Auroraboot should have a test to check that the artifacts install correctly

[jimmykarily]

otherwise, bugs like this one go unnoticed: kairos-io/AuroraBoot#129

[VinayVamsi143]

I encountered an error while using the latest version of the Aurora Boot Tool (v0.4.0). With the earlier version, I was able to successfully generate an ISO, but it had an issue with the / directory permissions.

Screenshot attached with log error details

Docker file used to build a custom image

OS image:(Dockerfile)

FROM opensuse:leap-15.6-core-amd64-generic-master
#Disable the "utilities" repository to avoid conflicts
RUN zypper modifyrepo --disable utilities

#Refresh repositories and install required dependencies
RUN zypper refresh
&& zypper install -y
docker
cloud-init

custom image: used in Aurora boot tool

kairos-custom:v0.1 is built from above Dockerfile it includes custom packages installation

Auroraboot tool version used:

docker run -v $PWD/cloud_init.yaml:/cloud_init.yaml
-v $PWD/build:/tmp/auroraboot
-v /var/run/docker.sock:/var/run/docker.sock
--rm -ti auroraboot:v0.4.0
--set container_image=docker://kairos-custom:v0.1
--set "disable_http_server=true"
--set "disable_netboot=true"
--cloud-config /cloud_init.yaml
--set "state_dir=/tmp/auroraboot"

Issue log attached after running aurora boot tool docker command

After using root permission issue fixed version of aurora boot tool i was getting above attached error as it says "
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1338) [sender=3.3.0]

2024-12-05T06:19:40Z ERR Failed installing OS packages: exit status 23
2024-12-05T06:19:41Z ERR Failed generating iso 'kairos' from '/tmp/auroraboot/temp-rootfs'. Error: 1 error occurred:
* exit status 23

1 error occurred:
* exit status 23 "

[jimmykarily]

This works for me:

#!/bin/bash

IMAGE=quay.io/kairos/fedora:40-standard-amd64-generic-v3.2.3-k3sv1.30.5-k3s1

docker run \
  -v $PWD/cloud_init.yaml:/cloud_init.yaml \
  -v $PWD/build:/tmp/auroraboot \
  -v /var/run/docker.sock:/var/run/docker.sock \
  --rm -ti quay.io/kairos/auroraboot:v0.4.0 \
  --set container_image=docker://${IMAGE} \
  --set "disable_http_server=true" \
  --set "disable_netboot=true" \
  --set "state_dir=/tmp/auroraboot"

Could it be something with the permissions of the directory you are running it in? (whatever $PWD is)

[VinayVamsi143]

Permissions are looks good, working dir has 755 permissions where i am running aurora boot tool

Check uploaded image, earlier with previous tool it was working fine, post updated to 0.4.0 version i was facing this issue

[jimmykarily]

Might be selinux related: https://unix.stackexchange.com/questions/648118/rsync-xal-set-lremovexattr-my-path-file-zpxuj1-security-selinux-failed-p

If selinux enabled on the host?

[VinayVamsi143]

[root@inblrcoreload21474 working_dir]# sestatus
SELinux status: disabled
[root@inblrcoreload21474 working_dir]#

Seems to be it is disabled, what is next step?

[jimmykarily]

could it be selinux on the Kairos container image? Can you try with my script above? (uses a released non-custom Kairos image)

[VinayVamsi143]

tried with your command you provided, it is same issue as above

Please check

[jimmykarily]

Reading here, maybe it has to do with the host OS kernel or the filesystem of the host. Can you post the output of:

uname -a

cat /etc/os-release

and

 blkid -o list

(on the host system)

[VinayVamsi143]

[jimmykarily]

I don't think it's the directory permissions fix

It's more likely because of the switch to fedora as a base image

Maybe the tools in this (rather new) fedora don't play nice with such an old kernel? (3.10.0 ?)

[jimmykarily]

 When no security module is loaded, all processes have read access
       to extended security attributes, and write access is limited to
       processes that have the CAP_SYS_ADMIN capability.

(from here)

can you try to run the docker command with --privileged ?

[VinayVamsi143]

I have embedded privileged tag into the docker run, seems to be created an iso , will check and let you know the permission issue exist or not for "/" dir