FAI 5.0.3 Debian jessie: ftar ACL bug?
Alexander Bugl
alexander.bugl at mpimet.mpg.de
Tue May 10 20:16:24 CEST 2016
Hi,
some time ago we started with a jessie FAI server with jessie included FAI
packages. Later we added the fai-project.org repository and rebuilt the
NFSROOT. Currently we use:
Package: fai-server
Version: 5.0.3
We had to update our config space to the new version and are mostly done, but
one problem still is open:
When installing a client we saw a problem with systemd complaining about sssd
(System Security Services Daemon), there were missing rights in
/var/lib/sss/pipes/
After some investigation we saw that there has been set a default ACL on
_every_ directory in the installed clients -- removing this default ACL
(setfacl -k) made sssd working again.
We did not really find why there are ACLs set -- they are created during the
run of task_extrbase() from the file /srv/fai/nfsroot/usr/lib/fai/subroutines.
In this function there is a call to ftar, and it looks like ftar became a new
feature -- the use of xattrs.
So if we patch the ftar in the NFSROOT to explicitly _not_ use ACLs,
everything is working again:
# diff /srv/fai/nfsroot/usr/sbin/ftar /srv/fai/nfsroot/usr/sbin/ftar.defect
116c116
< xattrs="--xattrs --xattrs-include=*.* --selinux --no-acls"
---
> xattrs="--xattrs --xattrs-include=*.* --selinux --acl"
Is this a bug in ftar, is this a feature we need but which needs some
adaptation in our config space (or in /etc/fai?), is this a problem in
creating the bast.tar.xz, or has someone else a good idea how to proceed?
Our current solution would be to patch the ftar in the NFSROOT through a hook
in /etc/fai/nfsroot-hooks/, but that seems not the best possible solution ...
With regards, Alex
--
Alexander Bugl, Central IT Services
Max Planck Institute for Meteorology
Bundesstrasse 53, D-20146 Hamburg, Germany
tel +49-40-41173-351, fax -298, room d0010
More information about the linux-fai
mailing list