open Yannik opened 1 year ago

Yannik commented 1 year ago

Hi all,

I installed a fresh packetfence 12.2 on debian bullseye. (Exact package version: 12.2.0+20230315071555+806841734+0011+maintenance~12~2+bullseye1)


I noticed that the packetfence-tracking-config service is failing:
Mär 19 00:47:34 packetfence systemd[1]: Starting PacketFence Configuration Change Tracking...
Mär 19 00:47:34 packetfence bash[63962]: On branch master
Mär 19 00:47:34 packetfence bash[63962]: Initial commit
Mär 19 00:47:34 packetfence bash[63962]: Untracked files:
Mär 19 00:47:34 packetfence bash[63962]:   (use "git add <file>..." to include in what will be committed)
Mär 19 00:47:34 packetfence bash[63962]:         .gitattributes
[...] all files in the /usr/local/pf/conf directory
Mär 19 00:47:34 packetfence bash[63962]:         vlan_filters.conf.defaults
Mär 19 00:47:34 packetfence bash[63962]:         vlan_filters.conf.example
Mär 19 00:47:34 packetfence bash[63962]: nothing added to commit but untracked files present (use "git add" to track)
Mär 19 00:47:34 packetfence systemd[1]: packetfence-tracking-config.service: Main process exited, code=exited, status=1/FAILURE
Mär 19 00:47:34 packetfence systemd[1]: packetfence-tracking-config.service: Failed with result 'exit-code'.

The service config looks like this:

root@packetfence:~# cat /lib/systemd/system/packetfence-tracking-config.service
[...]
WorkingDirectory=/usr/local/pf/conf
ExecStartPre=/bin/sh -c "if [ ! -d \"/usr/local/pf/conf/.git\" ]; then /usr/bin/git init /usr/local/pf/conf/;cd /usr/local/pf/conf/;/usr/bin/git add /usr/local/pf/conf/*;fi"
ExecStart=/bin/bash -c "/usr/bin/git -c user.name=\'PacketFence Tracking\' -c user.email=\'[tracking@packetfence.org\](mailto:tracking@packetfence.org\)' --git-dir=/usr/local/pf/conf/.git commit -a -m \"Commit `date +%%F-%%T`\""

So according to ExecStartPre, if /usr/local/pf/conf/.git does not exist, the files should be staged (git add), but this does not happen for some reason.

I dug through the journal and this is the output of the first run of ExecStartPre:

Mär 19 00:34:14 packetfence systemd[1]: Starting PacketFence Configuration Change Tracking...
Mär 19 00:34:15 packetfence sh[30212]: hint: Using 'master' as the name for the initial branch. This default branch name
Mär 19 00:34:15 packetfence sh[30212]: hint: is subject to change. To configure the initial branch name to use in all
Mär 19 00:34:15 packetfence sh[30212]: hint: of your new repositories, which will suppress this warning, call:
Mär 19 00:34:15 packetfence sh[30212]: hint:
Mär 19 00:34:15 packetfence sh[30212]: hint:         git config --global init.defaultBranch <name>
Mär 19 00:34:15 packetfence sh[30212]: hint:
Mär 19 00:34:15 packetfence sh[30212]: hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and
Mär 19 00:34:15 packetfence sh[30212]: hint: 'development'. The just-created branch can be renamed via this command:
Mär 19 00:34:15 packetfence sh[30212]: hint:
Mär 19 00:34:15 packetfence sh[30212]: hint:         git branch -m <name>
Mär 19 00:34:15 packetfence sh[30212]: Initialized empty Git repository in /usr/local/pf/conf/.git/
Mär 19 00:34:15 packetfence sh[30217]: fatal: detected dubious ownership in repository at '/usr/local/pf/conf'
Mär 19 00:34:15 packetfence sh[30217]: To add an exception for this directory, call:
Mär 19 00:34:15 packetfence sh[30217]:         git config --global --add safe.directory /usr/local/pf/conf
Mär 19 00:34:15 packetfence systemd[1]: packetfence-tracking-config.service: Control process exited, code=exited, status=128/n/a

Due to this failure, the files are never staged.

The same "detected dubios ownership" error message is also displayed when running git status in /usr/local/pf/conf:

root@packetfence:/usr/local/pf/conf# git status
fatal: detected dubious ownership in repository at '/usr/local/pf/conf'
To add an exception for this directory, call:
    git config --global --add safe.directory /usr/local/pf/conf

In addition to this bug, it is also be notable that new config files, if they are ever introduced, will not be added to git, because git commit -a only stages files that are already in git.

Best regards Yannik

chri2 commented 8 months ago

working on 13.1.0 I found:

root@packetfence:/usr/local/pf/conf# git status
fatal: detected dubious ownership in repository at '/usr/local/pf/conf'
To add an exception for this directory, call:

    git config --global --add safe.directory /usr/local/pf/conf
root@packetfence:/usr/local/pf/logs# journalctl -t packetfence-tracking-config
-- Journal begins at Mon 2024-03-11 04:07:12 CET, ends at Fri 2024-03-15 09:30:01 CET. --
-- No entries --
root@packetfence:/usr/local/pf/logs# systemctl status packetfence-tracking-config.service 
● packetfence-tracking-config.service - PacketFence Configuration Change Tracking
     Loaded: loaded (/lib/systemd/system/packetfence-tracking-config.service; disabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Fri 2024-03-08 12:32:27 CET; 6 days ago
TriggeredBy: ● packetfence-tracking-config.path
       Docs: http://packetfence.org
    Process: 10370 ExecStartPre=/bin/sh -c if [ ! -d "/usr/local/pf/conf/.git" ]; then /usr/bin/git init /usr/local/pf/conf/;cd /usr/local/pf/conf/;/usr/bin/git add /usr/local/pf/conf/*;fi>
    Process: 10373 ExecStart=/bin/bash -c /usr/bin/git -c user.name='PacketFence Tracking' -c user.email='tracking@packetfence.org' --git-dir=/usr/local/pf/conf/.git commit -a -m "Commit `>
   Main PID: 10373 (code=exited, status=1/FAILURE)
        CPU: 5ms

Warning: journal has been rotated since unit was started, output may be incomplete.

To solve the problem I copied /lib/systemd/system/packetfence-tracking-config.service to /etc/systemd/system/ and changed it like this:

root@packetfence:/usr/local/pf/conf# diff -u /lib/systemd/system/packetfence-tracking-config.service /etc/systemd/system/packetfence-tracking-config.service 
--- /lib/systemd/system/packetfence-tracking-config.service 2024-02-05 01:03:17.000000000 +0100
+++ /etc/systemd/system/packetfence-tracking-config.service 2024-03-15 10:00:32.222113376 +0100
@@ -6,7 +6,7 @@
 [Service]
 Type=oneshot
 WorkingDirectory=/usr/local/pf/conf
-ExecStartPre=/bin/sh -c "if [ ! -d \"/usr/local/pf/conf/.git\" ]; then /usr/bin/git init /usr/local/pf/conf/;cd /usr/local/pf/conf/;/usr/bin/git add /usr/local/pf/conf/*;fi"
+ExecStartPre=/bin/sh -c "if [ ! -d \"/usr/local/pf/conf/.git\" ]; then /usr/bin/git init /usr/local/pf/conf/;git config --system --add safe.directory /usr/local/pf/conf;cd /usr/local/pf/conf/;rm .gitignore.example;echo .gitattributes >> .gitignore;/usr/bin/git add .gitignore /usr/local/pf/conf/*;fi"
 ExecStart=/bin/bash -c "/usr/bin/git -c user.name=\'PacketFence Tracking\' -c user.email=\'tracking@packetfence.org\' --git-dir=/usr/local/pf/conf/.git commit -a -m \"Commit `date +%%F-%%T`\""

I deleted /usr/local/pf/conf/.git so that the ExecStartPre condition would match again.

After systemctl daemon-reload and pfcmd service tracking-config restart:

root@packetfence:/usr/local/pf/conf# git status; git log
On branch master
nothing to commit, working tree clean
commit 7c7d0187502e12e6f3923ab878b22099f0f3ccee (HEAD -> master)
Author: PacketFence Tracking <tracking@packetfence.org>
Date:   Fri Mar 15 10:03:24 2024 +0100

    Commit 2024-03-15-10:03:24

References: