Controllers report Ubuntu Core version in the Snap

Bug #1876217 reported by Lee Trager
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MAAS
Medium
Lee Trager
snapd
Undecided
Unassigned

Bug Description

When region or rack controllers send what operating system they are on they are reporting the Ubuntu core version, not the operating system that is actually running.

LXD is able to get this information correctly when running in a Snap. I recently migrated the controller code to use the same LXD library to get OS information. MAAS is missing some Snap permission which the LXD has as the same code path is being used.

$ sudo curl -G --unix-socket "/var/snap/lxd/common/lxd/unix.socket" "lxd/1.0" 2>/dev/null | jq -r '.metadata.environment | .os_name + " " + .os_version'
Ubuntu 20.04

$ maas $PROFILE rack-controllers read | jq -r '.[] | .osystem + " " + .distro_series'
ubuntu-core 18

If an LXD Pod is added this causes the OS information to flip between the Ubuntu Core version the Snap uses and the Ubuntu version the OS is using as this information is refreshed for the controller and Pod.

Related branches

Lee Trager (ltrager)
description: updated
Alberto Donato (ack)
Changed in maas:
milestone: 2.8.0b3 → 2.8.0rc1
Lee Trager (ltrager)
description: updated
Revision history for this message
Lee Trager (ltrager) wrote :

Adding snapd as it appears LXD can get this information through a special permission to get host information. MAAS needs a simple interface which just gives read-only access to /etc/os-release on the host. This will help bring feature parity between the MAAS Debian package and Snap package.

Revision history for this message
Ian Johnson (anonymouse67) wrote :

Can MAAS just use /etc/lsb-release instead? That correctly identifies the host system with the hello-world snap:

$ snap run --shell hello-world
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.

$ cat /etc/os-release
NAME="Ubuntu Core"
VERSION="16"
ID=ubuntu-core
PRETTY_NAME="Ubuntu Core 16"
VERSION_ID="16"
HOME_URL="http://www.snapcraft.io/"
BUG_REPORT_URL="http://bugs.launchpad.net/snappy/"
$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=20.04
DISTRIB_CODENAME=focal
DISTRIB_DESCRIPTION="Ubuntu 20.04 LTS"

Changed in snapd:
status: New → Incomplete
Changed in maas:
assignee: nobody → Lee Trager (ltrager)
Revision history for this message
Lee Trager (ltrager) wrote :

MAAS is actually using LXD's library to get this information. I asked stgraber how this works on LXD and why LXD uses /etc/os-release.

<stgraber> lsb-release isn't available on all platforms IIRC
<stgraber> we get os-release just fine because the LXD snap has an alternative view of /etc where we have os-release point to /var/lib/snapd/host/etc/os-release
<ltrager> stgraber: ah so its some of the special permissions LXD has :)
<stgraber> yeah
<ltrager> stgraber: I supposed /etc/lsb-release is available where MAAS is running so it should be safe to use
<stgraber> of all the distros we test, only Ubuntu and Manjaro seem to have lsb-release
<stgraber> all others do not
<stgraber> https://paste.ubuntu.com/p/cP5rycYdq6/

I can use /etc/lsb-release for now but I'm wondering if snapd should pass /etc/os-release in the same way it does /etc/lsb-release as lsb-release is only available on Ubuntu and Manjaro.

[1] https://github.com/lxc/lxd/blob/master/shared/osarch/release.go

Lee Trager (ltrager)
Changed in maas:
status: Triaged → In Progress
Revision history for this message
Ian Johnson (anonymouse67) wrote :

If lsb-release is not available on all distros, perhaps maas could ask for system-files interface access to /var/lib/snapd/hostfs/etc/os-release ?

Revision history for this message
Alberto Donato (ack) wrote :

@Ian how do you do that? I tried the following in a test snap and it didn't work (after connecting the interface):

name: testsnap
version: "1.0"
summary: testsnap
description: testsnap
architectures:
  - amd64
base: core18
confinement: strict
grade: stable

plugs:
  read-system-os-release:
    interface: system-files
    read:
      - /var/lib/snapd/hostfs/etc/os-release

apps:
  testsnap:
    command: script
    plugs:
      - read-system-os-release

where "script" does the following:

#!/bin/bash

for file in /etc/os-release /var/lib/snapd/hostfs/etc/os-release; do
    echo "------- $file"
    cat "$file"
    echo "-------"
done

After connecting "testsnap:read-system-os-release" I still get:

$ testsnap
------- /etc/os-release
NAME="Ubuntu Core"
VERSION="18"
ID=ubuntu-core
PRETTY_NAME="Ubuntu Core 18"
VERSION_ID="18"
HOME_URL="https://snapcraft.io/"
BUG_REPORT_URL="http://bugs.launchpad.net/snappy/"
-------
------- /var/lib/snapd/hostfs/etc/os-release
cat: /var/lib/snapd/hostfs/etc/os-release: Permission denied
-------

Revision history for this message
Alberto Donato (ack) wrote :

So, the reason this doesn't work is that in ubuntu /etc/os-release is a symlink to /usr/lib/os-release.

So even using the hostfs trick won't really work across distributions in a reliable way.

Revision history for this message
Lee Trager (ltrager) wrote :
Alberto Donato (ack)
Changed in maas:
milestone: 2.8.0b4 → 2.8.0rc1
Changed in maas:
status: In Progress → Fix Committed
Revision history for this message
Michael Vogt (mvo) wrote :

The system-observer interface in snapd should allow reading /var/lib/snapd/hostfs/etc/os-release

Revision history for this message
Alberto Donato (ack) wrote :

@mvo it does, but unfortunately this still yields a permission denied since /etc/os-release on Ubuntu is a symlink and the target is not allowed:

root@maas:~# cat /var/lib/snapd/hostfs/etc/os-release
cat: /var/lib/snapd/hostfs/etc/os-release: Permission denied

root@maas:~# ls -la /var/lib/snapd/hostfs/etc/os-release
lrwxrwxrwx 1 root root 21 Jan 30 12:28 /var/lib/snapd/hostfs/etc/os-release -> ../usr/lib/os-release

root@maas:~# cat /var/lib/snapd/hostfs/usr/lib/os-release
cat: /var/lib/snapd/hostfs/usr/lib/os-release: Permission denied

Alberto Donato (ack)
Changed in maas:
status: Fix Committed → Fix Released
Changed in snapd:
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers