Closed Tnthr closed 1 year ago
Can one of the admins check and authorise this run please: https://ci.kronosnet.org/job/resource-agents/job/resource-agents-pipeline/job/PR-1880/1/input
su has been working fine for years in other agents. You might try adding the logic to use runuser for selinux though.
https://github.com/ClusterLabs/resource-agents/pull/633/files
It does look like runuser may be the more appropriate command. I can work on integrating something similar to #633 into this RA as well.
For further clarification though. I had my postfix running well for about a year but with a distro upgrade from Ubuntu 22.04 to 22.10 I started seeing the issues with postfix. I'm still looking around to see the exact cause but it must be a default security setting that was changed with the new release. I don't have SELinux running either. I imagine as people eventually upgrade distro releases (assuming this might be a Ubuntu specific change) they may begin to see the same issue.
With that in mind I will modify this to add a check for runuser and use sudo as a fallback.
Can one of the admins check and authorise this run please: https://ci.kronosnet.org/job/resource-agents/job/resource-agents-pipeline/job/PR-1880/2/input
Can one of the admins check and authorise this run please: https://ci.kronosnet.org/job/resource-agents/job/resource-agents-pipeline/job/PR-1880/3/input
Can one of the admins check and authorise this run please: https://ci.kronosnet.org/job/resource-agents/job/resource-agents-pipeline/job/PR-1880/4/input
Can one of the admins check and authorise this run please: https://ci.kronosnet.org/job/resource-agents/job/resource-agents-pipeline/job/PR-1880/5/input
Sorry for the clutter here. I'm still learning the finer details of git. Attempting to squash my three commits has now netted 6 commits. Anyway...
I changed the runuser check back to the -x as recommended assuming most distros have the binary in the same folder or at least symlinked.
No worries about the clutter. People make mistakes, and additional mistakes expected for people who are new to git 😄
Can one of the admins check and authorise this run please: https://ci.kronosnet.org/job/resource-agents/job/resource-agents-pipeline/job/PR-1880/6/input
Can one of the admins check and authorise this run please: https://ci.kronosnet.org/job/resource-agents/job/resource-agents-pipeline/job/PR-1880/7/input
Thanks.
In the postfix resource agent, changed the check for a writable config directory to use sudo rather than su. Using su is prone to authentication failures while sudo works well.