1278193 – Hook is not actually executed in 6.1.3

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1278193 - Hook is not actually executed in 6.1.3

Summary: Hook is not actually executed in 6.1.3

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Hooks and Webhooks
Sub Component:
Version:	6.1.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	Unspecified
Assignee:	Stephen Benjamin
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-11-04 22:04 UTC by Stephen Benjamin
Modified:	2019-08-15 05:47 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-11-16 12:37:43 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Stephen Benjamin 2015-11-04 22:04:11 UTC

Description of problem:
Hook is registered, triggered, and Satellite says it runs the hook, but it DOES NOT run.


Version-Release number of selected component (if applicable):
6.1.3

How reproducible:
Always

Steps to Reproduce:
1. Create an after_commit hook
2. systemctl restart foreman-tasks httpd
3. Confirm hook is registered in logs
4. Edit a host and save it

Actual results:
Hook is not actually run

Expected results:
Hook is run

Additional info:

Hook contents:
#!/bin/bash
cat > /tmp/host.txt

Log:
  2015-11-04 17:00:10 [I] Finished registering 1 hooks for Host::Managed#after_commit
  2015-11-04 17:00:10 [D] Observed after_commit hook on sat-perf-01.idm.lab.bos.redhat.com
  2015-11-04 17:00:10 [D] Running 1 hooks for Host::Managed#after_commit
  2015-11-04 17:00:10 [D] Running hook: /usr/share/foreman/config/hooks/host/managed/after_commit/hook_test.sh after_commit sat-perf-01.idm.lab.bos.redhat.com

/tmp/host.txt is not created.  No selinux denials.

Comment 2 Lukas Zapletal 2015-11-16 09:58:07 UTC

Please show me

ls -laZ /usr/share/foreman/config/hooks/host/managed/after_commit/hook_test.sh

Also paste me the script itself.

Ownership/permissions might be incorrect. Thanks.

Comment 3 Stephen Benjamin 2015-11-16 11:28:07 UTC

Hook contents are in comment #1. It's just dumping stdout to /tmp/host.txt.

It works on my development install, but I also tried on a Foreman 1.10 RC this morning and it doesn't work there either.

Here's ls -alZ:

[root@sat-perf-01 ~]# ls -alZ /usr/share/foreman/config/hooks/host/managed/after_commit/hook_test.sh 
-rwxr-xr-x. root root unconfined_u:object_r:bin_t:s0   /usr/share/foreman/config/hooks/host/managed/after_commit/hook_test.sh


foreman user can run it fine, this succeeds:
  sudo -u foreman /usr/share/foreman/config/hooks/host/managed/after_commit/hook_test.sh


What's weird is foreamn-selinux references a hook context (system_u:object_r:foreman_hook_t,s0) but restorecon doesn't fix it.  But it's broken even in Permissive for me anyway.


If you notice the debug logs when this stuff happens:
2015-11-16 06:21:15 [app] [I] Finished registering 1 hooks for Host::Managed#after_commit
2015-11-16 06:21:41 [app] [D] Observed after_commit hook on katello-centos7-foreman.example.com
2015-11-16 06:21:41 [app] [D] Running 1 hooks for Host::Managed#after_commit


It's never getting past running the hook.  It should log some additional messages:
  https://github.com/theforeman/foreman_hooks/blob/master/lib/foreman_hooks/util.rb#L53

Any ideas?

Comment 4 Lukas Zapletal 2015-11-16 12:37:43 UTC

13:37       stbenjam | oh god
13:37       stbenjam | ├── systemd-private-c4ZQa9
13:37       stbenjam | │   └── tmp
13:37       stbenjam | │       └── host.txt

Feature of RHEL7 called "private tmp dirs".

Comment 5 Stephen Benjamin 2015-11-16 13:24:34 UTC

Thanks Lukáš!!

Comment 6 Karl Abbott 2015-11-25 13:33:13 UTC

So I'm not quite understanding here -- if this is not a bug, how is this addressed in the foreman components?

Karl

Comment 7 Stephen Benjamin 2015-11-25 15:01:56 UTC

I'm not sure I understand the question?

Read comment #4, this was never a bug to begin with.

QE and I were testing a hook that wrote to /tmp, and on rhel 7 it gets written to private tmp for foreman-proxy (/tmp/systemd-private-XXXXXXX/tmp).

Note You need to log in before you can comment on or make changes to this bug.