When ODCS tries to create the images, its failing since runroot has no access to /srv/odcs
Ex: https://koji.fedoraproject.org/koji/taskinfo?taskID=43943458
GenericError: read-write mount point is not safe: /srv/odcs/odcs-1195
ASAP
From the irc stand up today
[14:18:53] <mboddu> nirik: Did you get a chance to look at https://paste.centos.org/view/ee67cf00 ? [14:19:00] »» mboddu is blocked by it [14:19:10] <nirik> no, whats that from? [14:19:50] <nirik> to make images via odcs? [14:19:52] <mboddu> nirik: Thats from nothing, its in my local diff - ^^ is to fix https://koji.fedoraproject.org/koji/taskinfo?taskID=43943458 ? [14:19:57] <mboddu> nirik: Right [14:20:57] <nirik> we need to check nfs export perms... and do we need to mount it on rootroot builders? [14:21:04] <nirik> I think yes [14:21:42] <mboddu> I think so [14:22:22] <nirik> I can do that... sometime. :) [14:22:30] <nirik> can you make a ticket on it to track the work for it? [14:23:24] <mboddu> nirik: Sure, I thought its an easy fix :) [14:24:19] <nirik> needs dealing with the export policy for that volume on the netapp, then making sure all the builders in run root channel also mount that volume rw, just like they do fedora_koji
Metadata Update from @pingou: - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: groomed, medium-gain, medium-trouble
ok, /srv/odcs is now mounted on all the runroot group builders.
Push your changes whenever and we can test it.
Metadata Update from @kevin: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
The odcs compose failed - task url. When I looked at how /srv/odcs is mounted on the builder, it's owned by some 64321 id
drwxrwx---. 8 64321 64321 53248 May 2 00:31 odcs
How to change this so that the dir is owned by root?
Metadata Update from @mohanboddu: - Issue status updated to: Open (was: Closed)
The 64321 UID is static odcs-server user UID I use across all the ODCS VMs accessing /srv/odcs. The question is what user in mock in the runroot task is used to access this directory.
odcs-server
/srv/odcs
This directory should not be owned by root, because that would prevent odcs-server user to access it. I presume myself that the user used in the runroot task is simply root and in this case, I think the NFS exports should be changed to map root user and allow it to generate any file on /srv/odcs. i think this is what's missing now.
root
It seems like runroot task is running with following id:
id
uid=0(root) gid=0(root) groups=0(root),425(mock)
@kevin, I think the export policy of NFS storage needs to be changed to map the root user.
I have changed the exports to no longer root squash. Please test.
I'm not sure if this fixed the issue. It seems it still cannot be mounted in the runroot: https://koji.fedoraproject.org/koji/taskinfo?taskID=44103626.
Is there some way to debug this further? Is the runroot.conf correct on builder handling this task?
There was a one letter mistake in the playbook so the mounted directory on all the servers is /src/odcs versus /srv/odcs. I have corrected the playbook but we need to unmount the old trees and clean up /etc/fstab on the servers.
This has been rolled out and should be 'fixed'.
Login to comment on this ticket.