Project

General

Profile

Actions

Bug #30962

closed

dhcpd.conf file-ACLs are reset

Added by Markus Bucher about 3 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
High
Category:
Foreman modules
Target version:
Fixed in Releases:
Found in Releases:

Description

Using the foreman-installer-2.1.3 for a fresh install, I experienced a problem, when configuring DHCP-parameters.

The foreman-installer run failed because of 502 from the foreman-proxy.

The proxy did not respond, because of the following error message in /var/log/foreman-proxy/proxy.log:

[E] Disabling all modules in the group ['dhcp_isc', 'dhcp'] due to a failure in one of them: File at '/etc/dhcp/dhcpd.conf' defined in 'config' parameter doesn't exist or is unreadable

The reason seems to be the fix for #30489.
In our case, the file ACL was correctly set by puppet-foreman_proxy-module, but before the puppet-dhcp-moudle actually configured the /etc/dhcp/dhcpd.conf.
The latter puppet-module also seems to do a chmod on the config file, which wipes the file-ACL.
Thus, resulting in dhcpd.conf not being readable for the foreman-proxy.

Even though I did not have this problem provisioning a centos7-katello-3.16 box with forklift, I reckon this might affect others as well.

Environment:
CentOS 7.8.2003
puppetserver-6.13.0-1.el7.noarch
puppet-agent-6.18.0-1.el7.x86_64


Related issues 1 (0 open1 closed)

Has duplicate Installer - Bug #30973: Fix for CVE-2020-14335 cause breakage on 2.1.3DuplicateActions
Actions #1

Updated by The Foreman Bot about 3 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/puppet-foreman_proxy/pull/620 added
Actions #2

Updated by Tomer Brisker about 3 years ago

  • Has duplicate Bug #30973: Fix for CVE-2020-14335 cause breakage on 2.1.3 added
Actions #3

Updated by Tomer Brisker about 3 years ago

  • Target version set to 2.1.4
Actions #4

Updated by Bernhard Suttner about 3 years ago

My thought on this issue is, that it breaks a lot of installations and would justify a 2.1.3.1 release ASAP.

Actions #5

Updated by The Foreman Bot about 3 years ago

  • Assignee set to Ewoud Kohl van Wijngaarden
  • Pull request https://github.com/theforeman/puppet-foreman_proxy/pull/622 added
Actions #6

Updated by Tomer Brisker about 3 years ago

  • Fixed in Releases 2.1.4 added
Actions #7

Updated by Tomer Brisker about 3 years ago

  • Status changed from Ready For Testing to Closed
Actions #8

Updated by Tomer Brisker about 3 years ago

  • Category set to Foreman modules
Actions

Also available in: Atom PDF