Description of problem: Hook is registered, triggered, and Satellite says it runs the hook, but it DOES NOT run. Version-Release number of selected component (if applicable): 6.1.3 How reproducible: Always Steps to Reproduce: 1. Create an after_commit hook 2. systemctl restart foreman-tasks httpd 3. Confirm hook is registered in logs 4. Edit a host and save it Actual results: Hook is not actually run Expected results: Hook is run Additional info: Hook contents: #!/bin/bash cat > /tmp/host.txt Log: 2015-11-04 17:00:10 [I] Finished registering 1 hooks for Host::Managed#after_commit 2015-11-04 17:00:10 [D] Observed after_commit hook on sat-perf-01.idm.lab.bos.redhat.com 2015-11-04 17:00:10 [D] Running 1 hooks for Host::Managed#after_commit 2015-11-04 17:00:10 [D] Running hook: /usr/share/foreman/config/hooks/host/managed/after_commit/hook_test.sh after_commit sat-perf-01.idm.lab.bos.redhat.com /tmp/host.txt is not created. No selinux denials.
Please show me ls -laZ /usr/share/foreman/config/hooks/host/managed/after_commit/hook_test.sh Also paste me the script itself. Ownership/permissions might be incorrect. Thanks.
Hook contents are in comment #1. It's just dumping stdout to /tmp/host.txt. It works on my development install, but I also tried on a Foreman 1.10 RC this morning and it doesn't work there either. Here's ls -alZ: [root@sat-perf-01 ~]# ls -alZ /usr/share/foreman/config/hooks/host/managed/after_commit/hook_test.sh -rwxr-xr-x. root root unconfined_u:object_r:bin_t:s0 /usr/share/foreman/config/hooks/host/managed/after_commit/hook_test.sh foreman user can run it fine, this succeeds: sudo -u foreman /usr/share/foreman/config/hooks/host/managed/after_commit/hook_test.sh What's weird is foreamn-selinux references a hook context (system_u:object_r:foreman_hook_t,s0) but restorecon doesn't fix it. But it's broken even in Permissive for me anyway. If you notice the debug logs when this stuff happens: 2015-11-16 06:21:15 [app] [I] Finished registering 1 hooks for Host::Managed#after_commit 2015-11-16 06:21:41 [app] [D] Observed after_commit hook on katello-centos7-foreman.example.com 2015-11-16 06:21:41 [app] [D] Running 1 hooks for Host::Managed#after_commit It's never getting past running the hook. It should log some additional messages: https://github.com/theforeman/foreman_hooks/blob/master/lib/foreman_hooks/util.rb#L53 Any ideas?
13:37 stbenjam | oh god 13:37 stbenjam | ├── systemd-private-c4ZQa9 13:37 stbenjam | │ └── tmp 13:37 stbenjam | │ └── host.txt Feature of RHEL7 called "private tmp dirs".
Thanks Lukáš!!
So I'm not quite understanding here -- if this is not a bug, how is this addressed in the foreman components? Karl
I'm not sure I understand the question? Read comment #4, this was never a bug to begin with. QE and I were testing a hook that wrote to /tmp, and on rhel 7 it gets written to private tmp for foreman-proxy (/tmp/systemd-private-XXXXXXX/tmp).