fai-setup running potentially disastrous command?

Ryan Steele ryans at aweber.com
Thu Sep 25 22:16:36 CEST 2008 

Ryan Steele wrote:
> Hey list,
>
> I was in the middle of testing an FAI install today, and had to re-run 
> 'fai-setup -v'.  However, I noticed that it was taking a long, long 
> time to delete the old nfsroot, and noticed something extremely 
> alarming.  The nfsroot is located at '/srv/fai/nfsroot', as defined in 
> make-fai-nfsroot.conf:
>
> NFSROOT=/srv/fai/nfsroot
>
> And, the mount point for the mirror is defined as /media/mirror in 
> fai.conf:
>
> MNTPOINT=/media/mirror
>
> However, I noticed that this appears to be relative to 
> /srv/fai/nfsroot/live/filesystem.dir:
>
> root at faimaster:~# mount | grep nfsroot
> remotenfshost:/path/to/repo on 
> /srv/fai/nfsroot/live/filesystem.dir/media/mirror type nfs 
> (rw,remount,noatime,rsize=8192,addr=10.x.x.x)
>
> When running 'fai-setup -v', it detected that there was an existing 
> nfsroot, and it went to delete that, but disturbingly, it did so with 
> the following command:
>
> root     27858  0.7  0.1   2952   660 pts/0    S+   18:48   0:04 rm 
> -rf /srv/fai/nfsroot/.??* /srv/fai/nfsroot/live
>
> Correct me if I'm wrong, but doesn't this mean that the mirror located 
> at /srv/fai/nfsroot/live/filesystem.dir/media/mirror is going to be 
> blown away if it was mounted rw, as seen above?  I happened to catch 
> this, but I'm not sure all what was lost yet.  This was using FAI 3.2.8.
>
In fact, it had started deleting the local mirror, which had been 
mounted via NFS.  It's not catastrophic, since I can rebuild it with 
debmirror, but why would make-nfs-root (called via fai-setup) not 
unmount that NFS mirror before executing an 'rm -rf' in an attempt to 
get rid of the old nfsroot?  I've decided to do away with NFS-mounting 
the mirror and do it over HTTP instead to eliminate the possibility of 
another bad experience, but this seems like a glaring flaw unless I'm 
very mistaken.  The offending code from make-fai-nfsroot is:

if [ -d $NFSROOT/proc -a ! "$recover" ]
then
    echo $NFSROOT already exists. Removing $NFSROOT
    umount $NFSROOT/dev/pts 1>/dev/null 2>&1 || true
    [ -L $NFSROOT/proc/self ] && umount $NFSROOT/proc || true
    [ -L $NFSROOT/proc/self ] && die "/proc is still mounted inside the 
nfsroot."
    rm -rf $oldnfsroot/.??* $oldnfsroot/*
    # also remove files $NFSROOT/.? but not . and ..
    find $oldnfsroot -xdev -maxdepth 1 ! -type d | xargs -r rm -f
fi

More information about the linux-fai mailing list