Bug 1639203

Summary: pam_systemd generates 'Failed to connect to system bus: No such file or directory' in containers which run su
Product: Red Hat OpenStack Reporter: Keigo Noha <knoha>
Component: openstack-tripleo-heat-templatesAssignee: Michele Baldessari <michele>
Status: CLOSED ERRATA QA Contact: pkomarov
Severity: medium Docs Contact:
Priority: medium    
Version: 13.0 (Queens)CC: amcleod, emacchi, joflynn, mburns, michele, pveiga, rmeillon
Target Milestone: z5Keywords: Triaged, ZStream
Target Release: 13.0 (Queens)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-tripleo-heat-templates-8.0.7-27.el7ost puppet-tripleo-8.3.6-9.el7ost Doc Type: Bug Fix
Doc Text:
Previously, the rabbitmq pacemaker bundle logged excessively during normal operation. With this update, the rabbitmq bundle no longer logs excessively. In particular, the rabbitmq bundle does not log the harmless error `Failed to connect to system bus: No such file or directory`.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-03-14 13:54:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Keigo Noha 2018-10-15 09:43:54 UTC 
Description of problem:
pam_systemd generates 'Failed to connect to system bus: No such file or directory' in containers which run su

~~~
su:pam_systemd(su:session): Failed to connect to system bus: No such file or 
directory
~~~

This behavior causes too many logs into /var/log/secure of the nodes.
It makes /var/log/secure hard to read.

Version-Release number of selected component (if applicable):
Current RHOSP13.

How reproducible:
Always

Steps to Reproduce:
1. Deploy Overcloud in RHOSP13.
2. Check overcloud node's /var/log/secure.
3.

Actual results:
The process inside containers which run su command generates the pam_systemd error.

Expected results:
The error messages aren't written to /var/log/secure in overcloud nodes.

Additional info:
pam_systemd is optional in su file of PAM. It requires to communicate system bug(dbus). However container doesn't mount host's /var/run/dbus directory to it.
In container, as far as I check, we don't use systemctl command to launch services.
So, I think we have 2 options.
1. Mount /var/run/dbus directory to avoid the error log by T-H-T.
2. Modify su file to not include pam_systemd in container image by openstack-container component.


At first,
Comment 1 Keigo Noha 2018-10-15 09:44:37 UTC 
Sorry, I posted the unfinished description. 
At first, I'd like to hear T-H-T side's opinion
Comment 8 Keigo Noha 2018-12-13 08:16:38 UTC 
Hello Michele,

Thank you for your work on this bugzilla.
If I understand proposed patches correctly, upstream gerrit doesn't handle the message, 'su:pam_systemd(su:session): Failed to connect to system bus: No such file or directory'.
If you have any room to take look into it, could you check it and proceed the work?

Best Regards,
Keigo Noha
Comment 9 Michele Baldessari 2018-12-13 09:12:10 UTC 
That is not what I wrote in the upstream bug. I now updated it.
Comment 10 Keigo Noha 2018-12-25 00:18:58 UTC 
Hello Michele,

Thank you for your work on this bugzilla.

In upstream, the gerrit focuses on rabbitmq side. However, the same su error messages are shown in cron container or other su operation included container.

Is it possible to make the modification for rabbitmq as default for all containers?

Best Regards,
Keigo Noha
Comment 11 Michele Baldessari 2019-01-09 10:35:25 UTC 
(In reply to Keigo Noha from comment #10)
> Hello Michele,
> 
> Thank you for your work on this bugzilla.
> 
> In upstream, the gerrit focuses on rabbitmq side. However, the same su error
> messages are shown in cron container or other su operation included
> container.
> 
> Is it possible to make the modification for rabbitmq as default for all
> containers?

Hi Keigo,

do you have some examples about this I can look at?
I did a quick grep on my osp13 env and did not see anything relevant

thanks,
Michele
Comment 12 Keigo Noha 2019-01-15 01:02:08 UTC 
Hi Michele,

Thank you for your update on this bugzilla.
I checked my environment again and I found that rabbitmq container is the only affected contain by this issue.
Initially, I thought crond was affected. However the crond's message was generated at host side, not in container side.
I apologize to it. So, we need to  fix this issue in rabbitmq side only.

Best Regards,
Keigo Noha
Comment 33 errata-xmlrpc 2019-03-14 13:54:52 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0448