snapd

uc20 seeding fails with "service.console-conf.disable: true"

Bug #1891644 reported by Michael Vogt
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
snapd
Fix Released
Critical
Michael Vogt
snapd 2.47

Bug Description

When the gadget.yaml contains:
"""
defaults:
  system:
    service.console-conf.disable: true
"""
UC20 fails to seed.

What happens:

The system is stuck in "Doing ... Run configure hook of "core" snap if present"
It looks like the issues is that the "systemctl restart --all serial-console@*" that is run in the services.go code hangs because of a circular dependency between "serial-console-conf@.service" and "sertial-getty@" - and because the configure code hangs forever no progress during the seeding.

Because the core configuration is a hijacked hook we never timeout on this. This is visible via "ps afx" where snapd has a "systemctl restart serial-console-conf@* --all" child that never goes away.

The code in snapd that handles this is:
https://github.com/snapcore/snapd/blob/master/overlord/configstate/configcore/services.go#L90

See original description
Tags: uc20
Michael Vogt (mvo)
Changed in snapd:
importance: Undecided → Critical
tags: added: uc20
description: updated
Changed in snapd:
status: New → Triaged
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

One may not disable console conf like that ever.

because that may result in giving interactive login prompt, which is a no-no.

Console-conf must own the serial console login prompt, and tell the user how to ssh in, how to take ownership of the device, or if taking ownership of the device via the console is not allowed.

Are you trying to get getty / login running on the serial console? Or are you trying to implement a flag that prevents users from "taking owership of the device via physical serial console"?

Changed in snapd:
status: Triaged → Incomplete
Revision history for this message
Michael Vogt (mvo) wrote :

We want to implement a flag that prevents users from "taking owership of the device" via console-conf and it should be possible to set after boot too (e.g. if a agent with snapd-control enables/disables it).

Changed in snapd:
status: Incomplete → New
Revision history for this message
Michael Vogt (mvo) wrote :

To summarize a quick chat I had with Dimitri:

1. When console-conf is disabled nothing in console-conf should be available, i.e. no network config, no user config etc. The option means that the device is managed by other means (like an agent snap that has snapd-control)

2. console-conf will just query the /v2/snaps/system/conf API and check for service.console-conf.disable there

3. console-conf will figure out configuration changes from snapd by itself, snapd will not send any signal or do anything else (unless that is desired, but from the chat it seems it is not)

Please let me know if I misunderstood/misrepresented anything in this plan.

Revision history for this message
Michael Vogt (mvo) wrote :

I pushed https://github.com/snapcore/snapd/pull/9262 that implements the things discussed in #3

Revision history for this message
Paweł Stołowski (stolowski) wrote :

https://github.com/snapcore/snapd/pull/9272 should fix this.

Paweł Stołowski (stolowski)
Changed in snapd:
status: New → In Progress
assignee: nobody → Michael Vogt (mvo)
Michael Vogt (mvo)
Changed in snapd:
status: In Progress → Fix Committed
Zygmunt Krynicki (zyga)
Changed in snapd:
milestone: none → 2.47
Ian Johnson (anonymouse67)
Changed in snapd:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.