search

sul-dlss / preservation_robots

Robots for creating/updating Moabs for SDR objects, adding Moabs to the preservation_catalog, etc.
Other
0 stars 2 forks source link

Goobi writes files to /dor/assembly with permissions that don't allow transfer-object to work after switching to cp from shared mount #458

Closed jmartin-sul closed 1 year ago

jmartin-sul commented 1 year ago

Describe the bug

445 modified transfer-object to use cp from a shared mount instead of tarpipe to copy the bag from /dor/export/ (for use in building the new moab version later in the workflow).

for some reason, goobi seems to write files to /dor/assembly (?) in such a way that the copy operation from the shared mount fails, due to permissions.

User Impact this prevents the performance and maintainability improvement that is #445 from being deployed, or if it is, it prevents accessioning goobi objects from working without a workaround that involves manual file system permission twiddling.

To Reproduce Steps to reproduce the behavior:

  1. deploy pres robots #445
  2. run the goobi_accessioning_spec.rb in the infra integration tests
  3. profit

Expected behavior

445 works with all forms of accessioning with no manual intervention

Screenshots If applicable, add screenshots to help explain your problem.

Additional context

a bit of a placeholder, will fill in more info from debugging last week with @andrewjbtw.

not holding up weekly dep updates, because i re-did this week's tag to just point to last week's dep update tag. the only commits since that last dep update tag were a small dependency delta, and the transfer-object change that causes this bug.

NOTE: we think the issue is with the way goobi writes files, not pres robots, but this repo is as good a place as any for now to track the debugging.

andrewjbtw commented 1 year ago

The specific permissions that Goobi seems to be creating that cause problems are:

The problem seems to be that when preservation-robots goes to get the files, it's not able to go into the directory. The Preassembly-created permissions allow directory and file reads for all users and unless there's a goobi-specific concern, it seems like goobi should use those same settings.

jmartin-sul commented 1 year ago

didn't have a chance to get this fixed this week, so reverted the tarpipe -> cp change for now: https://github.com/sul-dlss/preservation_robots/pull/459

will revert the reversion once things are fixed.

kamchan commented 1 year ago

As a first pass at this, the default umask for the goobi user is set to 002 sets dirs to 775 drwxrwxr-x 2 goobi goobi and files to 664 -rw-rw-r-- 1 goobi goobi which is different (and is the desired permissions) than what Andrew mentioned for the /dor/export dir/files. Could intranda somehow specifically set those permissions differently?

jmartin-sul commented 1 year ago

this was fixed in stage with help from @kamchan and @skutsch. @kamchan says he'll apply the same changes on goobi-prod and goobi-proc-a.