Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Normal
Fix Version/s: 6.15.0
Affects Version/s: 6.8.0
Component/s: katello-tracer
Labels:
- team-triaged
- triaged

Satellite Team:

Phoenix - Content
Story Points:
0
Target Version:

6.15.0
Blocked:
False
External issue URL:
https://projects.theforeman.org/issues/36808
GitHub Issue:
https://github.com/Katello/katello/pull/10762
Bugzilla Bug:
RHBZ: 1937203
Severity:
Moderate
Sprint:
Sprint 123, Sprint 124, Sprint 125, Sprint 126, Sprint 127, Sprint 128, Sprint 129, Sprint 130, Sprint 131, Sprint 132

Release Note Type:
None
Release Note Text:
None
Release Note Status:
None

PX Impact Score:
PX Priority Data:
SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Test Coverage:
None

Description of problem:

Tracer job fails with the following error when executed via remote execution using an effective user other than root
~~~
1:
/var/tmp/foreman-ssh-cmd-77db4879-1eff-4a61-a071-8d5207db0e6d/script: line 2: katello-tracer-upload: command not found
2:
Exit status: 127
~~~

Version-Release number of selected component (if applicable):

Satellite 6.8.3

How reproducible:

Steps to Reproduce:

1. Setup the remote execution using the following document for a non-root user.
https://access.redhat.com/solutions/2650071
2. Go to administer > Settings > Remote execution > Change Effective user to non-root user configured in step 1.
3. Update a few packages on the client connected to the satellite.
4. Now go the host > Content Host > open the host on which packages are updated > Traces > Select service which needs restart > Restart Selected
5. The job will fail with the error command not found.

Actual results:

The job fails with the following error.
~~~
1:
/var/tmp/foreman-ssh-cmd-77db4879-1eff-4a61-a071-8d5207db0e6d/script: line 2: katello-tracer-upload: command not found
2:
Exit status: 127
~~~

Expected results:

The job should complete with the exit status 0.

Additional info:

The reason for failure when the effective user is other than the root is the binary location of the katello-tracer-upload command which is /usr/sbin. To execute any binary from /sbin or /usr/sbin, root privileges are required.

Solution 1 -

Change the location of binary to /usr/bin so that any user with access privileges can execute it.

Solution 2-

When we try to restart the service using traces, it runs the following commands.
~~~
sudo systemctl restart chronyd
katello-tracer-upload
~~~

As you can see, the katello-tracer-upload is executing without sudo but the restart service is running with the sudo privileges.

If we make the katello-tracer-upload command run with sudo, then any non-root user can run it. This is easily achievable by simply editing the "Restart Services - Katello SSH Default" template. I managed to work around the issue by editing the template as follows.
~~~
<%
commands = input(:helper).split(',').map { |split| split.strip }
reboot = commands.delete('reboot')
-%>
<%= commands.join("\n") %>
sudo katello-tracer-upload
<% if reboot -%>
<%= render_template('Power Action - SSH Default', action: 'restart') %>
<% end %>
~~~
Just added the sudo in line number 6. This will work with root user also but not sure whether this acceptable approach or not.