• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

FOG install overwrites /etc/exports with no warning

Scheduled Pinned Locked Moved
General
5
14
1.3k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    mechalas
    last edited by mechalas May 28, 2019, 8:39 AM May 28, 2019, 2:37 PM

    Folks, the FOG installer blindly overwrites /etc/exports with no warning, no chance to interrupt it, and without backing up the old one. This is bad, bad behavior. I can’t emphasize enough how bad this is.

    I see now, after I got bit by this, that there are many complaints about this behavior. Well, there should be, because this is terrible. Just adding menu options to installfog.sh is not enough warning. You need to alert people when you are about to overwrite a file that has been customized and give them a chance to stop it, just like every Linux distribution’s package manager on the planet does. A simple checksum can tell you that you are about to do that.

    1 Reply Last reply Reply Quote 0
    • S
      Sebastian Roth Moderator
      last edited by May 28, 2019, 3:35 PM

      @mechalas Hope you had a backup of your machine/that file.

      You probably read about the blexports option in /opt/fog/.fogsettings as well.

      This is bad, bad behavior. I can’t emphasize enough how bad this is.

      Not sure I feel encouraged by the sound of this to change this behaviour in the installer. 😉 The FOG dev team is very sparse at the moment and has been for months. I am ripping my arms of to fix things here and there and just can’t spend more hours of my free time on this to find and fix all things before anyone else does!

      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

      1 Reply Last reply Reply Quote 1
      • M
        mechalas
        last edited by mechalas May 28, 2019, 9:05 PM May 29, 2019, 2:56 AM

        We run nightly backups that keep several weeks of history and restoration took only a few minutes. Only three clients got wedged to the point where they had to be rebooted.

        But we were lucky because we only have three dozen or so clients in our lab. In my previous role, I was part of a team that supported roughly 20,000 clients. Imagine the havoc that gets wreaked when an exports file with a few hundred filesystems in it goes away. Batch jobs start hanging, user login sessions hang, and so on. In most cases, it’s just a stale NFS filehandle message, but not all applications are tolerant of an outage of minutes to hours (depending on how long it takes for the issue to get noticed).

        I appreciate that it’s a small development team, but this stuff has real impact. Overwriting a file that is not owned by the software and is a critical, shared resource rubs me the wrong way, especially when it takes down infrastructure. And yes, I saw the help, but the use of inconsistent language makes it easy to make faulty assumptions about what the installer is actually doing:

        	-E    --no-exportbuild		Skip building nfs file
        	-P    --no-pxedefault		Do not overwrite pxe default file
        

        One option speaks of building, another says overwrite. The latter sounds dangerous, the former does not. But, more to the point, sometimes I make mistakes because my life is not 100% error-free, even when I am paying close attention. Software can help stop me from doing something I shouldn’t.

        Here is a simple solution for the installer that would mitigate this problem: grep the file for the lines you want to add, and if you don’t see them, use echo with an append:

        if grep '^my line regex' /etc/exports > /dev/null 2>&1
        then
           :
        else
          echo "my line" >> /etc/exports
        fi
        

        Worst-case scenario is that someone modified the line you were going to add, and you end up adding a duplicate.

        1 Reply Last reply Reply Quote 0
        • S
          Sebastian Roth Moderator
          last edited by May 29, 2019, 6:58 AM

          @mechalas I am absolutely with you here that simply overwriting the file can cause trouble if people rely on the FOG server as general NFS storage (not recommended by the way!) and therefore customize /etc/exports.

          We have a similar situation for different configuration files as well (DHCPd, VSFTPd). For those we do a single shot backups (copy before overwrite). So running the installer a second time (for whatever reason) will erase your initial config as well. Not as bad as we have it for NFS but still. I remember that I had thought about how to properly solve this a couple of times in the last years but never got to a proper solution. Too bad we never did.

          Thanks for your suggestion but as you already mentioned this will ruin configs that were modified by people manually. Let’s take the time and try to come up with a proper solution for all situations now that you brought up this again! 🙂

          Checksums would work for /etc/exports but not for dhcpd.conf as that has variable information like IP addresses. Another option would be to use “block comments” like:

          ### FOG config start - don't touch ###
          ...
          ### FOG config end - don't touch ###
          

          But I have seen many situations where this fails terribly and I don’t thing we can make this absolutely fail save.

          Hmmm, any other suggestions?

          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

          1 Reply Last reply Reply Quote 0
          • Q
            Quazz Moderator
            last edited by May 29, 2019, 8:37 AM

            To be fair, it’s been a longstanding recommendation that the FOG server should be running nothing but the FOG server for a reason.

            1 Reply Last reply Reply Quote 3
            • W
              Wayne Workman
              last edited by Wayne Workman May 29, 2019, 4:28 PM May 29, 2019, 10:20 PM

              @mechalas Please see the NFS section of the .fogsettings documentation, and set it to not overwrite your exports file:

              https://wiki.fogproject.org/wiki/index.php?title=.fogsettings#NFS

              @Sebastian-Roth there appears to be an /etc/exports.d functionality I’d suggest looking into. Maybe fogs config can be put into its own separate file:
              https://serverfault.com/questions/910827/how-do-i-use-etc-export-d
              Because this would be an improvement and not a break-fix, I’d suggest backlogging this until more pressing things are sorted.

              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
              Daily Clean Installation Results:
              https://fogtesting.fogproject.us/
              FOG Reporting:
              https://fog-external-reporting-results.fogproject.us/

              1 Reply Last reply Reply Quote 1
              • M
                mechalas
                last edited by May 30, 2019, 2:18 PM

                @Quazz

                To be fair, it’s been a longstanding recommendation that the FOG server should be running nothing but the FOG server for a reason.

                If I followed that advice for every service I stood up that suggested this, I’d have a pile of VM’s, Docker containers, or a slew of physical systems (or a combination of all three) that need to be managed. Each of those solutions brings their own administrative overhead and issues. It’s trading one problem for another.

                In an ideal world, this is great. In the real world where resources are limited, I have to make decisions about what can go where, and what’s easiest to manage.

                @Wayne-Workman

                Please see the NFS section of the .fogsettings documentation, and set it to not overwrite your exports file:

                I read that document. It says “rebuild” and “rebuilt”. When I have my engine in my car rebuilt, I expect to get back my old engine with new parts in it. I do not expect to get back just the new parts.

                The language here matters.

                1 Reply Last reply Reply Quote 0
                • M
                  mechalas
                  last edited by May 30, 2019, 2:46 PM

                  I like the /etc/exports.d approach the best.

                  My age is showing: I didn’t even know this functionality had been added to exportfs or I’d have been using it.

                  1 Reply Last reply Reply Quote 0
                  • S
                    Sebastian Roth Moderator
                    last edited by Sebastian Roth Jun 6, 2019, 5:40 PM Jun 6, 2019, 11:40 PM

                    @mechalas @Wayne-Workman I have done some first tests on Debian and CentOS just to make sure this actually works as expected. Seems like it does so far.

                    Meanwhile I was wondering about your ideas on how to move over from what we have now to /etc/exports.d schema. There are a couple different situations, some are easy and some are hard to come by.

                    • Fresh install: Just generate /etc/exports.d/fog.exports and we are good to go.
                    • Upgrade install with a clean /etc/exports file: either we use checksum or regex to make sure it is not modified and move the file to /etc/exports.d/fog.exports (and maybe create an empty /etc/exports)
                    • Upgrade install with a modified /etc/exports file: Not really sure what to do in this case. We could try to grep the existing entries, pipe those into a new /etc/exports.d/fog.exports and sed the main file to remove/comment the entries there. But I guess there are so many different files out there that chance is high we break things for some people again - last time though.

                    Any comments on this?

                    Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                    Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                    george1421G W 2 Replies Last reply Jun 7, 2019, 12:25 AM Reply Quote 1
                    • george1421G
                      george1421 Moderator @Sebastian Roth
                      last edited by Jun 7, 2019, 12:25 AM

                      @Sebastian-Roth said in FOG install overwrites /etc/exports with no warning:

                      1. Fresh install: Just generate /etc/exports.d/fog.exports and we are good to go.
                      2. Upgrade install with a clean /etc/exports file: either we use checksum or regex to make sure it is not modified and move the file to /etc/exports.d/fog.exports (and maybe create an empty /etc/exports)
                      3. Upgrade install with a modified /etc/exports file: Not really sure what to do in this case. We could try to grep the existing entries, pipe those into a new /etc/exports.d/fog.exports and sed the main file to remove/comment the entries there. But I guess there are so many different files out there that chance is high we break things for some people again - last time though.
                      1. Test to see if /etc/exports.d directory exists, if not fall back to current way of managing exports.
                      2. (3. can be combined) test to see if /etc/exports.d exists. if so use sed or awk to remove the fog lines from /etc/exports and then move to the exports.d design.
                      3. Same process as 2.

                      Questions: what happens if we have 2 exports.d file that contains the same fsid? Will that break something? Do we move FOG’s nfs fsid to something unique like 1001? Does the fsid need to be unique or sequential?

                      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                      W 1 Reply Last reply Jun 7, 2019, 4:53 PM Reply Quote 1
                      • S
                        Sebastian Roth Moderator
                        last edited by Jun 7, 2019, 5:18 AM

                        @george1421 said in FOG install overwrites /etc/exports with no warning:

                        1. Test to see if /etc/exports.d directory exists, if not fall back to current way of managing exports.

                        No good I suppose. Testing on Debian I noticed that /etc/exports.d did not exist on a clean fresh OS install with nfs-server package but it all worked perfectly well after I created it manually…

                        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                        1 Reply Last reply Reply Quote 0
                        • W
                          Wayne Workman @george1421
                          last edited by Jun 7, 2019, 4:53 PM

                          @george1421 said in FOG install overwrites /etc/exports with no warning:

                          Questions: what happens if we have 2 exports.d file that contains the same fsid? Will that break something?

                          In what scenarios do you see having two?

                          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
                          Daily Clean Installation Results:
                          https://fogtesting.fogproject.us/
                          FOG Reporting:
                          https://fog-external-reporting-results.fogproject.us/

                          george1421G 1 Reply Last reply Jun 7, 2019, 5:50 PM Reply Quote 0
                          • W
                            Wayne Workman @Sebastian Roth
                            last edited by Wayne Workman Jun 7, 2019, 11:02 AM Jun 7, 2019, 5:01 PM

                            @Sebastian-Roth said in FOG install overwrites /etc/exports with no warning:

                            Upgrade install with a clean /etc/exports file: either we use checksum or regex to make sure it is not modified and move the file to /etc/exports.d/fog.exports (and maybe create an empty /etc/exports)

                            Just check if it exists.

                            if [[ ! -f "/etc/exports.d/fog.exports" ]]; then 
                                echo "do stuff"
                            fi
                            

                            I’d suggest asking the user to confirm the actions to be taken, with a default answer of “y”.
                            Maybe something like “it’s detected that fog configuration exists in /etc/exports. Would you like the installer to move this to the new location for you?”

                            Just kicking around ideas…

                            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
                            Daily Clean Installation Results:
                            https://fogtesting.fogproject.us/
                            FOG Reporting:
                            https://fog-external-reporting-results.fogproject.us/

                            1 Reply Last reply Reply Quote 0
                            • george1421G
                              george1421 Moderator @Wayne Workman
                              last edited by Jun 7, 2019, 5:50 PM

                              @Wayne-Workman said in FOG install overwrites /etc/exports with no warning:

                              In what scenarios do you see having two?

                              If you were to install fog side by side with another product that supports nfs. What is the likelihood of two installs creating an entry with fsid of 0 or 1? We see that issue today when someone wants to create a second nfs share on the fog server and clones what is currently there but updates the paths only.

                              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                              1 Reply Last reply Reply Quote 0
                              • 1 / 1
                              • First post
                                Last post

                              240

                              Online

                              12.0k

                              Users

                              17.3k

                              Topics

                              155.2k

                              Posts
                              Copyright © 2012-2024 FOG Project