Dependency-based boot

Discussion in 'Debian Appliance Builder' started by iti-asi, Sep 6, 2010.

  1. iti-asi

    iti-asi Member

    Joined:
    Jul 14, 2009
    Messages:
    52
    Likes Received:
    0
    Hi,

    As you know, I'm quickly trying to move all our new servers to Debian squeeze. One of the last pending issues is to adapt the OpenVZ and PVE init scripts to the new policy, which basically means adding LSB init headers and not using just a symlink but do a real script install so it's not ignored.

    The OpenVZ vzreboot script should be fixed in vzctl. See http://bugzilla.openvz.org/show_bug.cgi?id=1423.

    I've done a pair of tests to fix the PVE side of the problem; that is, fixing ssh_gen_host_keys, and am encountering a weird problem when trying to install the script.
    Code:
    --- DAB.pm.orig    2010-09-06 12:09:50.000000000 +0200
    +++ DAB.pm    2010-09-06 13:42:23.000000000 +0200
    @@ -1158,9 +1158,9 @@
         my $rootdir = $self->vz_root_dir();
     
         my $base = basename ($script);
    -    my $target = sprintf ("$rootdir/etc/rc${runlevel}.d/S%02d${base}", $prio);
    +    my $target = "$rootdir/etc/init.d";
         $self->run_command ("install -m 0755 '$script' '$target'");
    -    return $target;
    +    $self->run_command ("update-rc.d $base start $prio $runlevel");
     }
     
     sub bootstrap {
    @@ -1381,6 +1381,7 @@
         # reset password
         $self->ve_command ("usermod -L root");
     
    +    # regenerate sshd host keys
         $self->install_init_script ($script_ssh_init, 2, 14);
     
         if ($mta eq 'postfix') {
    
    --- ssh_gen_host_keys.orig    2010-09-06 12:11:10.000000000 +0200
    +++ ssh_gen_host_keys    2010-09-06 12:53:23.000000000 +0200
    @@ -1,4 +1,14 @@
     #!/bin/sh
    +### BEGIN INIT INFO
    +# Provides:          ssh_gen_host_keys
    +# Required-Start:    $local_fs
    +# Required-Stop:
    +# X-Start-Before:    sshd
    +# Default-Start:     2
    +# Default-Stop:
    +# Short-Description: Regenerate SSH keys
    +# Description:       Regenerate container SSH keys for uniqueness.
    +### END INIT INFO
     
     set -e
     
    @@ -16,4 +26,5 @@
     rm -f /etc/ssh/ssh_host_dsa_key
     ssh-keygen -q -f /etc/ssh/ssh_host_dsa_key -t dsa -N ''
     
    -rm -f $0
    +rm -f /etc/init.d/ssh_gen_host_keys
    +update-rc.d -f ssh_gen_host_keys remove
    
    However, I'm stuck because dab bootstrap is failing on me, and I'm not sure why:
    Code:
    unpack: libgssapi-krb5-2
    unpack: libkrb5-3
    unpack: ssl-cert
    unpack: libncursesw5
    unpack: cpio
    configure important packages
    command 'update-rc.d ssh_gen_host_keys start 14 2' failed with exit code 1
    command 'update-rc.d ssh_gen_host_keys start 14 2' failed with exit code 1
    make: *** [all] Error 1
    
    Can anyone lend me a pair of eyes to see what probably silly mistake is going here?
    The alternative is to simply install the script and then add a symlink by hand, which would work for our really silly usecase, but I want to try this first.
     
  2. dietmar

    dietmar Proxmox Staff Member
    Staff Member

    Joined:
    Apr 28, 2005
    Messages:
    16,464
    Likes Received:
    311
    Why does it run ssh_gen_host_keys during DAB build? The rc policy forbids that? Will test tomorrow.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. iti-asi

    iti-asi Member

    Joined:
    Jul 14, 2009
    Messages:
    52
    Likes Received:
    0
    It does not run (or shouldn't) the script during build, but update-rc.d to install the appropriate symlink in /etc/rc2.d. That command works flawlessly if I vzctl enter 90000 and do it by hand. For some reason it fails at that point of the setup. Maybe one of the tools update-rc.d uses is diverted or disabled at that stage?
     
  4. dietmar

    dietmar Proxmox Staff Member
    Staff Member

    Joined:
    Apr 28, 2005
    Messages:
    16,464
    Likes Received:
    311
    Why do you want to change something that works into something that does not work? What is the advantage of using "update-rc.d"?
    Or is it no longer feasible to simply install a symlink in /etc/rc2.d?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 dietmar, Sep 7, 2010
    Last edited: Sep 7, 2010
  5. dietmar

    dietmar Proxmox Staff Member
    Staff Member

    Joined:
    Apr 28, 2005
    Messages:
    16,464
    Likes Received:
    311
    Ok, finally got it - please ignore my last post.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. dietmar

    dietmar Proxmox Staff Member
    Staff Member

    Joined:
    Apr 28, 2005
    Messages:
    16,464
    Likes Received:
    311
    First, dab produce a detailed log file called 'logfile'. Just take a look at that file when something fails:

    Code:
       update-rc.d: /etc/init.d/ssh_gen_host_keys: file does not exist
      command 'update-rc.d ssh_gen_host_keys start 14 2' failed with exit code 1
      
    You execute 'update-rd.d' on the host. Instead you should run it inside the guest!

    Code:
    Index: DAB.pm
    ===================================================================
    --- DAB.pm      (revision 5029)
    +++ DAB.pm      (working copy)
    @@ -1158,8 +1158,10 @@
         my $rootdir = $self->vz_root_dir();
     
         my $base = basename ($script);
    -    my $target = sprintf ("$rootdir/etc/rc${runlevel}.d/S%02d${base}", $prio);
    +    my $target = "$rootdir/etc/init.d/$base";
         $self->run_command ("install -m 0755 '$script' '$target'");
    +    $self->ve_command ("update-rc.d $base start $prio $runlevel");
    +
         return $target;
     }
    
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. dietmar

    dietmar Proxmox Staff Member
    Staff Member

    Joined:
    Apr 28, 2005
    Messages:
    16,464
    Likes Received:
    311
    we also need to modify scripts/mysql_randompw
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. iti-asi

    iti-asi Member

    Joined:
    Jul 14, 2009
    Messages:
    52
    Likes Received:
    0
    Wow, that was really silly! Thanks for the pointer, I was pretty sure it was something simple. ;)
    I hope you can integrate this in a new dab version soon!
     
  9. dietmar

    dietmar Proxmox Staff Member
    Staff Member

    Joined:
    Apr 28, 2005
    Messages:
    16,464
    Likes Received:
    311
    just waiting for the 'scripts/mysql_randomp' patch - would you mind to provide/test it?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. iti-asi

    iti-asi Member

    Joined:
    Jul 14, 2009
    Messages:
    52
    Likes Received:
    0
    I'm not sure if I fully understand what's going on with MySQL. Here's a patch for the script, but not for DAB.pm.

    Code:
    --- mysql_randompw.orig    2010-09-08 13:24:56.000000000 +0200
    +++ mysql_randompw    2010-09-08 13:41:44.000000000 +0200
    @@ -1,4 +1,14 @@
     #!/bin/sh
    +### BEGIN INIT INFO
    +# Provides:          mysql_randompw
    +# Required-Start:    $local_fs
    +# Required-Stop:
    +# X-Start-Before:    mysql
    +# Default-Start:     2
    +# Default-Stop:
    +# Short-Description: Generate random MySQL root password
    +# Description:       Generate and set a random MySQL root password
    +### END INIT INFO
     
     set -e
     
    @@ -23,4 +33,5 @@
     
     chmod 0600 /root/.my.cnf
     
    -rm -f $0
    +rm -f /etc/init.d/mysql_randompw
    +update-rc.d -f mysql_randompw remove
    
    If this needs to be run *after* mysql is started, the trivial change is to use X-Start-After.

    DAB.pm needs a change I'm not sure about:
    Code:
        my $rpwscript = glob ("$rootdir/etc/rc2.d/S*mysql_randompw");
    
    If you can take care of those two details, I think that's enough.
     
  11. dietmar

    dietmar Proxmox Staff Member
    Staff Member

    Joined:
    Apr 28, 2005
    Messages:
    16,464
    Likes Received:
    311
    Ok, will test tomorow.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. dietmar

    dietmar Proxmox Staff Member
    Staff Member

    Joined:
    Apr 28, 2005
    Messages:
    16,464
    Likes Received:
    311
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #12 dietmar, Sep 9, 2010
    Last edited: Sep 9, 2010
  13. iti-asi

    iti-asi Member

    Joined:
    Jul 14, 2009
    Messages:
    52
    Likes Received:
    0
  14. iti-asi

    iti-asi Member

    Joined:
    Jul 14, 2009
    Messages:
    52
    Likes Received:
    0
    Dietmar, browsing the Debian changelog for squeeze's vzctl, I see Ola seems to have fixed this in the official Debian package:
    Code:
       * Backported solution from upstream to solve the problem with vz
         container reboot and insserv. Closes: [URL="http://bugs.debian.org/576227"]#576227[/URL]. This solution is provided
         by a series of patches. A new vzeventd function is introduced and removes
         the need for cron jobs.
    Does it make sense to include these changes in the PVE package in order to fix the remaining insserv issue? Thanks in advance.
     
  15. dietmar

    dietmar Proxmox Staff Member
    Staff Member

    Joined:
    Apr 28, 2005
    Messages:
    16,464
    Likes Received:
    311
    AFAIK that fix requires vzevent support, which we do not have in 2.6.18 and 2.6.24.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. iti-asi

    iti-asi Member

    Joined:
    Jul 14, 2009
    Messages:
    52
    Likes Received:
    0
    Oops. You are right. For now, either we stick with a non-working vzreboot, or do a bit of hackery in vzctl: instead of writing that broken init script, a "correct" header can be written and a symlink installed for compatibility with non-insserv installs. This way, it'd work for both worlds.

    My C skills are *really* horrible, but we can try to give it a whirl here when I get really fed up of the insserv warning.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice