Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

authselect-1.5.0-4.fc40 & authselect-1.5.0-4.fc41 breaks ext.config.files.fcos_users test #1680

Closed
jmarrero opened this issue Feb 27, 2024 · 6 comments · Fixed by authselect/authselect#368
Closed

authselect-1.5.0-4.fc40 & authselect-1.5.0-4.fc41 breaks ext.config.files.fcos_users test #1680

jmarrero opened this issue Feb 27, 2024 · 6 comments · Fixed by authselect/authselect#368
Labels
kind/bug

Comments

@jmarrero
Copy link
Member

jmarrero commented Feb 27, 2024
edited

Describe the bug

With the recent update of authselect-1.5.0-4 on both f40 and f41 the ext.config.files.fcos_users test fails.

Reproduction steps

  1. Build fcos from the branched or rawhide branches.
  2. Run kola run ext.config.files.fcos_users
  3. See it fail

Expected behavior

kola run ext.config.files.fcos_users should pass.

Actual behavior

kola run ext.config.files.fcos_users
⏭️  Skipping kola test pattern "fcos.internet":
  👉 https://github.com/coreos/coreos-assembler/pull/1478
⏭️  Skipping kola test pattern "podman.workflow":
  👉 https://github.com/coreos/coreos-assembler/pull/1478
🕒  Snoozing kola test pattern "ext.config.var-mount.scsi-id" until Feb 29 2024
  👉 https://github.com/coreos/fedora-coreos-tracker/issues/1670
=== RUN   ext.config.files.fcos_users
systemctl status kola-runext-22.service:
× kola-runext-22.service
     Loaded: loaded (/etc/systemd/system/kola-runext-22.service; static)
    Drop-In: /usr/lib/systemd/system/service.d
             └─10-timeout-abort.conf
     Active: failed (Result: exit-code) since Tue 2024-02-27 19:25:17 UTC; 1s ago
   Duration: 16ms
    Process: 2107 ExecStart=/usr/local/bin/kola-runext-fcos_users (code=exited, status=1/FAILURE)
   Main PID: 2107 (code=exited, status=1/FAILURE)
        CPU: 8ms

Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: chrony:x:994:992::/var/lib/chrony:/usr/sbin/nologin
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: cockpit-ws:x:988:987:User for cockpit-ws:/:/usr/sbin/nologin
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: dockerroot:x:997:986:Docker User:/var/lib/docker:/usr/sbin/nologin
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: etcd:x:998:997:etcd user:/var/lib/etcd:/usr/sbin/nologin
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: kube:x:996:994:Kubernetes user:/:/usr/sbin/nologin
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/usr/sbin/nologin
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: polkitd:x:999:998:User for polkitd:/:/usr/sbin/nologin
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: sssd:x:995:993:User for sssd:/:/usr/sbin/nologin
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: systemd-bus-proxy:x:989:988:systemd Bus Proxy:/:/usr/sbin/nologin
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: systemd-network:x:991:990:systemd Network Management:/:/usr/sbin/nologin
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: systemd-resolve:x:990:989:systemd Resolver:/:/usr/sbin/nologin
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: systemd-timesync:x:993:991:systemd Time Synchronization:/:/usr/sbin/nologin
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/usr/sbin/nologin
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: ceph:x:167:167:Ceph daemons:/var/lib/ceph:/usr/sbin/nologin
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: dbus:x:81:81:System Message Bus:/:/usr/sbin/nologin
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/usr/sbin/nologin
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/usr/sbin/nologin
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/usr/sbin/nologin
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: tcpdump:x:72:72::/:/usr/sbin/nologin
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: bin:x:1:1:bin:/bin:/usr/sbin/nologin
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: daemon:x:2:2:daemon:/sbin:/usr/sbin/nologin
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: adm:x:3:4:adm:/var/adm:/usr/sbin/nologin
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: lp:x:4:7:lp:/var/spool/lpd:/usr/sbin/nologin
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: sync:x:5:0:sync:/sbin:/bin/sync
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: halt:x:7:0:halt:/sbin:/sbin/halt
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: mail:x:8:12:mail:/var/spool/mail:/usr/sbin/nologin
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: operator:x:11:0:operator:/root:/usr/sbin/nologin
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: games:x:12:20:games:/usr/games:/usr/sbin/nologin
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: ftp:x:14:50:FTP User:/var/ftp:/usr/sbin/nologin
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: zincati:x:981:981:Zincati user for auto-updates:/:/usr/sbin/nologin
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: clevis:x:985:985:Clevis Decryption Framework unprivileged user:/var/cache/clevis:/usr/sbin/nologin
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: dnsmasq:x:982:982:Dnsmasq DHCP and DNS server:/var/lib/dnsmasq:/usr/sbin/nologin
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: systemd-coredump:x:980:980:systemd Core Dumper:/:/usr/sbin/nologin
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: systemd-oom:x:979:979:systemd Userspace OOM Killer:/:/usr/sbin/nologin
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: tss:x:59:59:Account used for TPM access:/:/usr/sbin/nologin
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2118]: rpm-ostree:x:62011:62011:Dynamic User:/:/usr/sbin/nologin
Feb 27 19:25:17 qemu0 kola-runext-fcos_users[2107]: failure on setup_users entry games
Feb 27 19:25:17 qemu0 systemd[1]: kola-runext-22.service: Main process exited, code=exited, status=1/FAILURE
Feb 27 19:25:17 qemu0 systemd[1]: kola-runext-22.service: Failed with result 'exit-code'.
--- FAIL: ext.config.files.fcos_users (26.41s)
        cluster.go:162: Error: Unit kola-runext-22.service exited with code 1
        cluster.go:162: 2024-02-27T19:25:18Z cli: Unit kola-runext-22.service exited with code 1
        harness.go:1261: kolet failed: : kolet run-test-unit failed: Process exited with status 1
FAIL, output in tmp/kola/qemu-2024-02-27-1424-105192
Error: harness: test suite failed
2024-02-27T19:25:21Z cli: harness: test suite failed

System details

QEMU Fedora CoreOS 40.20240227.dev.3

also seen in the pipeline:
https://jenkins-fedora-coreos-pipeline.apps.ocp.fedoraproject.org/job/build/2312/

Butane or Ignition config

No response

Additional information

The issue also is seen by looking at /etc/nsswitch.conf of a system built with authselect-1.5.0-4(bad) vs authselect-1.5.0-3(good)

In the good case we should see a passwd entry like:

passwd:     files altfiles systemd

However we see:

passwd:     files systemd
@jlebon
Copy link
Member

jlebon commented Feb 27, 2024

Was just looking over https://src.fedoraproject.org/rpms/authselect/c/f411c0ecd9eef866fbe13e710867a3fcebaaf87d?branch=rawhide and https://src.fedoraproject.org/rpms/authselect/pull-request/22 caught my eye. Would you be able to test that @jmarrero?

@jmarrero
Copy link
Member Author

@jlebon yes sir, Ill give it a try.

@jmarrero
Copy link
Member Author

Got the rpm from:
https://koji.fedoraproject.org/koji/taskinfo?taskID=114148249

Added them to the overrides folder and did cosa build

once we I got a build, confirmed I have the correct rpm by

cosa run and

core@cosa-devsh:~$ rpm -qa authselect
authselect-1.5.0-5.fc41.x86_64

Confirmed nsswitch.conf looks good:

core@cosa-devsh:~$ cat /etc/nsswitch.conf
# Generated by authselect
# Do not modify this file manually, use authselect instead. Any user changes will be overwritten.
# You can stop authselect from managing your configuration by calling 'authselect opt-out'.
# See authselect(8) for more details.
 
# In order of likelihood of use to accelerate lookup.
passwd:     files altfiles systemd
shadow:     files
group:      files [SUCCESS=merge] altfiles [SUCCESS=merge] systemd
hosts:      files resolve [!UNAVAIL=return] myhostname dns
services:   files
netgroup:   files
automount:  files
 
aliases:    files
ethers:     files
gshadow:    files
networks:   files dns
protocols:  files
publickey:  files
rpc:        files

Got out of the VM and ran the failing Kola test:

 kola run ext.config.files.fcos_users
⏭️  Skipping kola test pattern "fcos.internet":
  ? https://github.com/coreos/coreos-assembler/pull/1478
⏭️  Skipping kola test pattern "podman.workflow":
  ? https://github.com/coreos/coreos-assembler/pull/1478
?  Snoozing kola test pattern "ext.config.var-mount.scsi-id" until Feb 29 2024
  ? https://github.com/coreos/fedora-coreos-tracker/issues/1670
=== RUN   ext.config.files.fcos_users
--- PASS: ext.config.files.fcos_users (26.55s)
PASS, output in tmp/kola/qemu-2024-02-27-1623-134752

I think your patch is good to go.

@jlebon jlebon mentioned this issue Feb 28, 2024
Closed
jlebon added a commit to jlebon/authselect that referenced this issue Feb 28, 2024
@jlebon
spec: strengthen altfiles sed invocation
3306ff1 
The regex that was given matched the `group` line but not the `passwd`
line (which doesn't have that `[SUCCESS=merge]` bit).

Generalize the regex instead so that we just take whatever the contents
of the conditional was and put it in there.

Fixes: coreos/fedora-coreos-tracker#1680
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2266344

(Upstreamed from https://src.fedoraproject.org/rpms/authselect/pull-request/22)
@jlebon jlebon mentioned this issue Feb 28, 2024
Merged
@cgwalters cgwalters mentioned this issue Feb 28, 2024
Merged
pbrezina pushed a commit to authselect/authselect that referenced this issue Feb 29, 2024
@jlebon @pbrezina
spec: strengthen altfiles sed invocation
3069935 
The regex that was given matched the `group` line but not the `passwd`
line (which doesn't have that `[SUCCESS=merge]` bit).

Generalize the regex instead so that we just take whatever the contents
of the conditional was and put it in there.

Fixes: coreos/fedora-coreos-tracker#1680
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2266344

(Upstreamed from https://src.fedoraproject.org/rpms/authselect/pull-request/22)
cgwalters added a commit to cgwalters/bootc that referenced this issue Mar 6, 2024
@cgwalters
ci: Pin eln image
3789fb2 
Until the fix for coreos/fedora-coreos-tracker#1680
finally propagates.

Signed-off-by: Colin Walters <walters@verbum.org>
@cgwalters cgwalters mentioned this issue Mar 6, 2024
Merged
cgwalters added a commit to cgwalters/bootc that referenced this issue Mar 7, 2024
@cgwalters
ci: Pin eln image
2c0d974 
Until the fix for coreos/fedora-coreos-tracker#1680
finally propagates.

Signed-off-by: Colin Walters <walters@verbum.org>
@dustymabe
Copy link
Member

xref the BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2266344

@dustymabe
Copy link
Member

I think we can unpin this now since https://bodhi.fedoraproject.org/updates/FEDORA-2024-bb02da5f27 is in rawhide.

dustymabe added a commit to dustymabe/fedora-coreos-config that referenced this issue Mar 15, 2024
@dustymabe
overrides: unpin authselect-1.5.0-3.fc40
07c0d3b 
The underlying issue should be fixed now. See:

- coreos/fedora-coreos-tracker#1680
- https://bugzilla.redhat.com/show_bug.cgi?id=2266344
dustymabe added a commit to dustymabe/fedora-coreos-config that referenced this issue Mar 16, 2024
@dustymabe
overrides: unpin authselect-1.5.0-3.fc40
c10e8d2 
The underlying issue should be fixed now. See:

- coreos/fedora-coreos-tracker#1680
- https://bugzilla.redhat.com/show_bug.cgi?id=2266344
dustymabe added a commit to coreos/fedora-coreos-config that referenced this issue Mar 16, 2024
@dustymabe
overrides: unpin authselect-1.5.0-3.fc40
5c5017a 
The underlying issue should be fixed now. See:

- coreos/fedora-coreos-tracker#1680
- https://bugzilla.redhat.com/show_bug.cgi?id=2266344
@dustymabe
Copy link
Member

dropped in coreos/fedora-coreos-config@5c5017a

@jlebon jlebon mentioned this issue Apr 17, 2024
Closed
lukewarmtemp pushed a commit to lukewarmtemp/bootc that referenced this issue May 8, 2024
@cgwalters @lukewarmtemp
ci: Pin eln image
613b6e5 
Until the fix for coreos/fedora-coreos-tracker#1680
finally propagates.

Signed-off-by: Colin Walters <walters@verbum.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

spec: strengthen altfiles sed invocation jlebon/authselect
3 participants
@jmarrero @dustymabe @jlebon