knet-jenkins[bot]
commented
1 year ago Can one of the admins check and authorise this run please: https://ci.kronosnet.org/job/resource-agents/job/resource-agents-pipeline/job/PR-1880/1/input
Closed Tnthr closed 1 year ago
knet-jenkins[bot]
commented
1 year ago Can one of the admins check and authorise this run please: https://ci.kronosnet.org/job/resource-agents/job/resource-agents-pipeline/job/PR-1880/1/input
oalbrigt
commented
1 year ago su has been working fine for years in other agents. You might try adding the logic to use runuser for selinux though.
https://github.com/ClusterLabs/resource-agents/pull/633/files
Tnthr
commented
1 year ago It does look like runuser may be the more appropriate command. I can work on integrating something similar to #633 into this RA as well.
For further clarification though. I had my postfix running well for about a year but with a distro upgrade from Ubuntu 22.04 to 22.10 I started seeing the issues with postfix. I'm still looking around to see the exact cause but it must be a default security setting that was changed with the new release. I don't have SELinux running either. I imagine as people eventually upgrade distro releases (assuming this might be a Ubuntu specific change) they may begin to see the same issue.
With that in mind I will modify this to add a check for runuser and use sudo as a fallback.
knet-jenkins[bot]
commented
1 year ago Can one of the admins check and authorise this run please: https://ci.kronosnet.org/job/resource-agents/job/resource-agents-pipeline/job/PR-1880/2/input
knet-jenkins[bot]
commented
1 year ago Can one of the admins check and authorise this run please: https://ci.kronosnet.org/job/resource-agents/job/resource-agents-pipeline/job/PR-1880/3/input
knet-jenkins[bot]
commented
1 year ago Can one of the admins check and authorise this run please: https://ci.kronosnet.org/job/resource-agents/job/resource-agents-pipeline/job/PR-1880/4/input
knet-jenkins[bot]
commented
1 year ago Can one of the admins check and authorise this run please: https://ci.kronosnet.org/job/resource-agents/job/resource-agents-pipeline/job/PR-1880/5/input
Tnthr
commented
1 year ago Sorry for the clutter here. I'm still learning the finer details of git. Attempting to squash my three commits has now netted 6 commits. Anyway...
I changed the runuser check back to the -x as recommended assuming most distros have the binary in the same folder or at least symlinked.
oalbrigt
commented
1 year ago No worries about the clutter. People make mistakes, and additional mistakes expected for people who are new to git 😄
knet-jenkins[bot]
commented
1 year ago Can one of the admins check and authorise this run please: https://ci.kronosnet.org/job/resource-agents/job/resource-agents-pipeline/job/PR-1880/6/input
knet-jenkins[bot]
commented
1 year ago Can one of the admins check and authorise this run please: https://ci.kronosnet.org/job/resource-agents/job/resource-agents-pipeline/job/PR-1880/7/input
oalbrigt
commented
1 year ago Thanks.
In the postfix resource agent, changed the check for a writable config directory to use sudo rather than su. Using su is prone to authentication failures while sudo works well.