search

fedora-iot / zezere

Zezere is a provisioning service for Fedora IoT. It can be used for deploying Fedora IoT to devices without needing a physical console.
MIT License
58 stars 33 forks source link

`zezere_ignition` spamming the journal with audit messages #137

Open miabbott opened 8 months ago

miabbott commented 8 months ago

Describe the bug After the install of Fedora IoT 39 and successful onboarding with Zezere, the journal (and console) have the same log message from zezere_ignition every 1-2 minutes.

Oct 27 10:58:06 localhost.localdomain systemd[1]: Starting zezere_ignition.service - Run Ignition for Zezere...
Oct 27 10:58:06 localhost.localdomain systemd[1]: zezere_ignition.service: Deactivated successfully.
Oct 27 10:58:06 localhost.localdomain systemd[1]: Finished zezere_ignition.service - Run Ignition for Zezere.
Oct 27 10:58:06 localhost.localdomain audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=zezere_ignition comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Oct 27 10:58:06 localhost.localdomain kernel: audit: type=1130 audit(1698418686.447:307): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=zezere_ignition comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Oct 27 10:58:06 localhost.localdomain kernel: audit: type=1131 audit(1698418686.447:308): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=zezere_ignition comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Oct 27 10:58:06 localhost.localdomain audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=zezere_ignition comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

To Reproduce

  1. Install Fedora IoT 39
  2. Onboard with zezere
  3. Observe the journal

Expected behavior Less chatty messages from zezere

OS version:

$ rpm-ostree status -b
State: idle
BootedDeployment:
● fedora-iot:fedora/devel/x86_64/iot
                  Version: 39.20231026.0 (2023-10-26T12:27:40Z)
                   Commit: 0599c27fe88ed2aaeb8144c7b604aaa69e31a94cbc384c894e29b27a077bdb6a
             GPGSignature: Valid signature by E8F23996F23218640CB44CBE75CF5AC418B8E74C

Additional context

It looks like zezere_ignition.timer is configured to fire every 1 minute...these seems aggressive. Can we tune this?

$ systemctl cat zezere_ignition.timer 
# /usr/lib/systemd/system/zezere_ignition.timer
[Unit]
Description=Trigger Ignition for Zezere until it finishes

[Timer]
OnActiveSec=10sec
OnUnitActiveSec=1min

[Install]
WantedBy=timers.target

More broadly, do we need to keep checking provision.fedoraproject.org for new configs? I assumed the zezere step was a one-time thing.

nullr0ute commented 8 months ago

I suspect it should be a one time or first boot or similar service. Also should this bug be moved to the zezere repo?