Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 325851

Summary: Patch kernel on build.eclipse.org to bypass NFS >16 group limit for signing directory
Product: Community Reporter: Paul Webster <pwebster>
Component: ServersAssignee: Eclipse Webmaster <webmaster>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: P3 CC: kim.moir
Version: unspecified   
Target Milestone: ---   
Hardware: PC   
OS: Linux   
Whiteboard:

Description Paul Webster CLA 2010-09-21 09:42:05 EDT 
The e4 build breaks on signing.

uid=55010(e4Build) gid=100(users) groups=16(dialout),33(video),100(users)
issues the scp command.

e4Build@build:/shared/eclipse/e4/build/e4/downloads/drops/4.0.0/I20100921-0847/packtmp> scp eclipse-master-20100921-0847.zip pwebster@build.eclipse.org:/home/data/httpd/download-staging.priv/eclipse/e4
scp: /home/data/httpd/download-staging.priv/eclipse/e4/eclipse-master-20100921-0847.zip: Permission denied

If I ssh to build.eclipse.org as pwebster (who includes group 8690(eclipse.e4)) I cannot write to that e4 directory:

pwebster@build:/home/data/httpd/download-staging.priv/eclipse/e4> ls -ld .
drwxrwsr-x+ 10 e4Build eclipse.e4 416 2010-09-17 12:56 .
pwebster@build:/home/data/httpd/download-staging.priv/eclipse/e4> touch tmp.txt
touch: cannot touch `tmp.txt': Permission denied

PW
Comment 1 Denis Roy CLA 2010-09-21 10:20:10 EDT 
I don't have any problems as e4Build:

e4Build@build:/home/data/httpd/download-staging.priv/eclipse/e4> ls -l
total 30226
drwxrwsr-x+ 2 pwebster eclipse.e4       48 2010-08-06 04:05 20100721-0950-out
drwxrwsr-x+ 3 genie    eclipse.e4      104 2010-07-22 09:26 20100722-0909-out
drwxrwsr-x+ 2 pwebster eclipse.e4       48 2010-08-07 04:17 20100722-0955-out
drwxrwsr-x+ 3 pwebster eclipse.e4      160 2010-09-17 12:57 20100917-1230-out
-rw-rw-rw-+ 1 pwebster eclipse.e4 30917342 2010-09-17 12:56 eclipse-master-20100917-1230.zip
drwxrwsr-x+ 2 pwebster eclipse.e4       48 2010-08-04 03:53 I20100715-1054-out
drwxrwsr-x+ 2 pwebster eclipse.e4       48 2010-08-05 04:09 I20100719-1400-out
drwxrwsr-x+ 3 genie    eclipse.e4      104 2010-07-27 11:33 I20100726-2152-out
drwxrwsr-x+ 2 pwebster eclipse.e4       48 2010-08-03 21:49 I20100803-1905-out
e4Build@build:/home/data/httpd/download-staging.priv/eclipse/e4> touch t
e4Build@build:/home/data/httpd/download-staging.priv/eclipse/e4> rm t


As for pwebster, this is the >16 groups over NFS biting us.  That location (download-staging.priv) used to be a local disk array on the build server, which was exported via NFS to allow Hudson to access it.  Since we don't want further build outages to affect Hudson, the mount was moved to our primary NFS servers.

Looks like I'll have to patch the kernel on the new build server as well.

But can you confirm that e4Build cannot write there?  The e4 directory is owned by e4Build.
Comment 2 Paul Webster CLA 2010-09-21 10:35:05 EDT 
e4Build can write to that directory, just not pwebster.  But pwebster is our 8303(signers) userid.

PW
Comment 3 Denis Roy CLA 2010-09-21 10:46:59 EDT 
Gotcha.  I've set up an ACL for pwebster.  Give it a try.
Comment 4 Paul Webster CLA 2010-09-21 10:50:24 EDT 
(In reply to comment #3)
> Gotcha.  I've set up an ACL for pwebster.  Give it a try.

Great, that works.

Thanx,
PW
Comment 5 Denis Roy CLA 2010-09-21 10:58:58 EDT 
Updated summary.
Comment 6 Denis Roy CLA 2011-08-12 14:23:12 EDT 
Let's just use ACLs for the exceptions.  The fewer patched kernels I need to maintain, the better.