frontend does not load after update (403 on main.js)

[bjoern-r]

Description
Something is wrong with the deployment of the sunstone directory rights. After an initial deployment everything works, however after the installation of updates (apt upgrade) on the frontend the sunstone gui does not load after login. In the network -console of chrome i do see that main.js cannot be loaded because of an 403 error.
the apache error.log shows the following error:

[core:error] [pid 962:tid 139710705915456] [client 10.147.78.61:60188] AH00037: Symbolic link not allowed or link target not accessible: /usr/lib/one/sunstone/public/dist/main.js,

and file rights of the two mentiond files are:

lrwxrwxrwx 1 root     root          29 Apr 21 16:35 /usr/lib/one/sunstone/public/dist/main.js -> /var/lib/one/sunstone/main.js
-rw-r--r-- 1 oneadmin oneadmin 7878794 Apr 22 13:57 /var/lib/one/sunstone/main.js

Last time i happen to have this issue i just redeployed with one-deploy but this time i tried to fix the issue without reinstallation.

To Reproduce

• deploy fronted and some nodes with ansible.
• Wait for a opennebula update and install the update with apt upgrade

Expected behavior
frontend shoud still work after an upgrade

Details

• Ansible version:

ansible-playbook [core 2.16.3]
 config file = /home/bjoern/Projects/6G-sandbox/src/one-deploy/ansible.cfg
 configured module search path = ['/home/bjoern/Projects/6G-sandbox/src/one-deploy/vendor/ceph-ansible/library']
 ansible python module location = /usr/lib/python3/dist-packages/ansible
 ansible collection location = /home/bjoern/Projects/6G-sandbox/src/one-deploy/ansible_collections
 executable location = /usr/bin/ansible-playbook
 python version = 3.12.3 (main, Apr 10 2024, 05:33:47) [GCC 13.2.0] (/usr/bin/python3)
 jinja version = 3.1.2
 libyaml = True

• Linux OS distro in your cluster: Ubuntu 22.04.4 LTS
• Version: 5f9939d ("M #-: Fix typo in federation-master.yml example (#39)", 2024-03-05)

Additional context
after running the following snipped it worked again:

chgrp oneadmin /etc/one/sunstone-server.conf
chgrp oneadmin /etc/one/sunstone-plugins.yaml
chgrp oneadmin /var/lib/one/.one/sunstone_auth
chmod a+x /var/lib/one
chmod a+x /var/lib/one/.one
chmod a+x /var/lib/one/sunstone
chgrp oneadmin /var/log/one/sunstone*
chmod g+w /var/log/one/sunstone*

Progress Status

• Code committed
• Testing - QA
• Documentation (Release notes - resolved issues, compatibility, known issues)

[sk4zuzu]

Hi @bjoern-r

The ansible code doesn't currently handle upgrades, what it tries to do is to deploy fresh OpenNebula environments in minimal number of steps. I believe this is not the correct place to report this problem, that's because we currently cannot do anything about it in ansible scripts. If the manually executed command apt upgrade breaks filesystem permissions then the problem is in the DEB package itself. 🤔

[bjoern-r]

Hi @sk4zuzu
Thanks for clarifying.

[bjoern-r]

are there any plans to make this playbooks idempotent so it does not break on a second execution?

[sk4zuzu]

I believe so, but only when we implement upgrades. For the time being we'll try to reproduce your issue and take a look at the DEB package itself. 🤔