Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-21946

keylime_server role won't detect registrar start failure

XMLWordPrintable

    • rhel-system-roles-1.23.0-2.7.el8
    • None
    • None
    • rhel-sst-system-roles
    • 24
    • 26
    • 3
    • QE ack, Dev ack
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Red Hat Enterprise Linux
    • None
    • Bug Fix
    • Hide
      .`keylime_server` role correctly reports registrar service status

      Previously, when the `keylime_server` role playbook provided incorrect information, the role incorrectly reported the start as successful. With this update, the role now correctly reports a failure when incorrect information is provided, and the timeout when waiting for opened ports has been reduced from approximately 300 seconds to approximately 30 seconds.
      Show
      .`keylime_server` role correctly reports registrar service status Previously, when the `keylime_server` role playbook provided incorrect information, the role incorrectly reported the start as successful. With this update, the role now correctly reports a failure when incorrect information is provided, and the timeout when waiting for opened ports has been reduced from approximately 300 seconds to approximately 30 seconds.
    • Done
    • None

      What were you trying to do that didn't work?

      I have accidentally provided incorrect configuration for the registrar and as a result the registrar service did not start. Howover, from the Ansible perspective everything went fine and no error has been reported by system role.

      Please provide the package NVR for which bug is seen:

      rhel-system-roles-1.22.0-2.el9

      How reproducible:

      always

      Steps to reproduce

      1. clone repo from https://gitlab.cee.redhat.com/keylime/keylime-tests-internal/-/merge_requests/61

      2. enter it and in documentation/keylime-server-role/test.sh edit the playbook and do some change in keylime_server_registrar_trusted_client_ca.  The typo I did was using keylime_server_registrar_trusted_server_ca  instead (edited)
      3. then schedule the test with
        tmt run -vvv discover provision -h connect -g 10.0.187.157 -u root prepare execute plan --default test -n keylime-server-role
        where 10.0.187.157 is RHEL-9 system, no TPM needed. I am using one from 1minutetip (just be sure to enable epel repo in /etc/yum.repos.d/epel.repo
         
        You should see that ansible-playbook goes fine but later limeWaitForRegistrar fails and if you ssh to the container you will find the traceback in journal

        Expected results

      no failure. Also, reasonable timeout value (30-60 seconds) should be used when waiting for opened ports. 300s default is too big.

      Actual results

      error report

              rmeggins@redhat.com Richard Megginson
              ksrot@redhat.com Karel Srot
              Richard Megginson Richard Megginson
              Karel Srot Karel Srot
              Jan Fiala Jan Fiala
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: