Installation of 6.18.0 debian package using chef on Ubuntu 16.04 fails

DataDog / datadog-agent

Main repository for Datadog Agent

https://docs.datadoghq.com/

Apache License 2.0

2.86k stars 1.2k forks source link

Installation of 6.18.0 debian package using chef on Ubuntu 16.04 fails #5124

Open uthark opened 4 years ago

uthark commented 4 years ago

Output of the info page (if this is a bug)

Loading SELinux policy module for system-probe.
dpkg: error processing package datadog-agent (--configure):
 subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
 datadog-agent
STDERR: W: --force-yes is deprecated, use one of the options starting with --allow instead.
E: Sub-process /usr/bin/dpkg returned an error code (1)
---- End output of apt-get -q -y --force-yes install datadog-agent=1:6.18.0-1 ----
Ran apt-get -q -y --force-yes install datadog-agent=1:6.18.0-1 returned 100
[2020-03-16T20:40:54+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)

Describe what happened:

Describe what you expected:

Steps to reproduce the issue:

Additional environment details (Operating System, Cloud provider, etc): Ubuntu 16.04 on AWS.

uthark commented 4 years ago

Upgrade from 6.17.1 also fails:

Enabling service datadog-agent
Created symlink from /etc/systemd/system/multi-user.target.wants/datadog-agent.service to /lib/systemd/system/datadog-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/datadog-agent-process.service to /lib/systemd/system/datadog-agent-process.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/datadog-agent-trace.service to /lib/systemd/system/datadog-agent-trace.service.
Loading SELinux policy module for system-probe.
dpkg: error processing package datadog-agent (--configure):
 subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
 datadog-agent
E: Sub-process /usr/bin/dpkg returned an error code (1)

uthark commented 4 years ago

Post install fails.

when I try to do it locally:

semodule -v -i /etc/datadog-agent/selinux/system_probe_policy.pp
Attempting to install module '/etc/datadog-agent/selinux/system_probe_policy.pp':
Ok: return value of 0.
Committing changes:
libsepol.print_missing_requirements: system_probe_policy's global requirements were not met: type/attribute base_ro_file_type (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).
semodule:  Failed!

uthark commented 4 years ago

cc @smo921

uthark commented 4 years ago

Fails on this line: https://github.com/DataDog/datadog-agent/blob/6.18.0/omnibus/package-scripts/agent/postinst#L97

KSerrania commented 4 years ago

Hey @uthark,

Thanks for reporting this issue! I can reproduce it and it seems that the SELinux policy we introduced in 6.18.0/7.18.0 is trying to use a type that isn't provided by Ubuntu 16.04 by default. We will start working on a bugfix right now.

In the meantime you can pin the Agent to the previous minor version 7.17.1.

uthark commented 4 years ago

@KSerrania yes, this is what we decided to do.

KSerrania commented 4 years ago

Hi @uthark,

Versions 6.18.1 and 7.18.1 of the Agent are out since last week, and should resolve your issue. I have been able to install 7.18.1 without any issue on an Ubuntu 16.04 host with SELinux enabled.

Could you please confirm that the new version fixes the issue in your environment?