Bug 1262959 - virt-builder/virt-customize set password does not work
virt-builder/virt-customize set password does not work
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libguestfs (Show other bugs)
7.1
x86_64 Linux
unspecified Severity medium
: rc
: ---
Assigned To: Richard W.M. Jones
Virtualization Bugs
:
Depends On:
Blocks: 1301891 1288337
  Show dependency treegraph
 
Reported: 2015-09-14 14:23 EDT by Darius Clark
Modified: 2016-11-03 13:55 EDT (History)
7 users (show)

See Also:
Fixed In Version: libguestfs-1.28.1-1.55.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-11-03 13:55:08 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Provided log showing what is going on with virt-customize when trying to set a root password. (64.11 KB, text/plain)
2015-09-14 14:23 EDT, Darius Clark
no flags Details
Log of guestfish (45.49 KB, text/plain)
2015-09-19 13:40 EDT, Darius Clark
no flags Details

  None (edit)
Description Darius Clark 2015-09-14 14:23:39 EDT
Created attachment 1073392 [details]
Provided log showing what is going on with virt-customize when trying to set a root password.

Description of problem: When using virt-builder or virt-customize to set a password to any user, including root, it does not set a password, but not does give a error or a clear answer to why it does not touch/edit /etc/shadow.


Version-Release number of selected component (if applicable): 1.30.2


How reproducible: 100%


Steps to Reproduce:
1. run "virt-cat -a /path/to/image /etc/shadow" and note of the data it provides (including hash of the root user or any other user if youre changing those passwords)
2. run "virt-customize -a /path/to/image --root-password password:newpassword1" 
3. run the first command and you will see the hash have not changed.

Actual results:

See attachment


Additional info: I have tested 1.28 and have not had this issue but however on 1.30 this problem occurs. I am unsure about 1.29 or 1.31.
Comment 2 Richard W.M. Jones 2015-09-19 12:31:38 EDT
Which version of Augeas is installed on the host?  Might be bug 1145249.
Comment 3 Darius Clark 2015-09-19 12:50:56 EDT
I am using what is provided in the repo which is 1.1.0.17.el7, but wouldnt it still work regardless since 1.28 works as well?
Comment 4 Richard W.M. Jones 2015-09-19 13:02:36 EDT
The problem is these two lines in the trace:

  libguestfs: trace: aug_ls "/files/etc/shadow"
  ...
  libguestfs: trace: aug_ls = []

corresponding to this code:

  https://github.com/libguestfs/libguestfs/blob/1b4c1d74d36c942417ea946a561a1964b20a1191/customize/password.ml#L91-L117

As either /etc/shadow is really empty, or the Augeas shadow lens
cannot read anything from the file, no passwords get changed.

Suggest you look at the contents of /etc/shadow before & after
the virt-customize command to see if it is empty before (or after)
and if anything changed in the file.

If /etc/shadow is not empty, then it must be a problem with Augeas,
although I don't know exactly what.  You can try aug-init and aug-ls
commands from within guestfish.
Comment 5 Darius Clark 2015-09-19 13:31:36 EDT
It is not empty (which is how I know nothing is being changed because the content remains the same). I have ran those in guestfish but aug-ls doesnt show anything. 

><fs> aug-init / 0
><fs> aug-ls /files/etc/shadow
><fs> aug-ls /etc/shadow
><fs> aug-close

><fs> aug-init / 1
><fs> aug-ls /etc/shadow
><fs> aug-ls /files/etc/shadow
><fs> aug-close

I dont really see much that could've changed between 1.28 and 1.30 that couldve broken this.
Comment 6 Darius Clark 2015-09-19 13:40:01 EDT
Created attachment 1075242 [details]
Log of guestfish
Comment 7 Richard W.M. Jones 2015-09-19 13:40:49 EDT
aug-ls /files/etc/shadow should show something.  If it doesn't
that's an augeas problem of some sort.

It turns out that augeas has been rebased in RHEL 7.2.  I uploaded
the new version to
https://people.redhat.com/~rjones/libguestfs-RHEL-7.2-preview/
so see if that makes a difference.
Comment 8 Darius Clark 2015-09-19 13:45:59 EDT
Ill update and let you know if it does
Comment 9 Darius Clark 2015-09-19 13:59:20 EDT
I can confirm that guestfish now sees /files/etc/shadow and it is also providing the password to the file.
Comment 10 Richard W.M. Jones 2015-09-19 15:29:02 EDT
Works for me with:
libguestfs-1.28.1-1.55.el7.x86_64
augeas-libs-1.4.0-2.el7.x86_64

$ virt-builder ubuntu-14.04

$ guestfish -a ubuntu-14.04.img -i --ro

Welcome to guestfish, the guest filesystem shell for
editing virtual machine filesystems and disk images.

Type: 'help' for help on commands
      'man' to read the manual
      'quit' to quit the shell

Operating system: Ubuntu 14.04 LTS
/dev/sda1 mounted on /

><fs> aug-init / 0
><fs> aug-ls /files/etc/shadow
/files/etc/shadow/backup
/files/etc/shadow/bin
/files/etc/shadow/builder
/files/etc/shadow/daemon
/files/etc/shadow/games
/files/etc/shadow/gnats
/files/etc/shadow/irc
/files/etc/shadow/libuuid
/files/etc/shadow/list
/files/etc/shadow/lp
/files/etc/shadow/mail
/files/etc/shadow/man
/files/etc/shadow/messagebus
/files/etc/shadow/news
/files/etc/shadow/nobody
/files/etc/shadow/proxy
/files/etc/shadow/root
/files/etc/shadow/sshd
/files/etc/shadow/sync
/files/etc/shadow/sys
/files/etc/shadow/syslog
/files/etc/shadow/uucp
/files/etc/shadow/www-data
Comment 11 Richard W.M. Jones 2015-09-23 10:24:43 EDT
I believe this bug is now fixed.  I'm leaving it open so QA can
check in the RHEL 7.3 timeframe.
Comment 12 Hu Zhang 2015-10-12 03:16:32 EDT
Verified with the packages:
libguestfs-1.28.1-1.55.el7.x86_64
augeas-1.4.0-2.el7.x86_64

Verify steps:
# guestfish -a RHEL-Server-6.7-64-hvm.raw -i
><fs> aug-init / 1
><fs> aug-ls /files/etc/shadow
/files/etc/shadow/abrt
/files/etc/shadow/adm
/files/etc/shadow/avahi-autoipd
/files/etc/shadow/bin
/files/etc/shadow/daemon
/files/etc/shadow/dbus
/files/etc/shadow/ftp
/files/etc/shadow/games
/files/etc/shadow/gopher
/files/etc/shadow/haldaemon
/files/etc/shadow/halt
/files/etc/shadow/lp
/files/etc/shadow/mail
/files/etc/shadow/nobody
/files/etc/shadow/ntp
/files/etc/shadow/operator
/files/etc/shadow/postfix
/files/etc/shadow/root
/files/etc/shadow/saslauth
/files/etc/shadow/shutdown
/files/etc/shadow/sshd
/files/etc/shadow/sync
/files/etc/shadow/tcpdump
/files/etc/shadow/uucp
/files/etc/shadow/vcsa

So verified.
Comment 13 Xianghua Chen 2016-06-27 10:50:23 EDT
In RHEL7.3 with the packages:
libguestfs-1.32.5-6.el7.x86_64

Verify steps:
# guestfish -a RHEL-Server-7.2-64-hvm.raw -i
><fs> aug-init / 1
><fs> aug-ls /files/etc/shadow
/files/etc/shadow/abrt
/files/etc/shadow/adm
/files/etc/shadow/avahi-autoipd
/files/etc/shadow/bin
/files/etc/shadow/chrony
/files/etc/shadow/daemon
/files/etc/shadow/dbus
/files/etc/shadow/ftp
/files/etc/shadow/games
/files/etc/shadow/halt
/files/etc/shadow/libstoragemgmt
/files/etc/shadow/lp
/files/etc/shadow/mail
/files/etc/shadow/nfsnobody
/files/etc/shadow/nobody
/files/etc/shadow/ntp
/files/etc/shadow/operator
/files/etc/shadow/oprofile
/files/etc/shadow/pcp
/files/etc/shadow/polkitd
/files/etc/shadow/postfix
/files/etc/shadow/qemu
/files/etc/shadow/radvd
/files/etc/shadow/root
/files/etc/shadow/rpc
/files/etc/shadow/rpcuser
/files/etc/shadow/saslauth
/files/etc/shadow/shutdown
/files/etc/shadow/sshd
/files/etc/shadow/sssd
/files/etc/shadow/sync
/files/etc/shadow/systemd-bus-proxy
/files/etc/shadow/systemd-network
/files/etc/shadow/tcpdump
/files/etc/shadow/tss
/files/etc/shadow/unbound
/files/etc/shadow/usbmuxd

Also works good.
Comment 15 errata-xmlrpc 2016-11-03 13:55:08 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2576.html

Note You need to log in before you can comment on or make changes to this bug.