Bug 2113881
| Summary: | Failed to restart insights-client-results.service due to No GPG-verified eggs can be found | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | Frank Liang <xiliang> |
| Component: | insights-client | Assignee: | Alba Hita <ahitacat> |
| Status: | CLOSED DUPLICATE | QA Contact: | mabezerr |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 9.0 | CC: | cmarinea, fjansen, gchamoul, libhe, linl, mabezerr, miabbott, qzhang, stomsa, vkuznets, ymao, yuxisun |
| Target Milestone: | rc | Keywords: | Triaged |
| Target Release: | --- | Flags: | pm-rhel:
mirror+
|
| Hardware: | aarch64 | ||
| OS: | Linux | ||
| Whiteboard: | SCRUB_20220804 | ||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-08-31 14:59:56 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This might be related to SELinux; I saw the same failure and looked for SELinux denials:
```
$ sudo ausearch -m avc
...
time->Wed Aug 3 12:54:26 2022
type=PROCTITLE msg=audit(1659545666.063:270): proctitle=2F7573722F62696E2F677067002D2D766572696679002D2D6B657972696E67002F6574632F696E7369676874732D636C69656E742F726564686174746F6F6C732E7075622E677067002F6574632F696E7369676874732D636C69656E742F72706D2E6567672E617363002F6574632F696E7369676874732D636C69656E742F72
type=SYSCALL msg=audit(1659545666.063:270): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=56378cb4f100 a2=0 a3=0 items=0 ppid=3864 pid=3868 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:insights_client_t:s0 key=(null)
type=AVC msg=audit(1659545666.063:270): avc: denied { read } for pid=3868 comm="gpg" name="pubring.kbx" dev="vda4" ino=33614261 scontext=system_u:system_r:insights_client_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
----
time->Wed Aug 3 12:54:26 2022
type=PROCTITLE msg=audit(1659545666.063:271): proctitle=2F7573722F62696E2F677067002D2D766572696679002D2D6B657972696E67002F6574632F696E7369676874732D636C69656E742F726564686174746F6F6C732E7075622E677067002F6574632F696E7369676874732D636C69656E742F72706D2E6567672E617363002F6574632F696E7369676874732D636C69656E742F72
type=SYSCALL msg=audit(1659545666.063:271): arch=c000003e syscall=21 success=no exit=-13 a0=56378cb4f100 a1=4 a2=1 a3=0 items=0 ppid=3864 pid=3868 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:insights_client_t:s0 key=(null)
type=AVC msg=audit(1659545666.063:271): avc: denied { read } for pid=3868 comm="gpg" name="pubring.kbx" dev="vda4" ino=33614261 scontext=system_u:system_r:insights_client_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
----
time->Wed Aug 3 12:54:26 2022
type=PROCTITLE msg=audit(1659545666.076:272): proctitle=2F7573722F62696E2F677067002D2D766572696679002D2D6B657972696E67002F6574632F696E7369676874732D636C69656E742F726564686174746F6F6C732E7075622E677067002F6574632F696E7369676874732D636C69656E742F72706D2E6567672E617363002F6574632F696E7369676874732D636C69656E742F72
type=SYSCALL msg=audit(1659545666.076:272): arch=c000003e syscall=262 success=no exit=-13 a0=ffffff9c a1=56378cb78c60 a2=7ffee3e64210 a3=0 items=0 ppid=3864 pid=3868 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:insights_client_t:s0 key=(null)
type=AVC msg=audit(1659545666.076:272): avc: denied { getattr } for pid=3868 comm="gpg" path="/var/roothome/.gnupg/trustdb.gpg" dev="vda4" ino=33614263 scontext=system_u:system_r:insights_client_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
----
time->Wed Aug 3 12:54:26 2022
type=PROCTITLE msg=audit(1659545666.076:273): proctitle=2F7573722F62696E2F677067002D2D766572696679002D2D6B657972696E67002F6574632F696E7369676874732D636C69656E742F726564686174746F6F6C732E7075622E677067002F6574632F696E7369676874732D636C69656E742F72706D2E6567672E617363002F6574632F696E7369676874732D636C69656E742F72
type=SYSCALL msg=audit(1659545666.076:273): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=56378cb79830 a2=c1 a3=1a4 items=0 ppid=3864 pid=3868 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:insights_client_t:s0 key=(null)
type=AVC msg=audit(1659545666.076:273): avc: denied { write } for pid=3868 comm="gpg" name=".gnupg" dev="vda4" ino=33614259 scontext=system_u:system_r:insights_client_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir permissive=0
```
If so, this might be a duplicate of BZ#2077777
Thanks, Micah
You are correct, seems it is a dup.
[root@ip-10-116-2-121 rhsm]# systemctl status insights-client-results.service
× insights-client-results.service - Check for insights from Red Hat Cloud Services
Loaded: loaded (/usr/lib/systemd/system/insights-client-results.service; static)
Active: failed (Result: exit-code) since Thu 2022-08-04 01:27:32 UTC; 51min ago
TriggeredBy: ● insights-client-results.path
Docs: man:insights-client(8)
Process: 2496 ExecStart=/usr/bin/insights-client --check-results (code=exited, status=1/FAILURE)
Main PID: 2496 (code=exited, status=1/FAILURE)
CPU: 59ms
Aug 04 01:27:32 ip-10-116-2-121.us-west-2.compute.internal systemd[1]: Starting Check for insights from Red Hat Cloud Services...
Aug 04 01:27:32 ip-10-116-2-121.us-west-2.compute.internal insights-client[2496]: No GPG-verified eggs can be found
Aug 04 01:27:32 ip-10-116-2-121.us-west-2.compute.internal systemd[1]: insights-client-results.service: Main process exited, code=exited, status=1/F>
Aug 04 01:27:32 ip-10-116-2-121.us-west-2.compute.internal systemd[1]: insights-client-results.service: Failed with result 'exit-code'.
Aug 04 01:27:32 ip-10-116-2-121.us-west-2.compute.internal systemd[1]: Failed to start Check for insights from Red Hat Cloud Services.
[root@ip-10-116-2-121 rhsm]# ausearch -m avc
----
time->Thu Aug 4 01:27:32 2022
type=PROCTITLE msg=audit(1659576452.405:208): proctitle=2F7573722F62696E2F677067002D2D766572696679002D2D6B657972696E67002F6574632F696E7369676874732D636C69656E742F726564686174746F6F6C732E7075622E677067002F6574632F696E7369676874732D636C69656E742F72706D2E6567672E617363002F6574632F696E7369676874732D636C69656E742F72
type=SYSCALL msg=audit(1659576452.405:208): arch=c00000b7 syscall=56 success=no exit=-13 a0=ffffffffffffff9c a1=aaaaffec9a90 a2=0 a3=0 items=0 ppid=2496 pid=2497 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:insights_client_t:s0 key=(null)
type=AVC msg=audit(1659576452.405:208): avc: denied { read } for pid=2497 comm="gpg" name="pubring.kbx" dev="nvme0n1p3" ino=616581 scontext=system_u:system_r:insights_client_t:s0 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file permissive=0
----
time->Thu Aug 4 01:27:32 2022
type=PROCTITLE msg=audit(1659576452.405:209): proctitle=2F7573722F62696E2F677067002D2D766572696679002D2D6B657972696E67002F6574632F696E7369676874732D636C69656E742F726564686174746F6F6C732E7075622E677067002F6574632F696E7369676874732D636C69656E742F72706D2E6567672E617363002F6574632F696E7369676874732D636C69656E742F72
type=SYSCALL msg=audit(1659576452.405:209): arch=c00000b7 syscall=48 success=no exit=-13 a0=ffffffffffffff9c a1=aaaaffec9a90 a2=4 a3=ffffa2d10b28 items=0 ppid=2496 pid=2497 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gpg" exe="/usr/bin/gpg" subj=system_u:system_r:insights_client_t:s0 key=(null)
type=AVC msg=audit(1659576452.405:209): avc: denied { read } for pid=2497 comm="gpg" name="pubring.kbx" dev="nvme0n1p3" ino=616581 scontext=system_u:system_r:insights_client_t:s0 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file permissive=0
*** This bug has been marked as a duplicate of bug 2077777 *** |
Description of problem: After registered insights-client successfully, it can check and show insights result normally, but found below fail when restart insights-client-results.service. [root@ip-10-116-2-151 rhsm]# insights-client --check-results [root@ip-10-116-2-151 rhsm]# insights-client --show-results [] [root@ip-10-116-2-151 rhsm]# uname -r 5.14.0-70.17.1.el9_0.aarch64 [root@ip-10-116-2-151 rhsm]# rpm -q insights-client insights-client-3.1.7-6.el9_0.noarch # systemctl status insights-client-results.service × insights-client-results.service - Check for insights from Red Hat Cloud Services Loaded: loaded (/usr/lib/systemd/system/insights-client-results.service; static) Active: failed (Result: exit-code) since Tue 2022-08-02 07:08:01 UTC; 1h 27min ago TriggeredBy: ● insights-client-results.path Docs: man:insights-client(8) Process: 1356 ExecStart=/usr/bin/insights-client --check-results (code=exited, status=1/FAILURE) Main PID: 1356 (code=exited, status=1/FAILURE) CPU: 72ms Aug 02 07:08:01 ip-10-116-2-151.us-west-2.compute.internal systemd[1]: Starting Check for insights from Red Hat Cloud Services... Aug 02 07:08:01 ip-10-116-2-151.us-west-2.compute.internal insights-client[1356]: No GPG-verified eggs can be found Aug 02 07:08:01 ip-10-116-2-151.us-west-2.compute.internal systemd[1]: insights-client-results.service: Main process exited, code=exited, status=1/FAILURE Aug 02 07:08:01 ip-10-116-2-151.us-west-2.compute.internal systemd[1]: insights-client-results.service: Failed with result 'exit-code'. Aug 02 07:08:01 ip-10-116-2-151.us-west-2.compute.internal systemd[1]: Failed to start Check for insights from Red Hat Cloud Services. [root@ip-10-116-2-151 rhsm]# insights-client --status System is registered locally via .registered file. Registered at 2022-08-02T06:44:43.455543 Insights API confirms registration. # subscription-manager status +-------------------------------------------+ System Status Details +-------------------------------------------+ Overall Status: Disabled Content Access Mode is set to Simple Content Access. This host has access to content, regardless of subscription status. System Purpose Status: Disabled RHEL Version: RHEL-9.0(5.14.0-70.17.1.el9_0) How reproducible: 100% Steps to Reproduce: 1. Boot RHEL-8.6 or RHEL-9.0 instance 2. Wait for rhsm auto registered 3. resister insights-client # insights-client --register # systemctl restart insights-client-results.service # systemctl status insights-client-results.service Actual results: insights-client-results.service failed Expected results: Below is RHEL-8.5 result: [root@ip-10-116-2-112 rhsm]# rpm -q insights-client insights-client-3.1.7-1.el8_5.noarch [root@ip-10-116-2-112 rhsm]# systemctl restart insights-client-results.service [root@ip-10-116-2-112 rhsm]# systemctl status insights-client-results.service ● insights-client-results.service - Check for insights from Red Hat Cloud Services Loaded: loaded (/usr/lib/systemd/system/insights-client-results.service; static; vendor preset: disabled) Active: inactive (dead) since Tue 2022-08-02 08:43:56 UTC; 3s ago Docs: man:insights-client(8) Process: 3033 ExecStart=/usr/bin/insights-client --check-results (code=exited, status=0/SUCCESS) Main PID: 3033 (code=exited, status=0/SUCCESS) Aug 02 08:43:52 ip-10-116-2-112.us-west-2.compute.internal systemd[1]: Starting Check for insights from Red Hat Cloud Services... Aug 02 08:43:56 ip-10-116-2-112.us-west-2.compute.internal systemd[1]: insights-client-results.service: Succeeded. Aug 02 08:43:56 ip-10-116-2-112.us-west-2.compute.internal systemd[1]: Started Check for insights from Red Hat Cloud Services. Additional info: - Same fail in RHEL-8.6 - No such fail in RHEL-8.5