Project

General

Profile

Actions

Bug #23482

open

puppetrun ssh provider does not work without sudo because foreman-proxy user does not have SHELL environment variable

Added by Anonymous almost 6 years ago. Updated almost 6 years ago.

Status:
New
Priority:
Low
Assignee:
-
Category:
Puppet integration
Target version:
-
Difficulty:
easy
Triaged:
Fixed in Releases:
Found in Releases:

Description

When using puppetrun SSH provider without sudo, the foreman-proxy user run directy "ssh" command. This command fails because no SHELL variable is defined for this user. The default install defines this user with /bin/false.

Without the variable, ssh client fails without trying to connect to server :

[root@foremandev foreman-proxy]# sudo -u foreman-proxy ssh -i /usr/share/foreman-proxy/.ssh/id_rsa_foreman_proxy bot.foreman@10.10.20.10 -vvvv
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 62: Applying options for *
debug1: Executing proxy command: exec /usr/bin/sss_ssh_knownhostsproxy -p 22 10.10.20.10
debug1: permanently_drop_suid: 996
debug1: identity file /usr/share/foreman-proxy/.ssh/id_rsa_foreman_proxy type 1
debug1: key_load_public: No such file or directory
debug1: identity file /usr/share/foreman-proxy/.ssh/id_rsa_foreman_proxy-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
ssh_exchange_identification: Connection closed by remote host

Trying with sudo -u foreman-proxy SHELL=/bin/bash ssh -i .................. works without problem.

I dont know what is the "best" fix for this, but as a temporary workaround, I added a SHELL environment variable in the systemd env file for foreman-proxy service :

[root@foremandev foreman-proxy]# cat /etc/sysconfig/foreman-proxy 
SHELL=/bin/bash

By the way, should the "--no-daemonize" be added to the default puppet run command set up by the installer, since usually puppet agent is run as a daemon ? (and prevent running another puppet agent with the pid file)


Related issues 1 (0 open1 closed)

Related to foreman-tasks - Bug #23561: add EnvironmentFile in dynflow core serviceClosed05/10/2018Actions
Actions #1

Updated by Anonymous almost 6 years ago

I forgot to mention that it s on up to date CentOS 7 server.

Actions #2

Updated by Anonymous almost 6 years ago

dynflow core has the same problem, but it doesn t have EnvironmentFile, I created a PR, as EnvironmentFile can be useful for other things.
Though, using EnvironmentFile is maybe not the best way to fix the ssh execution.

Actions #3

Updated by Anonymous almost 6 years ago

  • Related to Bug #23561: add EnvironmentFile in dynflow core service added
Actions

Also available in: Atom PDF