Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-153121

Agent was not deleted from Verifier after 5 tries

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • No
    • None
    • rhel-security-special-projects
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      This issue seems to be appearing rarely. The test is running 'tenant -c update' and the verifier attempts to deleting an agent first but the process is not successful.

       

      {{:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: -c update :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 10:13:08 ] :: [ BEGIN ] :: Running 'keylime_tenant -v 127.0.0.1 -t 127.0.0.1 -u d432fbb3-d2f1-4a97-9ef7-75bd81c00000 --runtime-policy policy.json -p content_payload.txt -k content_keys.txt -c update' INFO:keylime.config:Reading configuration from ['/etc/keylime/logging.conf'] 2026-03-03 10:13:08.829 - keylime.config - INFO - Reading configuration from ['/etc/keylime/tenant.conf'] 2026-03-03 10:13:08.830 - keylime.tenant - INFO - Setting up client TLS... 2026-03-03 10:13:08.830 - keylime.tenant - INFO - Using default client_cert option for tenant 2026-03-03 10:13:08.830 - keylime.tenant - INFO - Using default client_key option for tenant 2026-03-03 10:13:08.830 - keylime.tenant - INFO - No value provided in client_key_password option for tenant, assuming the key is unencrypted 2026-03-03 10:13:08.840 - keylime.tenant - INFO - TLS is enabled. 2026-03-03 10:13:08.867 - keylime.tenant - INFO - Using API version 2.5 for registrar communication 2026-03-03 10:13:08.942 - keylime.tenant - INFO - Negotiated API version 2.5 with agent d432fbb3-d2f1-4a97-9ef7-75bd81c00000 (agent: ['2.1', '2.2', '2.3', '2.4', '2.5'], tenant: ['1.0', '2.0', '2.1', '2.2', '2.3', '2.4', '2.5']) 2026-03-03 10:13:08.942 - keylime.tenant - INFO - Using API version 2.5 for agent communication 2026-03-03 10:13:08.942 - keylime.cli.policies - INFO - TPM PCR Mask from policy is 0x0 2026-03-03 10:13:08.956 - keylime.tenant - INFO - Using API version 2.5 for verifier communication 2026-03-03 10:13:08.976 - keylime.tenant - INFO - Agent Info from Verifier (127.0.0.1:8881): {"d432fbb3-d2f1-4a97-9ef7-75bd81c00000": {"operational_state": "Get Quote", "v": null, "ip": "127.0.0.1", "port": 9002, "tpm_policy": "

      {\"mask\": \"0x400\"}

      ", "meta_data": "{}", "has_mb_refstate": 0, "has_runtime_policy": 1, "accept_tpm_hash_algs": ["sha512", "sha384", "sha256"], "accept_tpm_encryption_algs": ["ecc", "rsa"], "accept_tpm_signing_algs": ["ecschnorr", "rsassa"], "hash_alg": "sha256", "enc_alg": "rsa2048", "sign_alg": "rsassa", "verifier_id": "default", "verifier_ip": "127.0.0.1", "verifier_port": 8881, "severity_level": null, "last_event_id": null, "attestation_count": 2, "last_received_quote": 1772532786, "last_successful_attestation": 1772532786, "attestation_status": "PASS", "attestation_period": "2s", "maximum_attestation_interval": "10s"}} 2026-03-03 10:13:09.018 - keylime.tenant - INFO - Agent Info from Verifier default (127.0.0.1:8881): {"d432fbb3-d2f1-4a97-9ef7-75bd81c00000": {"operational_state": "Get Quote", "v": null, "ip": "127.0.0.1", "port": 9002, "tpm_policy": "

      {\"mask\": \"0x400\"}

      ", "meta_data": "{}", "has_mb_refstate": 0, "has_runtime_policy": 1, "accept_tpm_hash_algs": ["sha512", "sha384", "sha256"], "accept_tpm_encryption_algs": ["ecc", "rsa"], "accept_tpm_signing_algs": ["ecschnorr", "rsassa"], "hash_alg": "sha256", "enc_alg": "rsa2048", "sign_alg": "rsassa", "verifier_id": "default", "verifier_ip": "127.0.0.1", "verifier_port": 8881, "severity_level": null, "last_event_id": null, "attestation_count": 3, "last_received_quote": 1772532788, "last_successful_attestation": 1772532788, "attestation_status": "PASS", "attestation_period": "2s", "maximum_attestation_interval": "10s"}} 2026-03-03 10:13:09.018 - keylime.tenant - INFO - Agent d432fbb3-d2f1-4a97-9ef7-75bd81c00000 (127.0.0.1:9002) still not deleted from Verifier default (127.0.0.1:8881) at try 1/5, trying again in 2.0 seconds... 2026-03-03 10:13:11.044 - keylime.tenant - INFO - Agent Info from Verifier default (127.0.0.1:8881): {"d432fbb3-d2f1-4a97-9ef7-75bd81c00000": {"operational_state": "Get Quote", "v": null, "ip": "127.0.0.1", "port": 9002, "tpm_policy": "

      {\"mask\": \"0x400\"}

      ", "meta_data": "{}", "has_mb_refstate": 0, "has_runtime_policy": 1, "accept_tpm_hash_algs": ["sha512", "sha384", "sha256"], "accept_tpm_encryption_algs": ["ecc", "rsa"], "accept_tpm_signing_algs": ["ecschnorr", "rsassa"], "hash_alg": "sha256", "enc_alg": "rsa2048", "sign_alg": "rsassa", "verifier_id": "default", "verifier_ip": "127.0.0.1", "verifier_port": 8881, "severity_level": null, "last_event_id": null, "attestation_count": 3, "last_received_quote": 1772532788, "last_successful_attestation": 1772532788, "attestation_status": "PASS", "attestation_period": "2s", "maximum_attestation_interval": "10s"}} 2026-03-03 10:13:11.044 - keylime.tenant - INFO - Agent d432fbb3-d2f1-4a97-9ef7-75bd81c00000 (127.0.0.1:9002) still not deleted from Verifier default (127.0.0.1:8881) at try 2/5, trying again in 4.0 seconds... 2026-03-03 10:13:15.059 - keylime.tenant - INFO - Agent Info from Verifier default (127.0.0.1:8881): {"d432fbb3-d2f1-4a97-9ef7-75bd81c00000": {"operational_state": "Get Quote", "v": null, "ip": "127.0.0.1", "port": 9002, "tpm_policy": "

      {\"mask\": \"0x400\"}

      ", "meta_data": "{}", "has_mb_refstate": 0, "has_runtime_policy": 1, "accept_tpm_hash_algs": ["sha512", "sha384", "sha256"], "accept_tpm_encryption_algs": ["ecc", "rsa"], "accept_tpm_signing_algs": ["ecschnorr", "rsassa"], "hash_alg": "sha256", "enc_alg": "rsa2048", "sign_alg": "rsassa", "verifier_id": "default", "verifier_ip": "127.0.0.1", "verifier_port": 8881, "severity_level": null, "last_event_id": null, "attestation_count": 5, "last_received_quote": 1772532793, "last_successful_attestation": 1772532793, "attestation_status": "PASS", "attestation_period": "2s", "maximum_attestation_interval": "10s"}} 2026-03-03 10:13:15.059 - keylime.tenant - INFO - Agent d432fbb3-d2f1-4a97-9ef7-75bd81c00000 (127.0.0.1:9002) still not deleted from Verifier default (127.0.0.1:8881) at try 3/5, trying again in 8.0 seconds... 2026-03-03 10:13:23.074 - keylime.tenant - INFO - Agent Info from Verifier default (127.0.0.1:8881): {"d432fbb3-d2f1-4a97-9ef7-75bd81c00000": {"operational_state": "Get Quote", "v": null, "ip": "127.0.0.1", "port": 9002, "tpm_policy": "

      {\"mask\": \"0x400\"}

      ", "meta_data": "{}", "has_mb_refstate": 0, "has_runtime_policy": 1, "accept_tpm_hash_algs": ["sha512", "sha384", "sha256"], "accept_tpm_encryption_algs": ["ecc", "rsa"], "accept_tpm_signing_algs": ["ecschnorr", "rsassa"], "hash_alg": "sha256", "enc_alg": "rsa2048", "sign_alg": "rsassa", "verifier_id": "default", "verifier_ip": "127.0.0.1", "verifier_port": 8881, "severity_level": null, "last_event_id": null, "attestation_count": 9, "last_received_quote": 1772532801, "last_successful_attestation": 1772532801, "attestation_status": "PASS", "attestation_period": "2s", "maximum_attestation_interval": "10s"}} 2026-03-03 10:13:23.075 - keylime.tenant - INFO - Agent d432fbb3-d2f1-4a97-9ef7-75bd81c00000 (127.0.0.1:9002) still not deleted from Verifier default (127.0.0.1:8881) at try 4/5, trying again in 16.0 seconds... 2026-03-03 10:13:39.090 - keylime.tenant - INFO - Agent Info from Verifier default (127.0.0.1:8881): {"d432fbb3-d2f1-4a97-9ef7-75bd81c00000": {"operational_state": "Get Quote", "v": null, "ip": "127.0.0.1", "port": 9002, "tpm_policy": "

      {\"mask\": \"0x400\"}

      ", "meta_data": "{}", "has_mb_refstate": 0, "has_runtime_policy": 1, "accept_tpm_hash_algs": ["sha512", "sha384", "sha256"], "accept_tpm_encryption_algs": ["ecc", "rsa"], "accept_tpm_signing_algs": ["ecschnorr", "rsassa"], "hash_alg": "sha256", "enc_alg": "rsa2048", "sign_alg": "rsassa", "verifier_id": "default", "verifier_ip": "127.0.0.1", "verifier_port": 8881, "severity_level": null, "last_event_id": null, "attestation_count": 17, "last_received_quote": 1772532817, "last_successful_attestation": 1772532817, "attestation_status": "PASS", "attestation_period": "2s", "maximum_attestation_interval": "10s"}} 2026-03-03 10:13:39.090 - keylime.tenant - ERROR - Agent d432fbb3-d2f1-4a97-9ef7-75bd81c00000 (127.0.0.1:9002) was not deleted from Verifier default (127.0.0.1:8881) after 5 tries :: [ 10:13:39 ] :: [ FAIL ] :: Command 'keylime_tenant -v 127.0.0.1 -t 127.0.0.1 -u d432fbb3-d2f1-4a97-9ef7-75bd81c00000 --runtime-policy policy.json -p content_payload.txt -k content_keys.txt -c update' (Expected 0, got 1)}}

      What is the impact of this issue to you?

      cannot delete/update agent (rarely)

      Please provide the package NVR for which the bug is seen:

      keylime-base-7.14.1-1.el10

      How reproducible is this bug?:

      rarely

      Steps to reproduce

      1. tenant -c update ... (or run the linked test)
      2.  
      3.  

      Expected results

      operation succeeds

      Actual results

      operation fails

              ansasaki@redhat.com Anderson Toshiyuki Sasaki
              ksrot@redhat.com Karel Srot
              Sergio Correia Sergio Correia
              Karel Srot Karel Srot
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: