search

iocage / iocage

A FreeBSD jail manager written in Python 3
Other
574 stars 132 forks source link

short uuids are not working reliably #210

Closed igalic closed 7 years ago

igalic commented 7 years ago

Right now (master / cd9464527b3876157461631ea7ac3c89382b4de2 ) iocage pkg some-template info will fail with the following message:

some-template not found!

I was wondering if it would make sense to transparently allow this subcommand on template type jails, and let it fail on its own merits…

skarekrow commented 7 years ago

That should be the behavior anyways, but that wouldn't make sense in this case. As the jail doesn't exist, so pkg has nothing to run inside.

igalic commented 7 years ago

the jail does exist!, well, as template…

skarekrow commented 7 years ago

Can you provide a full command output that I can see including creation showing that failure? If you can I'll reopen this as a bug

igalic commented 7 years ago

okay! let's start fresh:

~ # iocage destroy -f f11-ats6
f11-ats6 not found!
~ #

weird…

~ # iocage list -Ht
-       f946372e        down    f11-ats6        11.0-RELEASE    172.16.0.6
-       e27b37fe        down    f11-php71       11.0-RELEASE    172.16.0.4
-       6cfbc2fb        down    f11-puppet4     11.0-RELEASE    -
~ #

weird indeed, maybe the UUID will work?

~ # iocage destroy -f f946372e

yup… okay, let's start fresh: here's the pkglist JSON:

{
  "pkgs": [
    "puppet4",
    "trafficserver"
  ]
}

and go:

~ # iocage create --pkglist=pkgphp.json --release=11.0-RELEASE tag=f11-ats6 ip4_addr="vtnet0|172.16.0.6/12" template="yes"
2319532e-72b8-4227-a0d3-2e234109936b (f11-ats6) successfully created!
Testing SRV response to FreeBSD
Testing DNSSEC response to FreeBSD

Installing pkg... 
Installing supplied packages:
  - puppet4... 
===> Creating groups.
Creating group 'puppet' with gid '814'.
===> Creating users
Creating user 'puppet' with uid '814'.
Message from ruby-2.3.3_2,1:
====
Some of the standard commands are provided as separate ports for ease
of upgrading:

        devel/ruby-gems:        gem - RubyGems package manager
        devel/rubygem-rake:     rake - Ruby Make

And some of the standard libraries are provided as separate ports
since they require extra dependencies:

        databases/ruby-gdbm:    GDBM module

Install them as occasion demands.
====
Message from puppet4-4.9.4:
To enable the puppet agent, add the following to /etc/rc.conf:

        puppet_enable="YES"

To enable the puppetmaster, add the following to /etc/rc.conf:

        puppetmaster_enable="YES"

Individual config files such as /usr/local/etc/puppetmasterd.conf are
deprecated. Use a single file, /usr/local/etc/puppet/puppet.conf.

The default PID directory is /var/run/puppet
  - trafficserver... 
===> Creating groups.
Using existing group 'www'.
===> Creating users
Using existing user 'www'.
Message from ca_root_nss-3.31:
********************************* WARNING *********************************
********************************* WARNING *********************************

FreeBSD does not, and can not warrant that the certification authorities
whose certificates are included in this package have in any way been
audited for trustworthiness or RFC 3647 compliance.

Assessment and verification of trust is the complete responsibility of the
system administrator.

*********************************** NOTE **********************************

This package installs symlinks to support root certificates discovery by
default for software that uses OpenSSL.

This enables SSL Certificate Verification by client software without manual
intervention.

If you prefer to do this manually, replace the following symlinks with
either an empty file or your site-local certificate bundle.

  * /etc/ssl/cert.pem
  * /usr/local/etc/ssl/cert.pem
  * /usr/local/openssl/cert.pem

***************************************************************************
Message from perl5-5.24.1:
The /usr/bin/perl symlink has been removed starting with Perl 5.20.
For shebangs, you should either use:

#!/usr/local/bin/perl

or

#!/usr/bin/env perl

The first one will only work if you have a /usr/local/bin/perl,
the second will work as long as perl is in PATH.
~ #

let's see:

~ # iocage list -Ht
-       2319532e        down    f11-ats6        11.0-RELEASE    172.16.0.6
-       e27b37fe        down    f11-php71       11.0-RELEASE    172.16.0.4
-       6cfbc2fb        down    f11-puppet4     11.0-RELEASE    -
~ #

cool, now let's look inside:

~ # iocage pkg f11-ats6 info
f11-ats6 not found!
~ #

maybe by uuid?

~ # iocage pkg 2319532e info
2319532e-72b8-4227-a0d3-2e234109936b (f11-ats6 (template)) is not running, starting jail
Traceback (most recent call last):
  File "/usr/local/bin/iocage", line 10, in <module>
    sys.exit(cli())
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 722, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 697, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 1066, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 895, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 535, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python3.6/site-packages/iocage/cli/pkg.py", line 38, in cli
    ioc.IOCage(jail).exec(cmd)
  File "/usr/local/lib/python3.6/site-packages/iocage/lib/iocage.py", line 558, in exec
    silent=self.silent).exec_jail()
  File "/usr/local/lib/python3.6/site-packages/iocage/lib/ioc_exec.py", line 82, in exec_jail
    "Please convert back to a jail before trying to start"
RuntimeError: Please convert back to a jail before trying to start 2319532e-72b8-4227-a0d3-2e234109936b (f11-ats6 (template))
~ #

okay, so that works

now let's create a new jail from that template:

~ # iocage create --template=f11-ats6 tag=cdn01 ip4_addr="vtnet0|172.16.0.8/12" ip6_addr="vtnet0|2a03:b0c0:3:d0::4c97:6008"
This may be a short UUID, template creation only supports TAGs

Proceed? [y/N]: ^CAborted!

i know what i'm doing:

~ # iocage create --force --template=f11-ats6 tag=cdn01 ip4_addr="vtnet0|172.16.0.8/12" ip6_addr="vtnet0|2a03:b0c0:3:d0::4c97:6008"
c14cf55b-8aa9-4fd7-a3b7-5956c78c1b31 (cdn01) successfully created!
~ # iocage pkg cdn01 info
c14cf55b-8aa9-4fd7-a3b7-5956c78c1b31 (cdn01) is not running, starting jail

Command output:
augeas-1.7.0                   Configuration editing tool
ca_root_nss-3.31               Root certificate bundle from the Mozilla Project
curl-7.54.1                    Non-interactive tool to get files from FTP, GOPHER, HTTP(S) servers
dmidecode-3.0                  Tool for dumping DMI (SMBIOS) contents in human-readable format
hwloc-1.11.1                   Portable Hardware Locality software package
indexinfo-0.2.6                Utility to regenerate the GNU info page index
libedit-3.1.20150325_2,1       Command line editor library
libffi-3.2.1                   Foreign Function Interface
libnghttp2-1.21.0              HTTP/2.0 C Library
libpciaccess-0.13.4            Generic PCI access library
libxml2-2.9.4                  XML parser library for GNOME
libyaml-0.1.6_2                YAML 1.1 parser and emitter written in C
pciids-20170316                Database of all known IDs used in PCI devices
pcre-8.40                      Perl Compatible Regular Expressions library
perl5-5.24.1                   Practical Extraction and Report Language
pkg-1.10.1                     Package manager
puppet4-4.9.4                  Configuration management framework written in Ruby
readline-6.3.8                 Library for editing command lines as they are typed
ruby-2.3.3_2,1                 Object-oriented interpreted scripting language
ruby23-gems-2.6.12             Package management framework for the Ruby language
rubygem-facter-2.4.6           Cross-platform Ruby library for retrieving facts from OS
rubygem-hiera-3.3.1            Pluggable data store for hierarchical data
rubygem-json_pure-2.0.3        Parse JSON texts and generate them from ruby data structures in Ruby
rubygem-ruby-augeas-0.5.0_2    Ruby bindings for Augeas
sqlite3-3.17.0                 SQL database engine in a C library
tcl86-8.6.6_2                  Tool Command Language
trafficserver-6.2.0            Fast, scalable and extensible HTTP proxy server

this ⏫ whole scenario here leads me to conclude that the issue is related to however short-uuids are parsed.

skarekrow commented 7 years ago

Indeed, and man you really did go complete! Thanks!

igalic commented 7 years ago

We should possibly fix the title of the bug report then

igalic commented 7 years ago

This code needs to be replicated to destroy… or, abstracted:

~ # iocage list -t
+-----+----------+-------+--------------+--------------+-----------+
| JID |   UUID   | STATE |     TAG      |   RELEASE    |    IP4    |
+=====+==========+=======+==============+==============+===========+
| -   | 891c4be4 | down  | f11-apache24 | 11.0-RELEASE | 17.16.0.2 |
+-----+----------+-------+--------------+--------------+-----------+
~ # iocage destroy -f f11-apache24
f11-apache24 not found!
~ #
skarekrow commented 7 years ago

The code is already abstracted, but yes destroy doesn't fully utilize the API as it was done quite early in that process. I'll circle back and finish that up.