Re: /tmp read-only with stretch and FAI 5.1.2

[Thomas Lange]

> On Tue, 9 Aug 2016 10:10:35 -0600, Jeffrey Stolte  said:

> root@faiclient:~# touch /tmp/test
> touch: cannot touch '/tmp/test': Operation not supported

Strange. This does not look like a permissions denied message.
I do not have this problem. Check if the permissions of your
/tmp inside the nfsroot are set like this:

ls -al /srv/fai/nfsroot/tmp/
drwxrwxrwt+  2 root root 4096 Jul  1 17:44 .

-- 
regards Thomas

Re: /tmp read-only with stretch and FAI 5.1.2

[Jeffrey Stolte]

On Tue, Aug 09, 2016 at 08:43:19PM +0200, Thomas Lange wrote:
> 
> Strange. This does not look like a permissions denied message.
> I do not have this problem. Check if the permissions of your
> /tmp inside the nfsroot are set like this:
> 
> ls -al /srv/fai/nfsroot/tmp/
> drwxrwxrwt+  2 root root 4096 Jul  1 17:44 .

Thomas,

The permissions are similar, but it looks like you have additional ACLs
enabled (the '+' symbol in the ls output above).  Do you know if that
is necessary?  Here's the ls output from my server:

faiserver:~# ls -al /srv/fai/nfsroot/tmp/
total 8
drwxrwxrwt  2 root root 4096 Aug  8 16:22 ./
drwxr-xr-x 21 root root 4096 Aug  8 16:21 ../

Thanks.

Jeff

Re: /tmp read-only with stretch and FAI 5.1.2

[Thomas Lange]

I do not know if the ACLs are needed. I've uploaded a tar ball of a
generic nfsroot (stretch, FAI 5.1.2, kernel 4.6) to
http://fai-project.org/download/misc/nfsroot-generic_5.1.2_4.6.tar.xz
It was created by fai-make-nfsroot -fvg

You can extract it on your FAI server and adjust it by calling
fai-make-nfsroot -av
See the man page for details. Then copy the kernel and initrd from
the nfsroot to your tftp location. This nfsroot work perfectly in my
network. Please report if this also works for you.

best regards thomas

Re: /tmp read-only with stretch and FAI 5.1.2

[Jeffrey Stolte]

Thomas,

Thank you for creating the nfsroot tarball.  Unfortunately, using this
nfsroot produces the same problem for me (/tmp not writeable).  If
this nfsroot works OK for you, then my problem must be somewhere else.
Maybe a boot parameter or NFS export option?  I'll keep looking and let
you know if I find anything.  Thanks.

Jeff

Re: /tmp read-only with stretch and FAI 5.1.2

[Stephen Dowdy]

Jeff, (btw, i work with Jeff)
I think it's useful to add some of the other stuff we discovered here.

The overlay fs seems to be setup in 'dracut', and not having ever used
this, i was confused by the parameters for upperdir+workdir
(/cow/{rw,work}) not existing in the running fai environment.
apparently /cow/rw gets bind mounted in dracut to /live/cow, which
does exist in fai environment and reflects changes we make (e.g.
creating character device "blackout/mask" files if we move or delete
stuff in / (which is bind mounted to /live/image)

We have discovered that we can:

mv /tmp /tmp-
mkdir /tmp

and after that, BOTH the new /tmp and the old /tmp, now /tmp- are writeable!

This seems to be a bug with the overlayfs (like overlayfs hasn't fully
initialized its namespace or something, and is defaulting to protected
subelements of / by default).   I see people reporting ENOTSUPP when
SELINUX is in play, but it is definitely not in play in the FAI
environment ( no /sys/fs/selinux, nor /selinux )

the "Operation Not Supported" is true for all subdirectories in /,
just not / itself (where you can create, delete, move, etc).  So, this
certainly poses problems in /var as well.

Very strange -- any ideas on known bugs or standard diagnostic
operations for 'overlayfs' appreciated.

thanks,
--stephen



On Wed, Aug 10, 2016 at 9:02 AM, Jeffrey Stolte  wrote:
> Thomas,
>
> Thank you for creating the nfsroot tarball.  Unfortunately, using this
> nfsroot produces the same problem for me (/tmp not writeable).  If
> this nfsroot works OK for you, then my problem must be somewhere else.
> Maybe a boot parameter or NFS export option?  I'll keep looking and let
> you know if I find anything.  Thanks.
>
> Jeff



-- 
Stephen Dowdy  -  Systems Administrator  -  NCAR/RAL
303.497.2869   -  sdo...@ucar.edu-  http://www.ral.ucar.edu/~sdowdy/

Re: /tmp read-only with stretch and FAI 5.1.2

[Thomas Lange]

Hi Jeff, hi Stephen,

I found the problem. It's NFS v4 again. If I export my nfsroot via
NFS v4 I also have the 'operation not supported' error message when
doing a touch /tmp/test.

On your FAI install server you can add this line to the /etc/exports

/srv/nfs4   1.2.3.4/25(fsid=0,ro,no_subtree_check)

And create an empty /srv/nfs4 directory. Replace 1.2.3.4/25 with your
network settings. fsid=0 will force to export this empty directory
using NFS v4, and all other entries in /etc/exports with NFS v3.

So, there seems to be a bug in overlayfs when using NFS v4.
-- 
regards Thomas

Re: /tmp read-only with stretch and FAI 5.1.2

[Jeffrey Stolte]

Thomas,

We just discovered the same thing here.  I actually changed the PXE boot
file for the client to use NFSv3 (by adding ':vers=3' to the end of the
'root=' line), but the effect was the same.  I think using NFSv3 for the
installs will be an OK workaround for now.  Thanks for you help with this
problem.

Jeff