[Bug 238785] sysutils/py-google-compute-engine: Some GCE packages fill the logs with an error message

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Mon Jul 8 16:39:39 UTC 2019 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238785

--- Comment #8 from Mage <mage at mage.gold> ---
I did my best. The rest is up to you. Here is what I found:


I created two servers, test1 and test2. test1 is a clone or a running server.
test2 was a saved image of that server in January 2019.

I booted up both servers. test1 put the error message into the log every
minute. test2 did not put there anything.

I upgraded both servers using pkg upgrade. I compared the package list with
diff. They were identical except for the PostgreSQL version (10 vs. 11). It was
the only difference.

test1 kept adding the error to the logs. test2 did not do it.

(All my running servers behave the same as test1).

I ran diff -ur on /usr/local/etc and /etc to compare the both servers. I found
almost nothing belpful. They were almost the same, except fot the apache config
in /usr/local/etc.

There was in interesting difference though. On test2, my user was in the
google-sudoers group. On test1, it was not.

google-sudoers:*:1003:
vs. 
google-sudoers:*:1003:mage

I don’t like sudo. On my non-google FreeBSD servers, I’ve never had it
installed. On GCE, I use it solely for 'sudo su -'

It is sure I did not remove myself from that file. I didn’t even know I was in
that group. I don’t even know what that group does because I can 'sudo su -' on
any server on which I’m not a member of that group.

As the log was not helpful, I went throgh the three files, and I added a line
to /usr/local/lib/python2.7/subprocess.py

Line 185:
print popenargs

Then, I killed the daemons (the service google-xxx-daemon stop doesn’t work by
the way), and I ran it from console.

root at test1 ~ # /usr/local/bin/google_accounts_daemon-2.7
(['gpasswd', '-a', 'mage', 'google-sudoers'],)
(['gpasswd', '-a', 'mage', 'google-sudoers'],)
[...]

It tries to add me to that group in every minute using gpasswd. There is no
gpasswd on the server, and I think it never was.

For this reason, test2 also couldn’t have gpasswd. I was surprised because it
did the following:

root at test2 ~ # /usr/local/bin/google_accounts_daemon-2.7
(['pw', 'groupmod', 'google-sudoers', '-m', 'mage'],)

For some reason, test2 didn’t try to execute gpasswd (Linux) but the pw
command, as it should on FreeBSD.

Another difference is that test2 executed the command only once, right after I
started the daemon. It never tried it again. test1 tried to do it in every
minute but with a different command.

I added myself to that group on test1.

pw usermod mage -G google-sudoers

It did not help. The daemon was trying to add me, with the wrong command.

Now more or less the only difference between the two servers is the FreeBSD
version.

FreeBSD test1 11.2-RELEASE-p9 FreeBSD 11.2-RELEASE-p9 #0: Tue Feb  5 15:30:36
UTC 2019     root at amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC 
amd64

FreeBSD test2 11.2-RELEASE-p8 FreeBSD 11.2-RELEASE-p8 #0: Tue Jan  8 21:35:12
UTC 2019     root at amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC 
amd64

I’m not sure this causes them to run different commands for adding me to the
group. I will run freebsd-update on both, and see what happens.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

More information about the freebsd-python mailing list