search

quattor / configuration-modules-core

Node Configuration Manager Components for Everyone
www.quattor.org
Other
7 stars 56 forks source link

ncm-ssh: Invalid configuration file: /dev/stdin #1074

Open nowack73 opened 7 years ago

nowack73 commented 7 years ago

Running ncm-ssh (version 17.2) on SL7.3 in a non-interactive mode (i.e. started by ncm-cdispd) results in an error:

2017/03/15-13:54:52 -----------------------------------------------------------
2017/03/15-13:54:52 [ERROR] Invalid configuration file: /dev/stdin: Permission denied

2017/03/15-13:54:52 [INFO] configure on component ssh executed, 1 errors, 0 warnings

If I run ncm-ncd --configure ssh interactively in shell, ncm-ssh succeeds:

2017/03/15-13:56:59 -----------------------------------------------------------
2017/03/15-13:56:59 [INFO] configure on component ssh executed, 0 errors, 0 warnings
jrha commented 7 years ago

I believe this is related to which selinux context the component runs in (we also see this error).

nowack73 commented 7 years ago

Thanks, for the hint. I set AII_OSINSTALL_SELINUX to 'disabled', but somehow selinux has been installed. With SL6, this was never a problem, but it seems to be a problem with SL7.

nowack73 commented 7 years ago

Does this mean that ncm-ssh is not compatible with selinux?

jrha commented 7 years ago

I hope not, I've been looking at this problem today as well (although mostly by trying to ensure selinux is disabled), but we do have use cases that require selinux.

stdweird commented 7 years ago

@nowack73 is there a -selinux in the kickstart file? AII_OSINSTALL_SELINUX disabled should not even install selinux (unless something else pulls it in).

nowack73 commented 7 years ago

Yes, the kickstart file contains:

selinux --disabled

and

%packages --ignoremissing
-selinux*

But in the ks-post-install phase, some dependencies seem to require selinux-policy and that creates a default /etc/selinux/config with SELINUX=enforcing.