Bug #30962
closed
dhcpd.conf file-ACLs are reset
Description
Using the foreman-installer-2.1.3 for a fresh install, I experienced a problem, when configuring DHCP-parameters.
The foreman-installer run failed because of 502 from the foreman-proxy.
The proxy did not respond, because of the following error message in /var/log/foreman-proxy/proxy.log:
[E] Disabling all modules in the group ['dhcp_isc', 'dhcp'] due to a failure in one of them: File at '/etc/dhcp/dhcpd.conf' defined in 'config' parameter doesn't exist or is unreadable
The reason seems to be the fix for #30489.
In our case, the file ACL was correctly set by puppet-foreman_proxy-module, but before the puppet-dhcp-moudle actually configured the /etc/dhcp/dhcpd.conf.
The latter puppet-module also seems to do a chmod on the config file, which wipes the file-ACL.
Thus, resulting in dhcpd.conf not being readable for the foreman-proxy.
Even though I did not have this problem provisioning a centos7-katello-3.16 box with forklift, I reckon this might affect others as well.
Environment:
CentOS 7.8.2003
puppetserver-6.13.0-1.el7.noarch
puppet-agent-6.18.0-1.el7.x86_64
Updated by The Foreman Bot over 3 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/puppet-foreman_proxy/pull/620 added
Updated by Tomer Brisker over 3 years ago
- Has duplicate Bug #30973: Fix for CVE-2020-14335 cause breakage on 2.1.3 added
Updated by Bernhard Suttner over 3 years ago
My thought on this issue is, that it breaks a lot of installations and would justify a 2.1.3.1 release ASAP.
Updated by The Foreman Bot over 3 years ago
- Assignee set to Ewoud Kohl van Wijngaarden
- Pull request https://github.com/theforeman/puppet-foreman_proxy/pull/622 added
Updated by Tomer Brisker over 3 years ago
- Status changed from Ready For Testing to Closed