#7906 ipa-kra-install fails due to fs.protected_regular=1
Closed: fixed 2 years ago by rcritten. Opened 2 years ago by fcami.

Ticket was cloned from Red Hat Bugzilla (product Fedora): Bug 1698384

ipa-kra-install fails on f30+:

2019-04-09T22:15:46Z DEBUG   [3/11]: configuring KRA instance
2019-04-09T22:15:46Z DEBUG Traceback (most recent call last):
  File "/usr/lib/python3.7/site-packages/ipaserver/install/service.py", line
605, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python3.7/site-packages/ipaserver/install/service.py", line
591, in run_step
    method()
  File "/usr/lib/python3.7/site-packages/ipaserver/install/krainstance.py",
line 292, in __spawn_instance
    with open(cfg_file, "w") as f:
PermissionError: [Errno 13] Permission denied: '/tmp/tmpm1rqniqo'

2019-04-09T22:15:46Z DEBUG   [error] PermissionError: [Errno 13] Permission
denied: '/tmp/tmpm1rqniqo'
2019-04-09T22:15:46Z DEBUG Removing /var/lib/ipa/tmp-gt08zqc7
2019-04-09T22:15:46Z DEBUG Removing /root/.dogtag/pki-tomcat/kra
2019-04-09T22:15:46Z DEBUG   File
"/usr/lib/python3.7/site-packages/ipapython/admintool.py", line 179, in execute
    return_value = self.run()
  File "/usr/lib/python3.7/site-packages/ipapython/install/cli.py", line 347,
in run
    return cfgr.run()
  File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 360,
in run
    return self.execute()
  File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 386,
in execute
    for rval in self._executor():
  File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 431,
in __runner
    exc_handler(exc_info)
  File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 460,
in _handle_execute_exception
    self._handle_exception(exc_info)
  File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 450,
in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
    raise value
  File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 421,
in __runner
    step()
  File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 418,
in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line 81,
in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
    raise value
  File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line 59,
in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 655,
in _configure
    next(executor)
  File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 431,
in __runner
    exc_handler(exc_info)
  File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 460,
in _handle_execute_exception
    self._handle_exception(exc_info)
  File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 518,
in _handle_exception
    self.__parent._handle_exception(exc_info)
  File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 450,
in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
    raise value
  File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 515,
in _handle_exception
    super(ComponentBase, self)._handle_exception(exc_info)
  File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 450,
in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
    raise value
  File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 421,
in __runner
    step()
  File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 418,
in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line 81,
in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise
    raise value
  File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line 59,
in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python3.7/site-packages/ipapython/install/common.py", line 65,
in _install
    for unused in self._installer(self.parent):
  File "/usr/lib/python3.7/site-packages/ipaserver/install/server/__init__.py",
line 583, in main
    replica_install(self)
  File
"/usr/lib/python3.7/site-packages/ipaserver/install/server/replicainstall.py",
line 400, in decorated
    func(installer)
  File
"/usr/lib/python3.7/site-packages/ipaserver/install/server/replicainstall.py",
line 1274, in install
    kra.install(api, config, options, custodia=custodia)
  File "/usr/lib/python3.7/site-packages/ipaserver/install/kra.py", line 94, in
install
    promote=promote)
  File "/usr/lib/python3.7/site-packages/ipaserver/install/krainstance.py",
line 142, in configure_instance
    self.start_creation(runtime=120)
  File "/usr/lib/python3.7/site-packages/ipaserver/install/service.py", line
605, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python3.7/site-packages/ipaserver/install/service.py", line
591, in run_step
    method()
  File "/usr/lib/python3.7/site-packages/ipaserver/install/krainstance.py",
line 292, in __spawn_instance
    with open(cfg_file, "w") as f:

This is because the temp (/tmp) configuration file is first chowned to a
non-root account and then opened rw by root.

This is related to https://bugzilla.redhat.com/show_bug.cgi?id=1677027


Metadata Update from @fcami:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1698384

2 years ago

master:

  • cf42dc1 ipaserver/install/krainstance.py: chown after write

ipa-4-7:

  • a0973db ipaserver/install/krainstance.py: chown after write

Metadata Update from @rcritten:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

2 years ago

Login to comment on this ticket.

Metadata