search

cockpit-project / cockpit-machines

Cockpit UI for virtual machines
GNU Lesser General Public License v2.1
262 stars 68 forks source link

Enable tests on CentOS 10 stream #1647

Closed martinpitt closed 2 months ago

martinpitt commented 2 months ago

:warning: While this does fix the "centos-10" test, I intend to keep this in the _manual testmap for the time being. C10S is still too broken. I just want an one-time fix for now, plus enable it in TF (which we can ignore), as we got asked to do a first release to C10.

martinpitt commented 2 months ago

first run shows quite a few known naughties, sent https://github.com/cockpit-project/bots/pull/6413

martinpitt commented 2 months ago

One remaining failure. Reproduces fine locally. This smells like a polkit message?

But it's actually related to SELinux - it passes with setenforce 0. Most likely one of these, I bet on the last one:

audit[18923]: AVC avc:  denied  { search } for  pid=18923 comm="rpc-virtproxyd" name="6928" dev="proc" ino=135827 scontext=system_u:system_r:virtproxyd_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=dir permissive=0 
audit[18923]: SYSCALL arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=5568d4998380 a2=0 a3=0 items=0 ppid=1 pid=18923 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="rpc-virtproxyd" exe="/usr/sbin/virtproxyd" subj=system_u:system_r:virtproxyd_t:s0 key=(null) 
audit: PROCTITLE proctitle=2F7573722F7362696E2F7669727470726F787964002D2D74696D656F757400313230 
virtproxyd[18923]: internal error: Cannot find start time for pid 6928 
virtproxyd[18923]: End of file while reading data: Input/output error

Reproduces well with stopping virtqemud and opening the Machines page.

# systemctl stop virtqemud virtqemud{,-ro,-admin}.socket
# busctl call org.libvirt /org/libvirt/QEMU/domain org.libvirt.Domain GetHostname u 0
Call failed: internal error: Cannot find start time for pid 5017

https://github.com/cockpit-project/bots/pull/6415

martinpitt commented 2 months ago

There's also a (different!) failure on TF -- surprisingly, the HTML dump does offer "iscsi-direct", which doesn't seem to be the case on our image? Todo..

martinpitt commented 2 months ago

TestMultiMachineVNC reproduces locally. The machine is dead, you can't even login on the VT console (let alone cockpit or ssh).

When following the console interactively, I see hundreds of setroubleshoot processes and qemu-kvm processes, and they eventually fill up CPU and RAM and cause the machine to crash:

%Cpu(s): 48.8 us,  1.7 sy, 48.8 ni,  0.0 id,  0.0 wa,  0.7 hi,  0.0 si,  0.0 st 
MiB Mem : 98.2/599.7
MiB Swap:  0.0/0.0

    PID USER      PR  NI    VIRT    RES    SHR S  %CPU  %MEM     TIME+ COMMAND                                                                                                
   3163 qemu      20   0  903436 208000   4060 S  50.2  33.9   0:06.38 qemu-kvm                                                                                               
   3100 setroub+  25   5  610800  83388   7428 S  47.5  13.6   0:07.26 setroubleshootd

This happens even with setenforce 0, as setroubleshoot still runs.