Bug 220124

Summary: LSPP: Cannot log into the system after a kickstart install
Product: Red Hat Enterprise Linux 5 Reporter: Kylene J Hall <kylene>
Component: basesystemAssignee: Phil Knirsch <pknirsch>
Status: CLOSED NOTABUG QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: 5.0CC: iboverma, kweidner, linda.knippers, rvokal, sgrubb
Target Milestone: ---   
Target Release: ---   
Hardware: s390x   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-12-19 19:38:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Kickstart used to create the issue. none

Description Kylene J Hall 2006-12-19 00:21:21 UTC 
Description of problem:
Unable to login to the system after installing with Klaus's lspp kickstart file.
 The error is (via the x3270 console): 
Cannot make/remove an entry for the specified session 
Via ssh it just looks like you are entering the wrong password as you are
prompted 3 times and then the session terminates.
I have tried the install 3 times with the same result each time.

Version-Release number of selected component (if applicable):
The attempted install is of snapshot 3 from 12/7

How reproducible:
Everytime I install.  Attempted install as root and as a user.

Steps to Reproduce:
1. Install with attached kickstart
2. Attempt to login to the system after reboot
  
Actual results:
Login denied with the following msg:
Cannot make/remove an entry for the specified session  

Expected results:
Able to login to the system.

Additional info:
The last time I installed I double checked in another window that the issue
wasn't a full disk.  Here were the results just before rebooting:
sh-3.1# df -h
Filesystem                Size      Used Available Use% Mounted on
none                    249.7M      4.0k    249.7M   0% /dev
/tmp/loop0               37.6M     37.6M         0 100% /mnt/runtime
/dev/VolGroup01/LvRoot      1.8G      1.1G    580.9M  66% /mnt/sysimage

Also I reset the audit policy so that all full disk actions, etc are ignored
(since I am working with very limited space):
num_logs = 4
dispatcher = /sbin/audispd
DISP_qos = lossy
max_log_file = 8
max_log_file_action = KEEP_LOGS
space_left = 75
space_left_action = IGNORE
action_mail_acct = root
admin_space_left = 50

# Configure how the system will treat disk space exhaustion.
# The action "SUSPEND" discards audit records if space is exhausted.
# The fail-safe setting is to switch to single-user mode.

#admin_space_left_action = SUSPEND
admin_space_left_action = IGNORE

#disk_full_action = SUSPEND
disk_full_action = IGNORE

#disk_error_action = SUSPEND
disk_error_action = IGNORE
Comment 1 Kylene J Hall 2006-12-19 00:21:21 UTC 
Created attachment 143969 [details]
Kickstart used to create the issue.
Comment 2 Kylene J Hall 2006-12-19 02:37:15 UTC 
FYI: I tried an install again with Klaus's latest release of the lspp rpm.  This
time I noticed that the kickstart attempts to make sure that the service
irqbalance will be running in runlevel 3 however no such service exists.  On
other platforms this is a part of the irqbalance package which does not exist
for this build of s390x I don't know if that is intentional or not, and if not
intentional if it could be affecting this but thought I would add the information.
Comment 3 Kylene J Hall 2006-12-19 02:39:17 UTC 
Requested info from Klaus: this affects both console (x3270) and ssh login.  I
cannot post the contents of any avc messages or logs because I have no way to
log into the machine at all.
Comment 4 Kylene J Hall 2006-12-19 04:38:01 UTC 
Sorry I forgot to mention, this also does not work with enforcing=0
Comment 5 Steve Grubb 2006-12-19 14:31:03 UTC 
You might need to start the machine in single user mode to get to the logs. We
need to see the logs to figure out the problem. To start in single user, when
the grub menu comes up, press "e" to edit, go to the kernel line and press "e"
again, add a "S" to the end of the line, press "enter", then type "b" to boot.
Comment 6 Klaus Weidner 2006-12-19 18:31:11 UTC 
Unfortunately the s390/Series Z machines use the "zipl" boot loader which (last
time I used it) did not support any mechanism at all to supply arguments at boot
time :-(

I've asked Kylie to edit /etc/selinux/config from a rescue Linux system, or in a
shell escape during the postinstall phase of the installation, and to try
removing polyinstantiation and the require_auditd"loginuid option in the
/etc/pam.d/* entries. Since she's out today, I'll see if I can access the machine.
Comment 7 Klaus Weidner 2006-12-19 19:22:55 UTC 
I found the problem, the system had pam-0.99.6.2-3.5.el5 installed (from the
latest RHEL5 snapshot), but the current kickstart script requires a newer PAM
library that supports the "level" keyword in /etc/security/namespace.conf. (This
is documented as a prerequisite for the ks script.)

From /var/log/secure :
Dec 19 13:03:36 rheal3a login: pam_namespace(login:session): Parsing config file
/etc/security/namespace.conf  
Dec 19 13:03:36 rheal3a login: pam_namespace(login:session): Illegal method  
Dec 19 13:03:36 rheal3a login: pam_namespace(login:session): Error processing
conf file line /tmp  
Dec 19 13:03:36 rheal3a login: Cannot make/remove an entry for the specified
session  

Please close the bug, the login failure was due to the incompatible packages.
Comment 8 Steve Grubb 2006-12-19 19:38:34 UTC 
Closing bug as requested.