[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [atomic-devel] Enabling motd feature

From: Ratnadeep Debnath <rtnpro gmail com>
To: Colin Walters <walters verbum org>
Cc: atomic-devel projectatomic io
Subject: Re: [atomic-devel] Enabling motd feature
Date: Tue, 19 Apr 2016 22:42:42 +0530

On Thu, Apr 7, 2016 at 9:24 PM, Ratnadeep Debnath <rtnpro gmail com> wrote:
> Hi,
>
> On Thu, Apr 7, 2016 at 12:13 AM, Colin Walters <walters verbum org> wrote:
>> That said I have some detailed and high level concerns.
>>
>> The detailed concerns are a security issue and a buglet:
>> https://github.com/rtnpro/fedora-motd/issues?utf8=%E2%9C%93&q=is%3Aissue+author%3Acgwalters+
> Thanks for reporting the above issues. I will fix them ASAP and
> release an updated for fedora-motd.
>
>> The high level concern is having this functionality live
>> outside of the update system and the login system
>> is rather awkward.  I really don't like calling into rpm-ostreed from
>> inside every PAM login.
>>
>> Among other reasons, the first ssh login might e.g. be ansible
>> trying to configure the host, and having rpm-ostreed be spun
>> up for that when the administrator might actually want to do
>> something else is problematic - the check-updates will
>> block whatever action they want to take (e.g. rpm-ostree rebase).
>>
>> The way it hooks into dnf is a bit better from this perspective.  But
>> since rpm-ostree is already a daemon, it might be simplest to
>> have it just write out the required data in /run/rpm-ostree/bash-check-updates
>> only after the administrator requests an update once or so?
>
> Neither rpm-ostree nor dnf is called on every login. I was aware of
> the blocking nature and high
> CPU usage (for dnf updateinfo).
>
> /usr/bin/motdgen is called on each PAM login via sshd. It does nothing
> more than going
> through the files in /etc/motdgen.d and running them. The file
> /etc/motdgen.d/02-updateinfo.sh
> does nothing but cat the content of /var/run/updateinfo.txt if
> available. Neither dnf nor rpmostree
> is accessed. The content of /var/run/updateinfo.txt is updated by running
> /usr/bin/motdgen-cache-updateinfo in the background at periodic
> intervals (currently once a day)
> or on dnf transaction triggers (no trigger for rpm-ostree yet) in a
> decoupled way.
>
> So, the current implementation does not slow down or block the login
> process in any way.
>
> Is this implementation OK? Let us know if we can improve it.

I pushed a new release 0.1.2 for fedora-motd and submitted the update
to bodhi at [1]. The rpm is available at [2]. This update contains:

- Fix detecting rpm-ostree based system
- Don't use predicatable name in /tmp
- Cache updateinfo in background on first login post fedora-motd installation
- Don't wait for background jobs to complete in motdgen scripts


[1]: https://bodhi.fedoraproject.org/updates/FEDORA-2016-fa9e77c232
[2]: https://kojipkgs.fedoraproject.org//packages/fedora-motd/0.1.2/1.fc23/noarch/fedora-motd-0.1.2-1.fc23.noarch.rpm

Please give it a try and let us know your feedback.

Thanks,
rtnpro
-- 
Ratnadeep Debnath,
https://www.waartaa.com
GPG Fingerprint: 033C 8041 A0E9 CDBA 2E02  B785 2119 5486 F245 DFD6

Follow-Ups:
- Re: [atomic-devel] Enabling motd feature
  - From: Fabian Deutsch

References:
- [atomic-devel] Enabling motd feature
  - From: Kushal Das
- Re: [atomic-devel] Enabling motd feature
  - From: Colin Walters
- Re: [atomic-devel] Enabling motd feature
  - From: Ratnadeep Debnath

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]