Bug 1278193 - Hook is not actually executed in 6.1.3
Hook is not actually executed in 6.1.3
Status: CLOSED NOTABUG
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Hooks Plugin (Show other bugs)
6.1.3
Unspecified Unspecified
unspecified Severity high (vote)
: 6.1.5
: --
Assigned To: Stephen Benjamin
: Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-04 17:04 EST by Stephen Benjamin
Modified: 2017-02-23 14:41 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-11-16 07:37:43 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Stephen Benjamin 2015-11-04 17:04:11 EST
Description of problem:
Hook is registered, triggered, and Satellite says it runs the hook, but it DOES NOT run.


Version-Release number of selected component (if applicable):
6.1.3

How reproducible:
Always

Steps to Reproduce:
1. Create an after_commit hook
2. systemctl restart foreman-tasks httpd
3. Confirm hook is registered in logs
4. Edit a host and save it

Actual results:
Hook is not actually run

Expected results:
Hook is run

Additional info:

Hook contents:
#!/bin/bash
cat > /tmp/host.txt

Log:
  2015-11-04 17:00:10 [I] Finished registering 1 hooks for Host::Managed#after_commit
  2015-11-04 17:00:10 [D] Observed after_commit hook on sat-perf-01.idm.lab.bos.redhat.com
  2015-11-04 17:00:10 [D] Running 1 hooks for Host::Managed#after_commit
  2015-11-04 17:00:10 [D] Running hook: /usr/share/foreman/config/hooks/host/managed/after_commit/hook_test.sh after_commit sat-perf-01.idm.lab.bos.redhat.com

/tmp/host.txt is not created.  No selinux denials.
Comment 2 Lukas Zapletal 2015-11-16 04:58:07 EST
Please show me

ls -laZ /usr/share/foreman/config/hooks/host/managed/after_commit/hook_test.sh

Also paste me the script itself.

Ownership/permissions might be incorrect. Thanks.
Comment 3 Stephen Benjamin 2015-11-16 06:28:07 EST
Hook contents are in comment #1. It's just dumping stdout to /tmp/host.txt.

It works on my development install, but I also tried on a Foreman 1.10 RC this morning and it doesn't work there either.

Here's ls -alZ:

[root@sat-perf-01 ~]# ls -alZ /usr/share/foreman/config/hooks/host/managed/after_commit/hook_test.sh 
-rwxr-xr-x. root root unconfined_u:object_r:bin_t:s0   /usr/share/foreman/config/hooks/host/managed/after_commit/hook_test.sh


foreman user can run it fine, this succeeds:
  sudo -u foreman /usr/share/foreman/config/hooks/host/managed/after_commit/hook_test.sh


What's weird is foreamn-selinux references a hook context (system_u:object_r:foreman_hook_t,s0) but restorecon doesn't fix it.  But it's broken even in Permissive for me anyway.


If you notice the debug logs when this stuff happens:
2015-11-16 06:21:15 [app] [I] Finished registering 1 hooks for Host::Managed#after_commit
2015-11-16 06:21:41 [app] [D] Observed after_commit hook on katello-centos7-foreman.example.com
2015-11-16 06:21:41 [app] [D] Running 1 hooks for Host::Managed#after_commit


It's never getting past running the hook.  It should log some additional messages:
  https://github.com/theforeman/foreman_hooks/blob/master/lib/foreman_hooks/util.rb#L53

Any ideas?
Comment 4 Lukas Zapletal 2015-11-16 07:37:43 EST
13:37       stbenjam | oh god
13:37       stbenjam | ├── systemd-private-c4ZQa9
13:37       stbenjam | │   └── tmp
13:37       stbenjam | │       └── host.txt

Feature of RHEL7 called "private tmp dirs".
Comment 5 Stephen Benjamin 2015-11-16 08:24:34 EST
Thanks Lukáš!!
Comment 6 Karl Abbott 2015-11-25 08:33:13 EST
So I'm not quite understanding here -- if this is not a bug, how is this addressed in the foreman components?

Karl
Comment 7 Stephen Benjamin 2015-11-25 10:01:56 EST
I'm not sure I understand the question?

Read comment #4, this was never a bug to begin with.

QE and I were testing a hook that wrote to /tmp, and on rhel 7 it gets written to private tmp for foreman-proxy (/tmp/systemd-private-XXXXXXX/tmp).

Note You need to log in before you can comment on or make changes to this bug.