Ensure that home directories have the right owner at startup. (#2067)

ojarjur · web-flow · commit 9b9309862369 · 2018-08-23T15:36:01.000-07:00
Apparently, Container Optimized OS stores the users database in a temp filesystem, causing it to get lost and recreated every time an instance is restarted. Among the many important things recorded in that database is the mapping from user names (e.g. `datalab`) to user numeric IDs (e.g. `2000`). By recreating the users database on every restart, that mapping can change seemingly randomly. For instance, the `datalab` user can have an ID of `2000` on one boot, with the `logger` user having an ID of `2001`, and after rebooting the instance those numbers could be reversed: `datalab` having a user ID of `2001` and `logger` having a user ID of `2000`. Since file ownership is defined in terms of user ID, this means that the owner of files under each home directory can change randomly every time an instance is rebooted. That, in turn, causes `datalab connect` calls to fail, as the SSH tunnel cannot be created if the `datalab` user cannot log in. This change fixes that problem by making the file ownership of the `/home/datalab` and `/home/logger` directories stable. That is done by attempting to assign those two users consistent UIDs, and then forcing the file ownership to match the corresponding users even if the UID has changed. Changing the startup script in the `create.py` file is sufficient to do this for both regular and gpu-enabled instances, as GPU instances no longer have their own startup-script extensions. This change also removes the structure that was previously used for startup-script extensions in order to make clear the fact that they are no longer used. This fixes #2014
diff --git a/tools/cli/commands/create.py b/tools/cli/commands/create.py
@@ -59,11 +59,20 @@
 
 _DATALAB_NOTEBOOKS_REPOSITORY = 'datalab-notebooks'
 
-_DATALAB_BASE_STARTUP_SCRIPT = """#!/bin/bash
+_DATALAB_STARTUP_SCRIPT = """#!/bin/bash
 
-# First, make sure the `datalab` user exists with their
-# home directory setup correctly.
-useradd datalab
+# First, make sure the `datalab` and `logger` users exist with their
+# home directories setup correctly.
+useradd datalab -u 2000 || useradd datalab
+useradd logger -u 2001 || useradd logger
+
+# In case the instance has started before, the `/home/datalab` directory
+# may already exist, but with the incorrect user ID (since `/etc/passwd`
+# is saved in a tmpfs and changes after restarts). To account for that,
+# we should force the file ownership under `/home/datalab` to match
+# the current UID for the `datalab` user.
+chown -R datalab /home/datalab
+chown -R logger /home/logger
 
 PERSISTENT_DISK_DEV="/dev/disk/by-id/google-datalab-pd"
 MOUNT_DIR="/mnt/disks/datalab-pd"
@@ -214,9 +223,6 @@
   find "${{tmpdir}}/" -mindepth 1 -delete
 }}
 
-"""
-
-_DATALAB_STARTUP_SCRIPT = _DATALAB_BASE_STARTUP_SCRIPT + """
 download_docker_image
 mount_and_prepare_disk
 configure_swap
