Installing tomcat breaks iso live session

[kalxas]

While reviewing the tomcat installer for OSGeoLive 14, I have noticed that by enabling the tomcat installer, the live iso boot process breaks so I had to disable tomcat until a solution can be found.

​https://github.com/OSGeo/OSGeoLive/commit/25fbe20f5d07978e77eba4887de1386dab29122a

​https://github.com/OSGeo/OSGeoLive/commit/5665abb2818f8801936486454092ec0f0840a956

In order to figure out what the problem is, I managed to get a snapshot during the iso booting process (tomcat-boot-failure.png). The error is:

adduser: The UID 999 is already in use
usermod: user 'user' does not exist
install: invalid user 'user'

The system (casper) fails to create the 'user' account as the live system user, leaving the system hanging.

Digging a bit deeper, I see the following: On build 37 (without tomcat) right after the startup this is how the /etc/passwd file looks like (live_system_users.png):

...
postgres:x:122:131:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash
user:x:999:999:Live session user,,,:/home/user:/bin/bash
systemd-coredump:x:998:998:systemd Core Dumper:/:/usr/sbin/nologin

By manually creating the build chroot environment, right after tomcat installation, this is how the /etc/passwd file looks like (tomcat_user_chroot.png):

...
user:x:1000:1000:user,,,:/home/user:/bin/bash
systemd-coredump:x:999:999:systemd Core Dumper:/:/usr/sbin/nologin
tomcat:x:998:998:Apache Tomcat:/:/usr/sbin/nologin

My understanding of the problem is that tomcat user occupies UID 998 and this makes systemd-coredump user to pick up UID 999, leaving no UID available for the live session user (has to be < 1000). Casper then fails to create the user 'user' leaving the iso hanging on boot.

I see some possible solutions:

1. delete tomcat user in setdown script (as we currently do with user ​https://github.com/OSGeo/OSGeoLive/blob/master/bin/inchroot.sh#L252 ) and find a way to create the tomcat user during boot time.
2. patch tomcat debian package to create the tomcat user with another UID.

Any proposals for other solutions?

[kalxas]

I am currently comparing the following debian packages (Bionic Tomcat 8 vs Focal Tomcat 9):

​http://archive.ubuntu.com/ubuntu/pool/universe/t/tomcat8/tomcat8_8.5.39-1ubuntu1~18.04.3.debian.tar.xz

​http://archive.ubuntu.com/ubuntu/pool/universe/t/tomcat9/tomcat9_9.0.31-1.debian.tar.xz

Tomcat 8 is no longer available in Focal.

[kalxas]

And this is the tomcat installer log that confirms the UID situation:

===============================================================
Starting "service_tomcat.sh" ...
===============================================================
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
  libeclipse-jdt-core-java libtomcat9-java tomcat9-common
Suggested packages:
  tomcat9-docs tomcat9-examples tomcat9-user
Recommended packages:
  libtcnative-1
The following NEW packages will be installed:
  libeclipse-jdt-core-java libtomcat9-java tomcat9 tomcat9-admin tomcat9-common
0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded.
Need to get 12.2 MB of archives.
After this operation, 14.3 MB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu focal/universe amd64 libeclipse-jdt-core-java all 3.18.0+eclipse4.12-1 [6271 kB]
Get:2 http://archive.ubuntu.com/ubuntu focal/universe amd64 libtomcat9-java all 9.0.31-1 [5837 kB]
Get:3 http://archive.ubuntu.com/ubuntu focal/universe amd64 tomcat9-common all 9.0.31-1 [59.8 kB]
Get:4 http://archive.ubuntu.com/ubuntu focal/universe amd64 tomcat9 all 9.0.31-1 [36.4 kB]  
Get:5 http://archive.ubuntu.com/ubuntu focal/universe amd64 tomcat9-admin all 9.0.31-1 [24.6 kB]
Fetched 12.2 MB in 1s (10.1 MB/s)
Selecting previously unselected package libeclipse-jdt-core-java.
(Reading database ... 251613 files and directories currently installed.)
Preparing to unpack .../libeclipse-jdt-core-java_3.18.0+eclipse4.12-1_all.deb ...
Unpacking libeclipse-jdt-core-java (3.18.0+eclipse4.12-1) ...
Selecting previously unselected package libtomcat9-java.
Preparing to unpack .../libtomcat9-java_9.0.31-1_all.deb ...
Unpacking libtomcat9-java (9.0.31-1) ...
Selecting previously unselected package tomcat9-common.
Preparing to unpack .../tomcat9-common_9.0.31-1_all.deb ...
Unpacking tomcat9-common (9.0.31-1) ...
Selecting previously unselected package tomcat9.
Preparing to unpack .../tomcat9_9.0.31-1_all.deb ...
Unpacking tomcat9 (9.0.31-1) ...
Setting up libeclipse-jdt-core-java (3.18.0+eclipse4.12-1) ...
Setting up libtomcat9-java (9.0.31-1) ...
Setting up tomcat9-common (9.0.31-1) ...
Setting up tomcat9-admin (9.0.31-1) ...
Setting up tomcat9 (9.0.31-1) ...
Creating group systemd-coredump with gid 999.
Creating user systemd-coredump (systemd Core Dumper) with uid 999 and gid 999.
Creating group tomcat with gid 998.
Creating user tomcat (Apache Tomcat) with uid 998 and gid 998.
  
Creating config file /etc/tomcat9/tomcat-users.xml with new version
  
Creating config file /etc/tomcat9/web.xml with new version
  
Creating config file /etc/tomcat9/server.xml with new version
  
Creating config file /etc/tomcat9/logging.properties with new version
  
Creating config file /etc/tomcat9/context.xml with new version
  
Creating config file /etc/tomcat9/catalina.properties with new version
  
Creating config file /etc/tomcat9/jaspic-providers.xml with new version
  
Creating config file /etc/logrotate.d/tomcat9 with new version
  
Creating config file /etc/default/tomcat9 with new version
Created symlink /etc/systemd/system/multi-user.target.wants/tomcat9.service -> /lib/systemd/system/tomcat9.service.
Processing triggers for rsyslog (8.2001.0-1ubuntu1.1) ...
Running in chroot, ignoring request.
Adding user `user' to group `tomcat' ...
Adding user user to group tomcat
Done.
tomcat9: unrecognized service
===============================================================
Finished "service_tomcat.sh"
Disk Usage1: service_tomcat.sh,Filesystem,1K-blocks,Used,Available,Use%,Mounted_on,date
Disk Usage2: service_tomcat.sh,-,40202,19372,18766,51%,/,2020-08-25 16:57:59+00:00
Temp Usage: service_tomcat.sh,1 /tmp
===============================================================

[kalxas]

Tomcat 8 user creation from debian/tomcat8.postinst:

	if ! getent group "$TOMCAT8_GROUP" > /dev/null 2>&1 ; then
	    addgroup --system "$TOMCAT8_GROUP" --quiet
	fi
	if ! id $TOMCAT8_USER > /dev/null 2>&1 ; then
	    adduser --system --home /var/lib/tomcat8 --no-create-home \
		--ingroup "$TOMCAT8_GROUP" --disabled-password --shell /bin/false \
		--gecos "Apache Tomcat" \
		"$TOMCAT8_USER"
	fi
	chown -Rh $TOMCAT8_USER:adm /var/log/tomcat8 /var/cache/tomcat8
	chmod 750 /var/log/tomcat8 /var/cache/tomcat8

Tomcat 9 user creation from debian/tomcat9.postinst:

	# Create the tomcat user as defined in /usr/lib/sysusers.d/tomcat9.conf
	systemd-sysusers

and /usr/lib/sysusers.d/tomcat9.conf:

#
# sysusers.d snippet for creating the tomcat user automatically
# at install time. See sysusers.d(5) for details.
#

#Type Name     ID             GECOS                 Home directory Shell
u     tomcat   -              "Apache Tomcat"       -              /usr/sbin/nologin

[kalxas]

Fix:

​https://github.com/OSGeo/OSGeoLive/commit/8b812c77eda91dfb85a9d36f848b9d92bed9795e

[kalxas]

This one is back for 15.0 when we enable tomcat installer.

[kalxas]

Comparing /usr/lib/sysusers.d, /etc/group and records in /usr/share/base-passwd/group.master to cross check the problem.

[kalxas]

From build34 logs:

Setting up libtomcat9-java (9.0.58-1) ...
Setting up tomcat9-common (9.0.58-1) ...
Setting up tomcat9-admin (9.0.58-1) ...
Setting up tomcat9 (9.0.58-1) ...
Creating group tomcat with gid 999.
Creating user tomcat (Apache Tomcat) with uid 999 and gid 999.

[kalxas]

Fixed in build61:

​https://github.com/OSGeo/OSGeoLive/commit/fc8d80ee62fcecbbf85fb76024121f655416d81a

[kalxas]

Confirmed fixed in build70 with deegree installed.