Red Hat Bugzilla – Bug 1278193
Hook is not actually executed in 6.1.3
Last modified: 2017-02-23 14:41:04 EST
Description of problem:
Hook is registered, triggered, and Satellite says it runs the hook, but it DOES NOT run.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Create an after_commit hook
2. systemctl restart foreman-tasks httpd
3. Confirm hook is registered in logs
4. Edit a host and save it
Hook is not actually run
Hook is run
cat > /tmp/host.txt
2015-11-04 17:00:10 [I] Finished registering 1 hooks for Host::Managed#after_commit
2015-11-04 17:00:10 [D] Observed after_commit hook on sat-perf-01.idm.lab.bos.redhat.com
2015-11-04 17:00:10 [D] Running 1 hooks for Host::Managed#after_commit
2015-11-04 17:00:10 [D] Running hook: /usr/share/foreman/config/hooks/host/managed/after_commit/hook_test.sh after_commit sat-perf-01.idm.lab.bos.redhat.com
/tmp/host.txt is not created. No selinux denials.
Please show me
ls -laZ /usr/share/foreman/config/hooks/host/managed/after_commit/hook_test.sh
Also paste me the script itself.
Ownership/permissions might be incorrect. Thanks.
Hook contents are in comment #1. It's just dumping stdout to /tmp/host.txt.
It works on my development install, but I also tried on a Foreman 1.10 RC this morning and it doesn't work there either.
Here's ls -alZ:
[root@sat-perf-01 ~]# ls -alZ /usr/share/foreman/config/hooks/host/managed/after_commit/hook_test.sh
-rwxr-xr-x. root root unconfined_u:object_r:bin_t:s0 /usr/share/foreman/config/hooks/host/managed/after_commit/hook_test.sh
foreman user can run it fine, this succeeds:
sudo -u foreman /usr/share/foreman/config/hooks/host/managed/after_commit/hook_test.sh
What's weird is foreamn-selinux references a hook context (system_u:object_r:foreman_hook_t,s0) but restorecon doesn't fix it. But it's broken even in Permissive for me anyway.
If you notice the debug logs when this stuff happens:
2015-11-16 06:21:15 [app] [I] Finished registering 1 hooks for Host::Managed#after_commit
2015-11-16 06:21:41 [app] [D] Observed after_commit hook on katello-centos7-foreman.example.com
2015-11-16 06:21:41 [app] [D] Running 1 hooks for Host::Managed#after_commit
It's never getting past running the hook. It should log some additional messages:
13:37 stbenjam | oh god
13:37 stbenjam | ├── systemd-private-c4ZQa9
13:37 stbenjam | │ └── tmp
13:37 stbenjam | │ └── host.txt
Feature of RHEL7 called "private tmp dirs".
So I'm not quite understanding here -- if this is not a bug, how is this addressed in the foreman components?
I'm not sure I understand the question?
Read comment #4, this was never a bug to begin with.
QE and I were testing a hook that wrote to /tmp, and on rhel 7 it gets written to private tmp for foreman-proxy (/tmp/systemd-private-XXXXXXX/tmp).