Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

images: fix centos-10 #6378

Merged
merged 5 commits into from
May 22, 2024
Merged

images: fix centos-10 #6378

merged 5 commits into from
May 22, 2024

Conversation

allisonkarlitskaya
Copy link
Member

@allisonkarlitskaya allisonkarlitskaya commented May 14, 2024
edited by cockpituous

Fixes #6376

  • image-refresh centos-10

@cockpituous cockpituous changed the title images: don't install dhcp-client on RHEL 10 WIP: 5f0e8d03904a: [no-test] images: don't install dhcp-client on RHEL 10 May 14, 2024
@cockpituous
Copy link
Contributor

image-refresh centos-10 done: https://github.com/cockpit-project/bots/commits/image-refresh-centos-10-20240514-041151

@cockpituous cockpituous changed the title WIP: 5f0e8d03904a: [no-test] images: don't install dhcp-client on RHEL 10 images: don't install dhcp-client on RHEL 10 May 14, 2024
@cockpituous
Copy link
Contributor

Success. Log: https://cockpit-logs.us-east-1.linodeobjects.com/image-refresh-centos-10-fdf4c864-20240514-035722/log.html

@jelly jelly marked this pull request as ready for review May 14, 2024 12:21
@jelly
Copy link
Member

jelly commented May 14, 2024
edited

SELinux failure galore:


audit: type=1400 audit(1715689616.964:4): avc:  denied  { map_read map_write } for  pid=488 comm="nfs-server-gene" scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=bpf permissive=0
audit: type=1400 audit(1715689616.993:5): avc:  denied  { map_read map_write } for  pid=501 comm="systemd-rc-loca" scontext=system_u:system_r:systemd_rc_local_generator_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=bpf permissive=0
audit: type=1400 audit(1715689617.016:6): avc:  denied  { map_read map_write } for  pid=498 comm="systemd-gpt-aut" scontext=system_u:system_r:systemd_gpt_generator_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=bpf permissive=0
audit: type=1400 audit(1715689617.031:7): avc:  denied  { map_read map_write } for  pid=496 comm="systemd-fstab-g" scontext=system_u:system_r:systemd_fstab_generator_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=bpf permissive=0
audit: type=1400 audit(1715689617.055:8): avc:  denied  { map_read map_write } for  pid=504 comm="systemd-sysv-ge" scontext=system_u:system_r:systemd_sysv_generator_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=bpf permissive=

NBDE fails:

warning: Unexpected PackageKit error during installation of clevis-dracut: Error: Could not depsolve transaction; 1 problem detected:
 Problem: conflicting requests
  - nothing provides dracut-network needed by clevis-dracut-19-6.el10.x86_64 from updates

@allisonkarlitskaya
Copy link
Member Author

Lovely :(

Thanks for the cherry-pick.

@allisonkarlitskaya allisonkarlitskaya mentioned this pull request May 17, 2024
Closed
1 task
@martinpitt martinpitt mentioned this pull request May 21, 2024
Merged
2 tasks
@martinpitt martinpitt changed the title images: don't install dhcp-client on RHEL 10 images: fix centos-10 May 22, 2024
@martinpitt martinpitt marked this pull request as draft May 22, 2024 05:07
@cockpituous cockpituous changed the title images: fix centos-10 WIP: bf66cc853026: [no-test] images: fix centos-10 May 22, 2024
@martinpitt
Copy link
Member

I have some more fixes queued. I also want a fresh build to pick up kdumpctl.

@martinpitt martinpitt changed the title WIP: bf66cc853026: [no-test] images: fix centos-10 images: fix centos-10 May 22, 2024
@martinpitt martinpitt added bot and removed bot labels May 22, 2024
@cockpituous cockpituous changed the title images: fix centos-10 WIP: 89d6f40dd1ae: [no-test] images: fix centos-10 May 22, 2024
@cockpituous cockpituous changed the title WIP: 89d6f40dd1ae: [no-test] images: fix centos-10 images: fix centos-10 May 22, 2024
@cockpituous
Copy link
Contributor

Failed. Log: https://cockpit-logs.us-east-1.linodeobjects.com/image-refresh-centos-10-9dcd959e-20240522-051044/log.html

@cockpituous cockpituous changed the title images: fix centos-10 WIP: 23bf511df1af: [no-test] images: fix centos-10 May 22, 2024
@cockpituous cockpituous changed the title WIP: 23bf511df1af: [no-test] images: fix centos-10 images: fix centos-10 May 22, 2024
@cockpituous
Copy link
Contributor

Failed. Log: https://cockpit-logs.us-east-1.linodeobjects.com/image-refresh-centos-10-9dcd959e-20240522-052626/log.html

@martinpitt
Copy link
Member

That failure reproduces. After installing packages, /etc/resolv.conf is a broken symlink. systemctl start systemd-resolved fixes it.

I noticed that during my initial experiments and thought it was a glitch, but it's systematic. Our initial image doesn't have systemd-resolved installed. But installing wireguard-tools pulls in systemd-resolved as a dependency, and its rpm script changes /etc/resolv.conf.

So: installing wireguard-tools breaks DNS, because installing systemd-resolved changes the symlink but doesn't start the service. I filed that as https://issues.redhat.com/browse/RHEL-37686 and will add a workaround.

@cockpituous cockpituous changed the title images: fix centos-10 WIP: 10f543a142b1: [no-test] images: fix centos-10 May 22, 2024
@cockpituous
Copy link
Contributor

image-refresh centos-10 done: https://github.com/cockpit-project/bots/commits/image-refresh-centos-10-20240522-073543

@cockpituous
Copy link
Contributor

Success. Log: https://cockpit-logs.us-east-1.linodeobjects.com/image-refresh-centos-10-7c27fdc5-20240522-072129/log.html

@cockpituous cockpituous changed the title WIP: 10f543a142b1: [no-test] images: fix centos-10 images: fix centos-10 May 22, 2024
Cockpituous and others added 2 commits May 22, 2024 09:48
@martinpitt
images: Update centos-10 image
b08a260
@martinpitt
machine_core: Ignore systemd generator SELinux noise in CentOS 10
e9b5147 
Same as https://bugzilla.redhat.com/show_bug.cgi?id=2250930 in Fedora,
but tracked in https://issues.redhat.com/browse/RHEL-37631

centos-10 has working `ausearch`, so this also needs to ignore its
output. So the patterns are a bit more complex.
@martinpitt
Copy link
Member

SELinux issues are https://issues.redhat.com/browse/RHEL-37631 , added ignore.

@martinpitt martinpitt mentioned this pull request May 22, 2024
Merged
@martinpitt martinpitt marked this pull request as ready for review May 22, 2024 09:29
@martinpitt martinpitt requested review from jelly and mvollmer May 22, 2024 09:29
@martinpitt
Copy link
Member

Green now! It's @allisonkarlitskaya 's PR, so she can't formally review. But I'm good with the dhcp-change, and someone else needs to review my changes.

allisonkarlitskaya
allisonkarlitskaya commented May 22, 2024
View reviewed changes
Copy link
Member Author

@allisonkarlitskaya allisonkarlitskaya left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✔️ 👍 (if I could).

@martinpitt martinpitt merged commit 2029ce3 into main May 22, 2024
10 checks passed
@martinpitt martinpitt deleted the centos-refresh branch May 22, 2024 09:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@martinpitt martinpitt martinpitt approved these changes

@jelly jelly Awaiting requested review from jelly

@mvollmer mvollmer Awaiting requested review from mvollmer

Assignees
No one assigned
Labels
bot
Projects
Pilot tasks
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Image refresh for centos-10
4 participants
@allisonkarlitskaya @cockpituous @jelly @martinpitt