Bug 1262959
| Summary: | virt-builder/virt-customize set password does not work | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Darius Clark <darius.clark> | ||||||
| Component: | libguestfs | Assignee: | Richard W.M. Jones <rjones> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> | ||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | unspecified | ||||||||
| Version: | 7.1 | CC: | darius.clark, leiwang, linl, ptoscano, rjones, wshi, xchen | ||||||
| Target Milestone: | rc | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | x86_64 | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | libguestfs-1.28.1-1.55.el7 | Doc Type: | Bug Fix | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2016-11-03 17:55:08 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 1288337, 1301891 | ||||||||
| Attachments: |
|
||||||||
Which version of Augeas is installed on the host? Might be bug 1145249. I am using what is provided in the repo which is 1.1.0.17.el7, but wouldnt it still work regardless since 1.28 works as well? The problem is these two lines in the trace: libguestfs: trace: aug_ls "/files/etc/shadow" ... libguestfs: trace: aug_ls = [] corresponding to this code: https://github.com/libguestfs/libguestfs/blob/1b4c1d74d36c942417ea946a561a1964b20a1191/customize/password.ml#L91-L117 As either /etc/shadow is really empty, or the Augeas shadow lens cannot read anything from the file, no passwords get changed. Suggest you look at the contents of /etc/shadow before & after the virt-customize command to see if it is empty before (or after) and if anything changed in the file. If /etc/shadow is not empty, then it must be a problem with Augeas, although I don't know exactly what. You can try aug-init and aug-ls commands from within guestfish. It is not empty (which is how I know nothing is being changed because the content remains the same). I have ran those in guestfish but aug-ls doesnt show anything. ><fs> aug-init / 0 ><fs> aug-ls /files/etc/shadow ><fs> aug-ls /etc/shadow ><fs> aug-close ><fs> aug-init / 1 ><fs> aug-ls /etc/shadow ><fs> aug-ls /files/etc/shadow ><fs> aug-close I dont really see much that could've changed between 1.28 and 1.30 that couldve broken this. Created attachment 1075242 [details]
Log of guestfish
aug-ls /files/etc/shadow should show something. If it doesn't that's an augeas problem of some sort. It turns out that augeas has been rebased in RHEL 7.2. I uploaded the new version to https://people.redhat.com/~rjones/libguestfs-RHEL-7.2-preview/ so see if that makes a difference. Ill update and let you know if it does I can confirm that guestfish now sees /files/etc/shadow and it is also providing the password to the file. Works for me with:
libguestfs-1.28.1-1.55.el7.x86_64
augeas-libs-1.4.0-2.el7.x86_64
$ virt-builder ubuntu-14.04
$ guestfish -a ubuntu-14.04.img -i --ro
Welcome to guestfish, the guest filesystem shell for
editing virtual machine filesystems and disk images.
Type: 'help' for help on commands
'man' to read the manual
'quit' to quit the shell
Operating system: Ubuntu 14.04 LTS
/dev/sda1 mounted on /
><fs> aug-init / 0
><fs> aug-ls /files/etc/shadow
/files/etc/shadow/backup
/files/etc/shadow/bin
/files/etc/shadow/builder
/files/etc/shadow/daemon
/files/etc/shadow/games
/files/etc/shadow/gnats
/files/etc/shadow/irc
/files/etc/shadow/libuuid
/files/etc/shadow/list
/files/etc/shadow/lp
/files/etc/shadow/mail
/files/etc/shadow/man
/files/etc/shadow/messagebus
/files/etc/shadow/news
/files/etc/shadow/nobody
/files/etc/shadow/proxy
/files/etc/shadow/root
/files/etc/shadow/sshd
/files/etc/shadow/sync
/files/etc/shadow/sys
/files/etc/shadow/syslog
/files/etc/shadow/uucp
/files/etc/shadow/www-data
I believe this bug is now fixed. I'm leaving it open so QA can check in the RHEL 7.3 timeframe. Verified with the packages:
libguestfs-1.28.1-1.55.el7.x86_64
augeas-1.4.0-2.el7.x86_64
Verify steps:
# guestfish -a RHEL-Server-6.7-64-hvm.raw -i
><fs> aug-init / 1
><fs> aug-ls /files/etc/shadow
/files/etc/shadow/abrt
/files/etc/shadow/adm
/files/etc/shadow/avahi-autoipd
/files/etc/shadow/bin
/files/etc/shadow/daemon
/files/etc/shadow/dbus
/files/etc/shadow/ftp
/files/etc/shadow/games
/files/etc/shadow/gopher
/files/etc/shadow/haldaemon
/files/etc/shadow/halt
/files/etc/shadow/lp
/files/etc/shadow/mail
/files/etc/shadow/nobody
/files/etc/shadow/ntp
/files/etc/shadow/operator
/files/etc/shadow/postfix
/files/etc/shadow/root
/files/etc/shadow/saslauth
/files/etc/shadow/shutdown
/files/etc/shadow/sshd
/files/etc/shadow/sync
/files/etc/shadow/tcpdump
/files/etc/shadow/uucp
/files/etc/shadow/vcsa
So verified.
In RHEL7.3 with the packages:
libguestfs-1.32.5-6.el7.x86_64
Verify steps:
# guestfish -a RHEL-Server-7.2-64-hvm.raw -i
><fs> aug-init / 1
><fs> aug-ls /files/etc/shadow
/files/etc/shadow/abrt
/files/etc/shadow/adm
/files/etc/shadow/avahi-autoipd
/files/etc/shadow/bin
/files/etc/shadow/chrony
/files/etc/shadow/daemon
/files/etc/shadow/dbus
/files/etc/shadow/ftp
/files/etc/shadow/games
/files/etc/shadow/halt
/files/etc/shadow/libstoragemgmt
/files/etc/shadow/lp
/files/etc/shadow/mail
/files/etc/shadow/nfsnobody
/files/etc/shadow/nobody
/files/etc/shadow/ntp
/files/etc/shadow/operator
/files/etc/shadow/oprofile
/files/etc/shadow/pcp
/files/etc/shadow/polkitd
/files/etc/shadow/postfix
/files/etc/shadow/qemu
/files/etc/shadow/radvd
/files/etc/shadow/root
/files/etc/shadow/rpc
/files/etc/shadow/rpcuser
/files/etc/shadow/saslauth
/files/etc/shadow/shutdown
/files/etc/shadow/sshd
/files/etc/shadow/sssd
/files/etc/shadow/sync
/files/etc/shadow/systemd-bus-proxy
/files/etc/shadow/systemd-network
/files/etc/shadow/tcpdump
/files/etc/shadow/tss
/files/etc/shadow/unbound
/files/etc/shadow/usbmuxd
Also works good.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2016-2576.html |
Created attachment 1073392 [details] Provided log showing what is going on with virt-customize when trying to set a root password. Description of problem: When using virt-builder or virt-customize to set a password to any user, including root, it does not set a password, but not does give a error or a clear answer to why it does not touch/edit /etc/shadow. Version-Release number of selected component (if applicable): 1.30.2 How reproducible: 100% Steps to Reproduce: 1. run "virt-cat -a /path/to/image /etc/shadow" and note of the data it provides (including hash of the root user or any other user if youre changing those passwords) 2. run "virt-customize -a /path/to/image --root-password password:newpassword1" 3. run the first command and you will see the hash have not changed. Actual results: See attachment Additional info: I have tested 1.28 and have not had this issue but however on 1.30 this problem occurs. I am unsure about 1.29 or 1.31.