Podman exec fails with unable to find user error

[DavidePrincipi]

The bug fix #6916 introduces a regression if a Subscription is active. The overnight automatic system update procedure restarts Redis and triggers the new overlay-cleanup script, which breaks some features of running applications. That script is designed to run only at boot, before applications are started.

As result podman exec invocations fail on containers with global USER option (e.g. openldap), or invoked with -u option.

Steps to reproduce

• Install and configure a OpenLDAP domain
• systemctl restart redis
• Go to the domain Settings

Expected behavior

Password policy card loads correctly.

Actual behavior

An error occurs. In the application log:

May 23 08:36:48 rl2 agent@openldap8[72028]: subprocess.CalledProcessError: Command '['podman', 'exec', 'openldap', 'ldapsearch', '-LLLo', 'ldif-wrap=no', '-b', 'cn=default,ou=PPolicy,dc=demo,dc=neth,dc=eu', '-s', 'base']' returned non-zero exit status 255.
May 23 08:36:48 rl2 agent@openldap8[72028]: task/module/openldap8/db0dd40f-81c7-4821-b22b-38b8ccdd72cd: action "get-password-policy" status is "aborted" (1) at step 50get_password_policy

Any podman exec invocation fails:

$ podman exec openldap id
Error: unable to find user ldap: no matching entries in passwd file

Components

• Core 2.8.0
• OpenLDAP 2.2.3

See also

• https://mattermost.nethesis.it/nethesis/pl/zo8ccm1mepnc3ygkw6aeo5hoee (PVT)

[DavidePrincipi]

In testing as Core 2.8.1-dev.5

[DavidePrincipi]

QA note

The bug fix does not restart services that are already broken for the bug: a complete node reboot or a manual service restart is needed for them. However since the overlay-cleanup needs to run at least once, a reboot is recommended to have the fix benefits.

[nrauso]

test case: VERIFIED

[DavidePrincipi]

Released https://github.com/NethServer/ns8-core/releases/tag/2.8.1