Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1214458

Summary: incorrect directory permissions - pxe install
Product: [Community] Spacewalk Reporter: Stephen Herr <sherr>
Component: ServerAssignee: Stephen Herr <sherr>
Status: CLOSED CURRENTRELEASE QA Contact: Red Hat Satellite QA List <satqe-list>
Severity: medium Docs Contact:
Priority: medium    
Version: 2.3CC: cperry, jbuchta, jdobes, satqe-list, sherr, tbily, tspeetje, xdmoon
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: cobbler20-2.0.11-44 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1052857 Environment:
Last Closed: 2015-10-08 13:27:09 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1052857    
Bug Blocks: 465198, 924189, 1267654    

Description Stephen Herr 2015-04-22 18:26:01 UTC 
+++ This bug was initially created as a clone of Bug #1052857 +++

Description of problem:
Sometimes the newly created systems can not load their kernel per tftp with the message "permission denied"

Jan 13 14:31:36 orbit01 dhcpd: DHCPREQUEST for 10.184.68.151 (10.152.52.249) from 00:50:56:97:71:0c via 10.184.69.252
Jan 13 14:31:36 orbit01 dhcpd: DHCPACK on 10.184.68.151 to 00:50:56:97:71:0c via 10.184.69.252
Jan 13 14:31:36 orbit01 dhcpd: DHCPREQUEST for 10.184.68.151 (10.152.52.249) from 00:50:56:97:71:0c via 10.184.69.253
Jan 13 14:31:36 orbit01 dhcpd: DHCPACK on 10.184.68.151 to 00:50:56:97:71:0c via 10.184.69.253
Jan 13 14:31:36 orbit01 in.tftpd[12763]: RRQ from 10.184.68.151 filename pxelinux.0
Jan 13 14:31:36 orbit01 in.tftpd[12763]: tftp: client does not accept options
Jan 13 14:31:36 orbit01 in.tftpd[12764]: RRQ from 10.184.68.151 filename pxelinux.0
Jan 13 14:31:36 orbit01 in.tftpd[12765]: RRQ from 10.184.68.151 filename pxelinux.cfg/4217c312-d61f-ec64-6da2-ab6e8407b696
Jan 13 14:31:36 orbit01 in.tftpd[12765]: sending NAK (1, File not found) to 10.184.68.151
Jan 13 14:31:36 orbit01 in.tftpd[12766]: RRQ from 10.184.68.151 filename pxelinux.cfg/01-00-50-56-97-71-0c
Jan 13 14:31:36 orbit01 in.tftpd[12767]: RRQ from 10.184.68.151 filename /images/ks-rhel-x86_64-server-6-64/vmlinuz
Jan 13 14:31:36 orbit01 in.tftpd[12767]: sending NAK (0, Permission denied) to 10.184.68.151
Jan 13 14:31:36 orbit01 in.tftpd[12768]: RRQ from 10.184.68.151 filename /images/ks-rhel-x86_64-server-6-64/vmlinuz.cbt
Jan 13 14:31:36 orbit01 in.tftpd[12768]: sending NAK (0, Permission denied) to 10.184.68.151
Jan 13 14:31:36 orbit01 in.tftpd[12769]: RRQ from 10.184.68.151 filename /images/ks-rhel-x86_64-server-6-64/vmlinuz.0
Jan 13 14:31:36 orbit01 in.tftpd[12769]: sending NAK (0, Permission denied) to 10.184.68.151
...

no more installation will work until the cobbler is restarted manually. 



Version-Release number of selected component (if applicable):
cobbler-2.0.7-26.1.el6sat.noarch

How reproducible:


Steps to Reproduce:
see additional info

Actual results:
incorrect permissions on directory leading to permission denied to pxe boot machine

Expected results:
machine boots from pxe correctly

Additional info:

the permissions of directories with strange permissions: "d-w---x---"



Cedric Parent from RedHat was onsite and probably found the cause of this error:

>> Concerning the issue with cobbler we had yesterday, this is (I think)
>> where the problem come from:
>>
>>      def last_modified_time(self):
>>          """
>>          Returns the time of the last modification to cobbler, made by any
>>          API instance, regardless of the serializer type.
>>          """
>>          if not os.path.exists("/var/lib/cobbler/.mtime"):
>>              old = os.umask(0x777)
>>              fd = open("/var/lib/cobbler/.mtime","w")
>>              fd.write("0")
>>              fd.close()
>>              os.umask(old)
>>              return 0
>>          fd = open("/var/lib/cobbler/.mtime")
>>          data = fd.read().strip()
>>          return float(data)
>>
>> If another thread is running while between the to umask call, we are
>> screwed.
>> The fix is not to use umask to change permission on the file like this:
>>
>>    fd = os.open("/var/lib/cobbler/.mtime", os.O_CREAT|os.O_RDWR, 0200)
>>
>> This has to be done in two places.
>>
>> Full fix here:
>> https://github.com/jimi-c/cobbler/commit/ba1fc849135955ea8659f57218c44e6745a42ba5
>>
>> Discussion about this issue:
>> https://www.mail-archive.com/cobbler-devel@lists.fedorahosted.org/msg01859.html
>>
Comment 1 Stephen Herr 2015-04-22 18:49:07 UTC 
Upstream cobbler issue:
https://github.com/cobbler/cobbler/issues/117

Spacewalk cobbler patched in master:
6b55c1f20f9b421ca9b256814c770cb6cc8285ca
Comment 2 Jan Dobes 2015-10-08 13:27:09 UTC 
Spacewalk 2.4 has been released.