Opened 4 years ago
Closed 3 years ago
#2250 closed defect (fixed)
Installing tomcat breaks iso live session
Reported by: | kalxas | Owned by: | kalxas |
---|---|---|---|
Priority: | critical | Milestone: | OSGeoLive15.0 |
Component: | OSGeoLive | Keywords: | tomcat9 |
Cc: | osgeolive@… |
Description
While reviewing the tomcat installer for OSGeoLive 14, I have noticed that by enabling the tomcat installer, the live iso boot process breaks so I had to disable tomcat until a solution can be found.
https://github.com/OSGeo/OSGeoLive/commit/25fbe20f5d07978e77eba4887de1386dab29122a
https://github.com/OSGeo/OSGeoLive/commit/5665abb2818f8801936486454092ec0f0840a956
In order to figure out what the problem is, I managed to get a snapshot during the iso booting process (tomcat-boot-failure.png). The error is:
adduser: The UID 999 is already in use usermod: user 'user' does not exist install: invalid user 'user'
The system (casper) fails to create the 'user' account as the live system user, leaving the system hanging.
Digging a bit deeper, I see the following: On build 37 (without tomcat) right after the startup this is how the /etc/passwd file looks like (live_system_users.png):
... postgres:x:122:131:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash user:x:999:999:Live session user,,,:/home/user:/bin/bash systemd-coredump:x:998:998:systemd Core Dumper:/:/usr/sbin/nologin
By manually creating the build chroot environment, right after tomcat installation, this is how the /etc/passwd file looks like (tomcat_user_chroot.png):
... user:x:1000:1000:user,,,:/home/user:/bin/bash systemd-coredump:x:999:999:systemd Core Dumper:/:/usr/sbin/nologin tomcat:x:998:998:Apache Tomcat:/:/usr/sbin/nologin
My understanding of the problem is that tomcat user occupies UID 998 and this makes systemd-coredump user to pick up UID 999, leaving no UID available for the live session user (has to be < 1000). Casper then fails to create the user 'user' leaving the iso hanging on boot.
I see some possible solutions:
- delete tomcat user in setdown script (as we currently do with user https://github.com/OSGeo/OSGeoLive/blob/master/bin/inchroot.sh#L252 ) and find a way to create the tomcat user during boot time.
- patch tomcat debian package to create the tomcat user with another UID.
Any proposals for other solutions?
Attachments (4)
Change History (14)
by , 4 years ago
Attachment: | tomcat-boot-failure.png added |
---|
by , 4 years ago
Attachment: | live_system_users.png added |
---|
by , 4 years ago
Attachment: | tomcat_user_chroot.png added |
---|
comment:1 by , 4 years ago
comment:2 by , 4 years ago
And this is the tomcat installer log that confirms the UID situation:
=============================================================== Starting "service_tomcat.sh" ... =============================================================== Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: libeclipse-jdt-core-java libtomcat9-java tomcat9-common Suggested packages: tomcat9-docs tomcat9-examples tomcat9-user Recommended packages: libtcnative-1 The following NEW packages will be installed: libeclipse-jdt-core-java libtomcat9-java tomcat9 tomcat9-admin tomcat9-common 0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded. Need to get 12.2 MB of archives. After this operation, 14.3 MB of additional disk space will be used. Get:1 http://archive.ubuntu.com/ubuntu focal/universe amd64 libeclipse-jdt-core-java all 3.18.0+eclipse4.12-1 [6271 kB] Get:2 http://archive.ubuntu.com/ubuntu focal/universe amd64 libtomcat9-java all 9.0.31-1 [5837 kB] Get:3 http://archive.ubuntu.com/ubuntu focal/universe amd64 tomcat9-common all 9.0.31-1 [59.8 kB] Get:4 http://archive.ubuntu.com/ubuntu focal/universe amd64 tomcat9 all 9.0.31-1 [36.4 kB] Get:5 http://archive.ubuntu.com/ubuntu focal/universe amd64 tomcat9-admin all 9.0.31-1 [24.6 kB] Fetched 12.2 MB in 1s (10.1 MB/s) Selecting previously unselected package libeclipse-jdt-core-java. (Reading database ... 251613 files and directories currently installed.) Preparing to unpack .../libeclipse-jdt-core-java_3.18.0+eclipse4.12-1_all.deb ... Unpacking libeclipse-jdt-core-java (3.18.0+eclipse4.12-1) ... Selecting previously unselected package libtomcat9-java. Preparing to unpack .../libtomcat9-java_9.0.31-1_all.deb ... Unpacking libtomcat9-java (9.0.31-1) ... Selecting previously unselected package tomcat9-common. Preparing to unpack .../tomcat9-common_9.0.31-1_all.deb ... Unpacking tomcat9-common (9.0.31-1) ... Selecting previously unselected package tomcat9. Preparing to unpack .../tomcat9_9.0.31-1_all.deb ... Unpacking tomcat9 (9.0.31-1) ... Setting up libeclipse-jdt-core-java (3.18.0+eclipse4.12-1) ... Setting up libtomcat9-java (9.0.31-1) ... Setting up tomcat9-common (9.0.31-1) ... Setting up tomcat9-admin (9.0.31-1) ... Setting up tomcat9 (9.0.31-1) ... Creating group systemd-coredump with gid 999. Creating user systemd-coredump (systemd Core Dumper) with uid 999 and gid 999. Creating group tomcat with gid 998. Creating user tomcat (Apache Tomcat) with uid 998 and gid 998. Creating config file /etc/tomcat9/tomcat-users.xml with new version Creating config file /etc/tomcat9/web.xml with new version Creating config file /etc/tomcat9/server.xml with new version Creating config file /etc/tomcat9/logging.properties with new version Creating config file /etc/tomcat9/context.xml with new version Creating config file /etc/tomcat9/catalina.properties with new version Creating config file /etc/tomcat9/jaspic-providers.xml with new version Creating config file /etc/logrotate.d/tomcat9 with new version Creating config file /etc/default/tomcat9 with new version Created symlink /etc/systemd/system/multi-user.target.wants/tomcat9.service -> /lib/systemd/system/tomcat9.service. Processing triggers for rsyslog (8.2001.0-1ubuntu1.1) ... Running in chroot, ignoring request. Adding user `user' to group `tomcat' ... Adding user user to group tomcat Done. tomcat9: unrecognized service =============================================================== Finished "service_tomcat.sh" Disk Usage1: service_tomcat.sh,Filesystem,1K-blocks,Used,Available,Use%,Mounted_on,date Disk Usage2: service_tomcat.sh,-,40202,19372,18766,51%,/,2020-08-25 16:57:59+00:00 Temp Usage: service_tomcat.sh,1 /tmp ===============================================================
comment:3 by , 4 years ago
Tomcat 8 user creation from debian/tomcat8.postinst:
if ! getent group "$TOMCAT8_GROUP" > /dev/null 2>&1 ; then addgroup --system "$TOMCAT8_GROUP" --quiet fi if ! id $TOMCAT8_USER > /dev/null 2>&1 ; then adduser --system --home /var/lib/tomcat8 --no-create-home \ --ingroup "$TOMCAT8_GROUP" --disabled-password --shell /bin/false \ --gecos "Apache Tomcat" \ "$TOMCAT8_USER" fi chown -Rh $TOMCAT8_USER:adm /var/log/tomcat8 /var/cache/tomcat8 chmod 750 /var/log/tomcat8 /var/cache/tomcat8
Tomcat 9 user creation from debian/tomcat9.postinst:
# Create the tomcat user as defined in /usr/lib/sysusers.d/tomcat9.conf systemd-sysusers
and /usr/lib/sysusers.d/tomcat9.conf:
# # sysusers.d snippet for creating the tomcat user automatically # at install time. See sysusers.d(5) for details. # #Type Name ID GECOS Home directory Shell u tomcat - "Apache Tomcat" - /usr/sbin/nologin
comment:4 by , 4 years ago
comment:5 by , 4 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
comment:6 by , 3 years ago
Milestone: | OSGeoLive14.0 → OSGeoLive15.0 |
---|---|
Resolution: | fixed |
Status: | closed → reopened |
This one is back for 15.0 when we enable tomcat installer.
comment:7 by , 3 years ago
Comparing /usr/lib/sysusers.d
, /etc/group
and records in /usr/share/base-passwd/group.master
to cross check the problem.
by , 3 years ago
Attachment: | Screenshot_20220605_181022.png added |
---|
comment:8 by , 3 years ago
From build34 logs:
Setting up libtomcat9-java (9.0.58-1) ... Setting up tomcat9-common (9.0.58-1) ... Setting up tomcat9-admin (9.0.58-1) ... Setting up tomcat9 (9.0.58-1) ... Creating group tomcat with gid 999. Creating user tomcat (Apache Tomcat) with uid 999 and gid 999.
comment:9 by , 3 years ago
Priority: | blocker → critical |
---|
comment:10 by , 3 years ago
Resolution: | → fixed |
---|---|
Status: | reopened → closed |
Confirmed fixed in build70 with deegree installed.
I am currently comparing the following debian packages (Bionic Tomcat 8 vs Focal Tomcat 9):
http://archive.ubuntu.com/ubuntu/pool/universe/t/tomcat8/tomcat8_8.5.39-1ubuntu1~18.04.3.debian.tar.xz
http://archive.ubuntu.com/ubuntu/pool/universe/t/tomcat9/tomcat9_9.0.31-1.debian.tar.xz
Tomcat 8 is no longer available in Focal.