Architecture #4140
closedRPM packages don't fail on pre/post-uninst/inst scripts
Description
I just installed a fresh version of Rudder 2.8.0 on CentOS 6. The installation reported completing succesfully, but I could not access the webapp, and after some investigating, I found that httpd was not running.
Here is an extract from the install logs:
Installing : 1398866025:rudder-webapp-2.8.0.release-1.EL.6.noarch 66/72 INFO: Setting Apache HTTPd as a boot service... Done INFO: Restrating syslog... Done INFO: Stopping Apache HTTPd... Done INFO: No usable SSL certificate detected for Rudder HTTP/S support, generating one automatically... Done INFO: Starting Apache HTTPd...INFO: Launching script to check if a migration is needed
(on a side note: the "echo " Done" line is missing after the apache start)
Running "/sbin/service httpd start" manually, I see this:
[vagrant@server ~]$ sudo /sbin/service httpd start Starting httpd: Syntax error on line 30 of /etc/httpd/conf.d/rudder-vhost-ssl.conf: SSLCertificateFile: file '/opt/rudder/etc/ssl/rudder-webapp.crt' does not exist or is empty [FAILED]
This is true:
[vagrant@server ~]$ ls /opt/rudder/etc/ssl/ rudder-webapp.key
When I remove everything under /opt/rudder/etc/ssl, and try to run the key and crt generation command manually, I get this:
[vagrant@server ~]$ sudo openssl req -new -x509 -newkey rsa:2048 -subj "/CN=$(hostname --fqdn)/" -keyout /opt/rudder/etc/ssl/rudder-webapp.key -out /opt/rudder/etc/ssl/rudder-webapp.crt -days 1460 -nodes -sha256 Generating a 2048 bit RSA private key ......................................................................+++ .........+++ writing new private key to '/opt/rudder/etc/ssl/rudder-webapp.key' ----- problems making Certificate Request 140679770867528:error:0D07A097:asn1 encoding routines:ASN1_mbstring_ncopy:string too long:a_mbstr.c:154:maxsize=64 [vagrant@server ~]$ echo $? 1
I figured out that this comes from my hostname being too long, which is used as the certificate's CN:
[vagrant@server ~]$ hostname --fqdn server.rudder.local.rudder.local.rudder.local.rudder.local.rudder.local.rudder.local
(on a side note, this is a bug in the rudder-vagrant provisioning scripts, that appends "rudder.local" onto the hostname even if it's already there)
Nothing warned me about this during the install process, even though the openssl command returned a non-zero code.
From https://fedoraproject.org/wiki/Packaging:ScriptletSnippets, I see:
rpm in its default configuration does not at the moment execute shell scriptlets with the -e argument to the shell
So, all of our post/pre inst/uninst scripts have been written in the assumption that, like Debian packaging, if anything goes wrong (ie returns non-zero), the package manager will complain and alert the user. This is not the case, and our RPM packages end up being installed, errors happen, but the user gets told "Success". This is bad.
I'm not sure how to proceed, I see several options:
- We add "set -e" to all our post/pre in/unin scripts in the .spec files. This will cause the package installation to fail and the user will be alerted. It seems like a quick and easy solution to implement, although if we decide to go with it, I think we should only make this change in 2.8.x, not in older versions, because this may break something (we may have some commands failing, but that don't matter). However, I wonder if this approach doesn't go against "the RPM way". I know that in the Debian world, it is common to tell apt-get/aptitude to "try again with configuring that package", but I've never heard of this in the RPM world...
- We add detection to anything important, as in "do_stuff || "Failed to do_stuff, OMG, you should totally check the docs now and fix this yourself!". I don't like this solution as much, because it would be complicated and error-prone to implement, and doesn't really fix the problem. But it may be more the "RPM way".
- Can't think of any other approaches for now.
Thoughts?
Updated by Jonathan CLARKE about 11 years ago
Jonathan CLARKE wrote:
(on a side note: the "echo " Done" line is missing after the apache start)
Fix proposed in #4141.
(on a side note, this is a bug in the rudder-vagrant provisioning scripts, that appends "rudder.local" onto the hostname even if it's already there)
And this needs fixing in #4142.
Updated by Nicolas PERRON about 11 years ago
- Target version changed from 2.8.1 to 2.8.2
Updated by Vincent MEMBRÉ almost 11 years ago
- Target version changed from 2.8.2 to 2.8.3
Updated by Vincent MEMBRÉ over 10 years ago
- Target version changed from 2.8.3 to 2.8.4
Updated by Matthieu CERDA over 10 years ago
- Assignee changed from Matthieu CERDA to Jonathan CLARKE
Well, I'd go for the second option, it seems like the best compromise :)
Should we do this then ?
Updated by Vincent MEMBRÉ over 10 years ago
- Target version changed from 2.8.4 to 133
Updated by Vincent MEMBRÉ over 10 years ago
- Target version changed from 133 to 2.9.5
Updated by Vincent MEMBRÉ over 10 years ago
- Target version changed from 2.9.5 to 2.9.6
Updated by Jonathan CLARKE over 10 years ago
- Target version changed from 2.9.6 to 2.9.7
Updated by Jonathan CLARKE over 10 years ago
- Target version changed from 2.9.7 to 150
Updated by Vincent MEMBRÉ over 10 years ago
- Target version changed from 150 to 2.10.4
Updated by Nicolas PERRON over 10 years ago
- Target version changed from 2.10.4 to 2.10.5
Updated by Vincent MEMBRÉ about 10 years ago
- Target version changed from 2.10.5 to 2.10.6
Updated by Matthieu CERDA about 10 years ago
- Target version changed from 2.10.6 to 2.10.7
Updated by Vincent MEMBRÉ about 10 years ago
- Target version changed from 2.10.7 to 2.10.8
Updated by Vincent MEMBRÉ almost 10 years ago
- Target version changed from 2.10.8 to 2.10.9
Updated by Vincent MEMBRÉ almost 10 years ago
- Target version changed from 2.10.9 to 2.10.10
Updated by Vincent MEMBRÉ almost 10 years ago
- Target version changed from 2.10.10 to 2.10.11
Updated by Vincent MEMBRÉ over 9 years ago
- Target version changed from 2.10.11 to 2.10.12
Updated by Benoît PECCATTE over 9 years ago
- Project changed from 34 to Rudder
- Category set to Packaging
Updated by Vincent MEMBRÉ over 9 years ago
- Target version changed from 2.10.12 to 2.10.13
Updated by Vincent MEMBRÉ over 9 years ago
- Target version changed from 2.10.13 to 2.10.14
Updated by Vincent MEMBRÉ over 9 years ago
- Target version changed from 2.10.14 to 2.10.15
Updated by Vincent MEMBRÉ over 9 years ago
- Target version changed from 2.10.15 to 2.10.16
Updated by Vincent MEMBRÉ over 9 years ago
- Target version changed from 2.10.16 to 2.10.17
Updated by Vincent MEMBRÉ about 9 years ago
- Target version changed from 2.10.17 to 2.10.18
Updated by Vincent MEMBRÉ about 9 years ago
- Target version changed from 2.10.18 to 2.10.19
Updated by Vincent MEMBRÉ about 9 years ago
- Target version changed from 2.10.19 to 2.10.20
Updated by Vincent MEMBRÉ almost 9 years ago
- Target version changed from 2.10.20 to 2.11.18
Updated by Vincent MEMBRÉ almost 9 years ago
- Target version changed from 2.11.18 to 2.11.19
Updated by Vincent MEMBRÉ over 8 years ago
- Target version changed from 2.11.19 to 2.11.20
Updated by Vincent MEMBRÉ over 8 years ago
- Target version changed from 2.11.20 to 2.11.21
Updated by Vincent MEMBRÉ over 8 years ago
- Target version changed from 2.11.21 to 2.11.22
Updated by Vincent MEMBRÉ over 8 years ago
- Target version changed from 2.11.22 to 2.11.23
Updated by Vincent MEMBRÉ over 8 years ago
- Target version changed from 2.11.23 to 2.11.24
Updated by Vincent MEMBRÉ about 8 years ago
- Target version changed from 2.11.24 to 308
Updated by Vincent MEMBRÉ about 8 years ago
- Target version changed from 308 to 3.1.14
Updated by Vincent MEMBRÉ about 8 years ago
- Target version changed from 3.1.14 to 3.1.15
Updated by Vincent MEMBRÉ about 8 years ago
- Target version changed from 3.1.15 to 3.1.16
Updated by Vincent MEMBRÉ about 8 years ago
- Target version changed from 3.1.16 to 3.1.17
Updated by Vincent MEMBRÉ almost 8 years ago
- Target version changed from 3.1.17 to 3.1.18
Updated by Vincent MEMBRÉ almost 8 years ago
- Target version changed from 3.1.18 to 3.1.19
Updated by François ARMAND over 7 years ago
- Tracker changed from Bug to Architecture
The installation of recent version is much more resilient, and the http service is checked to be running. But the underlying problem is still there, and it needs to be adressed as an architecture problem: I'm linking it to #10542
Updated by François ARMAND over 7 years ago
- Related to Architecture #10542: Merge rudder-reports into rudder-webapp added
Updated by Vincent MEMBRÉ over 7 years ago
- Target version changed from 3.1.19 to 3.1.20
Updated by Vincent MEMBRÉ over 7 years ago
- Target version changed from 3.1.20 to 3.1.21
Updated by Vincent MEMBRÉ over 7 years ago
- Target version changed from 3.1.21 to 3.1.22
Updated by Vincent MEMBRÉ over 7 years ago
- Target version changed from 3.1.22 to 3.1.23
Updated by Vincent MEMBRÉ about 7 years ago
- Target version changed from 3.1.23 to 3.1.24
Updated by Vincent MEMBRÉ about 7 years ago
- Target version changed from 3.1.24 to 3.1.25
Updated by Benoît PECCATTE about 7 years ago
- Target version changed from 3.1.25 to 4.1.9
Updated by Vincent MEMBRÉ almost 7 years ago
- Target version changed from 4.1.9 to 4.1.10
Updated by Benoît PECCATTE almost 7 years ago
- Target version changed from 4.1.10 to Ideas (not version specific)
Updated by Benoît PECCATTE almost 7 years ago
- Status changed from Discussion to Rejected
Rudder now have a common postinst between rpm and dpkg, and this script uses set -e.
This is not a problem anymore.