Bug #9805

Puppet master generates lots of invalid context messages

Added by Lukas Zapletal over 2 years ago. Updated 3 months ago.

Status:Closed
Priority:Normal
Assigned To:Lukas Zapletal
Category:General Foreman
Target version:-
Difficulty: Bugzilla link:1202924
Found in release: Pull request:https://github.com/theforeman/foreman-selinux/pull/67
Story points-
Velocity based estimate-
Release1.15.4Release relationshipAuto

Description

During installation on RHEL7 I see this failure once, then catalog is compiled successfully:

Mar 13 10:11:07 fseven puppet-master[20182]: Failed to find fseven.zzz.lan via exec: Execution of '/etc/puppet/node.rb fseven.zzz.lan' returned 1:

Looks like this is harmless, but we should investigate why this happens and if we can prevent this.

Associated revisions

Revision 31ebc8e7
Added by Lukas Zapletal 3 months ago

Fixes #9805 - fixed file_contexts: invalid context (#67)

History

#1 Updated by Lukas Zapletal over 2 years ago

  • Bugzilla link set to 1202924

#2 Updated by Dominic Cleal over 2 years ago

Please provide logs?

#3 Updated by Dominic Cleal over 2 years ago

  • Category deleted (foreman-installer script)
  • Status changed from New to Need more information

#4 Updated by Bryan Kearney about 1 year ago

  • Status changed from Need more information to New

From downstream:

vrempet@li-lc-1017 ~
$ grep -c /etc/selinux/targeted/contexts/files/file_contexts /var/log/messages
512

vrempet@li-lc-1017 ~
$ grep /etc/selinux/targeted/contexts/files/file_contexts /var/log/messages | tail -n 5
Oct 5 12:45:11 li-lc-1017 puppet-master9026: /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:puppet_etc_t:s0
Oct 5 12:45:38 li-lc-1017 puppet-master9046: /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:puppet_etc_t:s0
Oct 5 12:45:38 li-lc-1017 puppet-master9046: /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:puppet_etc_t:s0
Oct 5 12:45:38 li-lc-1017 puppet-master9046: /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:puppet_etc_t:s0
Oct 5 12:45:38 li-lc-1017 puppet-master9046: /etc/selinux/targeted/contexts/files/file_contexts: invalid context system_u:object_r:puppet_etc_t:s0

vrempet@li-lc-1017 ~
$ uptime
12:55:58 up 13 min, 1 user, load average: 0.01, 0.51, 0.65

#5 Updated by Dominic Cleal about 1 year ago

  • Status changed from New to Need more information

Does the execution of node.rb outside of the puppet-master process work or fail? If it fails, please provide the Foreman logs.

Are there any AVC denials? I'm unsure that those log messages are relevant or show anything relating to the issue description.

The logs don't appear to come from the same host, are these definitely demonstrating the same underlying bug?

#6 Updated by Lukas Zapletal 9 months ago

  • Project changed from Installer to SELinux
  • Subject changed from Initial ENC run fails to Puppet master generates lots of invalid context messages
  • Category set to General Foreman
  • Status changed from Need more information to Assigned
  • Assigned To set to Lukas Zapletal

We have been able to track the issue down with help of SELinux team. It's a long story, I will provide patch soon. For more details see:

https://bugzilla.redhat.com/show_bug.cgi?id=1202924

#7 Updated by The Foreman Bot 7 months ago

  • Status changed from Assigned to Ready For Testing
  • Pull request https://github.com/theforeman/foreman-selinux/pull/67 added

#8 Updated by Daniel Lobato Garcia 3 months ago

  • Release set to 1.15.4

#9 Updated by Lukas Zapletal 3 months ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF