Initial metadata sync has bad permissions
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu Repository Cache Charm |
Fix Released
|
High
|
Haw Loeung | ||
ubuntu-repository-cache (Juju Charms Collection) |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
It appears that the initial metadata sync has permissions that do not allow subsequent syncs to remove that initial tree, preventing the sync from finishing fully. I merged some of the upstream fixes into the IS maintained version of the charm last week and deployed it into a pair of test regions in AWS, both regions synced correctly on install and then failed to sync fully thereafter. Running:
sudo chown -R www-sync:www-data /srv/ubuntu-
On the u-r-c leader in both regions fixed the sync problems and they were able to sync correctly after that. It's possible this is fixed in the CPC branch in revisions later than the ones I merged into the IS branch, if so just let me know where and I'll pull that in until we can de-duplicate those branches.
Related branches
- Paul Collins: Approve (lgtm)
- Canonical IS Reviewers: Pending requested
-
Diff: 39 lines (+5/-3)1 file modifiedlib/ubuntu_repository_cache/metadata_sync.py (+5/-3)
- Paul Collins: Approve (lgtm)
- Canonical IS Reviewers: Pending requested
-
Diff: 39 lines (+5/-3)1 file modifiedlib/ubuntu_repository_cache/metadata_sync.py (+5/-3)
Changed in ubuntu-repository-cache: | |
status: | New → Confirmed |
Changed in ubuntu-repository-cache: | |
assignee: | nobody → Haw Loeung (hloeung) |
status: | Confirmed → In Progress |
Changed in ubuntu-repository-cache (Juju Charms Collection): | |
status: | New → Incomplete |
status: | Incomplete → Won't Fix |
Changed in ubuntu-repository-cache: | |
importance: | Undecided → High |
Changed in ubuntu-repository-cache: | |
status: | In Progress → Fix Committed |
Changed in ubuntu-repository-cache: | |
status: | Fix Committed → Fix Released |
The initial metadata sync is done within the context of a charm hook with nothing to modify the user performing the rsync call. As result, the rsync is performed by root, and the metadata files synced are owned by root.
The fix should be to perform the initial rsync as the 'www-sync' user.