disk_check: Check & mount RO as RW using tmpfs #1569

renukamanavalan · 2021-04-19T22:08:35Z

What I did

There is a bug that occasionally turn root-overlay as RO. This makes /etc & /home as RO. This blocks any new remote user login, as that needs to write into /etc & /home.

This tool scans /etc & /home (or given dirs) as in RW or RO state. If RO, it could create a writable overlay using tmpfs.
This is transient and stays until next reboot. Any write after the overlay will be lost upon reboot.

But this allows new remote users login.

How I did it

Create upper & work dirs in /run/mount (tmpfs). Mount /etc & /home as lowerdirs and use the same name for final merge. This allows anyone opening a file in /etc or /home to operate on the merged overlay, transparently.

How to verify it

Mount any dir on tmpfs ( mount -t tmpfs tmpfs test_dir)
remount as RO (mount -o remount,ro test_dir)
Pass that dir to this script. (disk_check.py -d ./test_dir)
Now it should be RW

Previous command output (if the output of a command-line utility has changed)

New command output (if the output of a command-line utility has changed)

If RO, create a writable overlay using tmpfs. This allows new remote TACACS users login, by ensuring /etc & /home are writable.

renukamanavalan · 2021-04-19T22:43:57Z

Fixing unit test failure.

lguohan · 2021-04-21T14:56:17Z

@qiluo-msft, can you review?

scripts/disk_check.py

setup.py

scripts/disk_check.py

qiluo-msft

As comments

No logical code changes.

print to stderr & mock log function. No logical code changes.

renukamanavalan · 2021-04-26T18:40:36Z

/azp run

azure-pipelines · 2021-04-26T18:40:46Z

Azure Pipelines successfully started running 1 pipeline(s).

What I did There is a bug that occasionally turn root-overlay as RO. This makes /etc & /home as RO. This blocks any new remote user login, as that needs to write into /etc & /home. This tool scans /etc & /home (or given dirs) as in RW or RO state. If RO, it could create a writable overlay using tmpfs. This is transient and stays until next reboot. Any write after the overlay will be lost upon reboot. But this allows new remote users login. How I did it Create upper & work dirs in /run/mount (tmpfs). Mount /etc & /home as lowerdirs and use the same name for final merge. This allows anyone opening a file in /etc or /home to operate on the merged overlay, transparently. How to verify it Mount any dir on tmpfs ( mount -t tmpfs tmpfs test_dir) remount as RO (mount -o remount,ro test_dir) Pass that dir to this script. (disk_check.py -d ./test_dir) Now it should be RW

abdosi · 2021-05-31T14:59:57Z

@renukamanavalan please create PR for 201911 as difference in python2 vs python3. Cherry-pick is not recommended here.

What I did There is a bug that occasionally turn root-overlay as RO. This makes /etc & /home as RO. This blocks any new remote user login, as that needs to write into /etc & /home. This tool scans /etc & /home (or given dirs) as in RW or RO state. If RO, it could create a writable overlay using tmpfs. This is transient and stays until next reboot. Any write after the overlay will be lost upon reboot. But this allows new remote users login. How I did it Create upper & work dirs in /run/mount (tmpfs). Mount /etc & /home as lowerdirs and use the same name for final merge. This allows anyone opening a file in /etc or /home to operate on the merged overlay, transparently. How to verify it Mount any dir on tmpfs ( mount -t tmpfs tmpfs test_dir) remount as RO (mount -o remount,ro test_dir) Pass that dir to this script. (disk_check.py -d ./test_dir) Now it should be RW

This reverts commit 9dba93f.

What I did There is a bug that occasionally turn root-overlay as RO. This makes /etc & /home as RO. This blocks any new remote user login, as that needs to write into /etc & /home. This tool scans /etc & /home (or given dirs) as in RW or RO state. If RO, it could create a writable overlay using tmpfs. This is transient and stays until next reboot. Any write after the overlay will be lost upon reboot. But this allows new remote users login. How I did it Create upper & work dirs in /run/mount (tmpfs). Mount /etc & /home as lowerdirs and use the same name for final merge. This allows anyone opening a file in /etc or /home to operate on the merged overlay, transparently. How to verify it Mount any dir on tmpfs ( mount -t tmpfs tmpfs test_dir) remount as RO (mount -o remount,ro test_dir) Pass that dir to this script. (disk_check.py -d ./test_dir) Now it should be RW

…ly (#1873) * disk_check: Check & mount RO as RW using tmpfs (#1569) What I did There is a bug that occasionally turn root-overlay as RO. This makes /etc & /home as RO. This blocks any new remote user login, as that needs to write into /etc & /home. This tool scans /etc & /home (or given dirs) as in RW or RO state. If RO, it could create a writable overlay using tmpfs. This is transient and stays until next reboot. Any write after the overlay will be lost upon reboot. But this allows new remote users login. How I did it Create upper & work dirs in /run/mount (tmpfs). Mount /etc & /home as lowerdirs and use the same name for final merge. This allows anyone opening a file in /etc or /home to operate on the merged overlay, transparently. How to verify it Mount any dir on tmpfs ( mount -t tmpfs tmpfs test_dir) remount as RO (mount -o remount,ro test_dir) Pass that dir to this script. (disk_check.py -d ./test_dir) Now it should be RW * disk_check updates: (#1736) 1) Set default loglevel to SYSLOG_ERR 2) Make log level configurable via args * disk_check: Script updated to run good in 201811 & 201911 (#1747) What I did Have independent subdirs for each mounted dir to avoid any collisions of files/dirs by same name. Adopt for older version of python3 How I did it Changes: Individual subdirs for each dir to be mounted subprocess args made compatible with older version of python3 (tested in version 3.5.3) How to verify it Simulate read-only state Run this script Test ssh via new tacacs user (who had not logged in earlier)

* disk_check: Check & mount RO as RW using tmpfs (#1569) What I did There is a bug that occasionally turn root-overlay as RO. This makes /etc & /home as RO. This blocks any new remote user login, as that needs to write into /etc & /home. This tool scans /etc & /home (or given dirs) as in RW or RO state. If RO, it could create a writable overlay using tmpfs. This is transient and stays until next reboot. Any write after the overlay will be lost upon reboot. But this allows new remote users login. How I did it Create upper & work dirs in /run/mount (tmpfs). Mount /etc & /home as lowerdirs and use the same name for final merge. This allows anyone opening a file in /etc or /home to operate on the merged overlay, transparently. How to verify it Mount any dir on tmpfs ( mount -t tmpfs tmpfs test_dir) remount as RO (mount -o remount,ro test_dir) Pass that dir to this script. (disk_check.py -d ./test_dir) Now it should be RW

Check /etc & /home or given dirs' state as RW or RO.

b75ac36

If RO, create a writable overlay using tmpfs. This allows new remote TACACS users login, by ensuring /etc & /home are writable.

renukamanavalan added Enhancement Request for 201911 Branch Request for 202012 Branch labels Apr 19, 2021

renukamanavalan requested review from lguohan, jleveque and qiluo-msft April 19, 2021 22:08

renukamanavalan self-assigned this Apr 19, 2021

renukamanavalan mentioned this pull request Apr 19, 2021

Invoke disk check periodically. sonic-net/sonic-buildimage#7374

Merged

4 tasks

Scope the sys.argv update.

f324b86