Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-151493

Keylime-verifier not shutdown gracefully on ppc64le

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-9.8
    • keylime
    • None
    • None
    • None
    • rhel-security-special-projects
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • ppc64le
    • None

      What were you trying to do that didn't work?

      When it's setup non default tpm algorithm as ecc384-ecdsa or ecc521-ecdsa. Shutdown of keylime-verifier not end gracefully.

      What is the impact of this issue to you?

      Keylime-verifier errored during shutdown

      Please provide the package NVR for which the bug is seen:

      keylime-selinux-7.12.1-15.el9.noarch
      keylime-base-7.12.1-15.el9.ppc64le
      keylime-agent-rust-0.2.2-5.el9.ppc64le
      python3-keylime-7.12.1-15.el9.ppc64le
      keylime-registrar-7.12.1-15.el9.ppc64le
      keylime-tenant-7.12.1-15.el9.ppc64le
      keylime-verifier-7.12.1-15.el9.ppc64le
      keylime-7.12.1-15.el9.ppc64le

      How reproducible is this bug?:

      Always

      Steps to reproduce

      1. reserve rhel-9.8 ppc64le machine
      2. git clone -b  pk_gracefully_shutdown https://github.com/RedHat-SP-Security/keylime-tests.git 
      3. tmt --context distro=RHEL-9.8 run -vvv prepare provision -h connect --guest IP_MACHINE -u root discover plan -n distribution-c9s-keylime-tests-github-ci execute --how tmt --interactive login finish -vvv

      Expected results

      Keylime-verifier will gracefully shutdown.

      Actual results

       

      Feb 23 14:44:01 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com keylime_verifier[39556]: Traceback (most recent call last): Feb 23 14:44:01 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com keylime_verifier[39556]: File "/usr/lib/python3.9/site-packages/keylime/cloud_verifier_tornado.py", line 1859, in process_agent Feb 23 14:44:01 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com keylime_verifier[39556]: runtime_policy = verifier_read_policy_from_cache(stored_agent) Feb 23 14:44:01 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com keylime_verifier[39556]: File "/usr/lib/python3.9/site-packages/keylime/cloud_verifier_tornado.py", line 149, in verifier_read_policy_from_cache Feb 23 14:44:01 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com keylime_verifier[39556]: shared_data.initialize_agent_policy_cache(agent_id) Feb 23 14:44:01 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com keylime_verifier[39556]: File "/usr/lib/python3.9/site-packages/keylime/shared_data.py", line 476, in initialize_agent_policy_cache Feb 23 14:44:01 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com keylime_verifier[39556]: policy_cache = manager.get_or_create_dict("policy_cache") Feb 23 14:44:01 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com keylime_verifier[39556]: File "/usr/lib/python3.9/site-packages/keylime/shared_data.py", line 200, in get_or_create_dict Feb 23 14:44:01 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com keylime_verifier[39556]: if namespace_key not in self._store: Feb 23 14:44:01 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com keylime_verifier[39556]: File "<string>", line 2, in __contains__ Feb 23 14:44:01 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com keylime_verifier[39556]: File "/usr/lib64/python3.9/multiprocessing/managers.py", line 809, in _callmethod Feb 23 14:44:01 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com keylime_verifier[39556]: conn.send((self._id, methodname, args, kwds)) Feb 23 14:44:01 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com keylime_verifier[39556]: File "/usr/lib64/python3.9/multiprocessing/connection.py", line 210, in send Feb 23 14:44:01 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com keylime_verifier[39556]: self._send_bytes(_ForkingPickler.dumps(obj)) Feb 23 14:44:01 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com keylime_verifier[39556]: File "/usr/lib64/python3.9/multiprocessing/connection.py", line 415, in _send_bytes Feb 23 14:44:01 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com keylime_verifier[39556]: self._send(header + buf) Feb 23 14:44:01 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com keylime_verifier[39556]: File "/usr/lib64/python3.9/multiprocessing/connection.py", line 372, in _send Feb 23 14:44:01 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com keylime_verifier[39556]: n = write(self._handle, buf) Feb 23 14:44:01 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com keylime_verifier[39556]: BrokenPipeError: [Errno 32] Broken pipe Feb 23 14:44:01 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com keylime_verifier[39556]: During handling of the above exception, another exception occurred: Feb 23 14:44:01 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com keylime_verifier[39556]: Traceback (most recent call last): Feb 23 14:44:01 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com keylime_verifier[39556]: File "/usr/lib/python3.9/site-packages/keylime/cloud_verifier_tornado.py", line 1859, in process_agent Feb 23 14:44:01 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com keylime_verifier[39556]: runtime_policy = verifier_read_policy_from_cache(stored_agent) Feb 23 14:44:01 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com keylime_verifier[39556]: File "/usr/lib/python3.9/site-packages/keylime/cloud_verifier_tornado.py", line 149, in verifier_read_policy_from_cache Feb 23 14:44:01 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com keylime_verifier[39556]: shared_data.initialize_agent_policy_cache(agent_id) Feb 23 14:44:01 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com keylime_verifier[39556]: File "/usr/lib/python3.9/site-packages/keylime/shared_data.py", line 476, in initialize_agent_policy_cache Feb 23 14:44:01 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com keylime_verifier[39556]: policy_cache = manager.get_or_create_dict("policy_cache") Feb 23 14:44:01 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com keylime_verifier[39556]: File "/usr/lib/python3.9/site-packages/keylime/shared_data.py", line 200, in get_or_create_dict Feb 23 14:44:01 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com keylime_verifier[39556]: if namespace_key not in self._store: Feb 23 14:44:01 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com keylime_verifier[39556]: File "<string>", line 2, in __contains__ Feb 23 14:44:01 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com keylime_verifier[39556]: File "/usr/lib64/python3.9/multiprocessing/managers.py", line 809, in _callmethod Feb 23 14:44:01 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com keylime_verifier[39556]: conn.send((self._id, methodname, args, kwds)) Feb 23 14:44:01 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com keylime_verifier[39556]: File "/usr/lib64/python3.9/multiprocessing/connection.py", line 210, in send Feb 23 14:44:01 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com keylime_verifier[39556]: self._send_bytes(_ForkingPickler.dumps(obj)) Feb 23 14:44:01 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com keylime_verifier[39556]: File "/usr/lib64/python3.9/multiprocessing/connection.py", line 415, in _send_bytes Feb 23 14:44:01 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com keylime_verifier[39556]: self._send(header + buf) Feb 23 14:44:04 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com systemd[1]: keylime_verifier.service: Deactivated successfully. Feb 23 14:44:04 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com systemd[1]: Stopped The Keylime verifier. Feb 23 14:44:04 artemis-8381edad-68b6-4927-93d6-747242351bc2.cloud.ibm.com systemd[1]: keylime_verifier.service: Consumed 45.083s CPU time. :: [ 14:44:15 ] :: [ INFO ] :: Sending /var/tmp/limeLib/verifier.log as var-tmp-limeLib-verifier.log

       

      LOGS: https://artifacts.osci.redhat.com/testing-farm/09fd1070-2328-4af7-8629-07c79b7737e7/work-regression-full-swtpmyr9ocn_d/plans/regression-full-swtpm/execute/data/guest/default-0/Tests-with-IMA-sign-template/functional/agent-registration-with-non-default-tpm-algorithms/ecc521-ecdsa-13/output.txt 
      https://artifacts.osci.redhat.com/testing-farm/09fd1070-2328-4af7-8629-07c79b7737e7/work-regression-full-swtpmyr9ocn_d/plans/regression-full-swtpm/execute/data/guest/default-0/Tests-with-IMA-sign-template/functional/agent-registration-with-non-default-tpm-algorithms/ecc384-ecdsa-11/output.txt 

              scorreia@redhat.com Sergio Correia
              pkoncity2 Patrik Končitý
              Sergio Correia Sergio Correia
              Karel Srot Karel Srot
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: