1286928 – Errors found switching from openscap policy causing satellite to hang

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1286928 - Errors found switching from openscap policy causing satellite to hang

Summary: Errors found switching from openscap policy causing satellite to hang

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	SCAP Plugin
Sub Component:
Version:	6.1.4
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	Unspecified
Assignee:	Shlomi Zadok
QA Contact:	Kedar Bidarkar
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-12-01 06:21 UTC by jnikolak
Modified:	2019-09-26 14:35 UTC (History)
CC List:	10 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-07-27 09:21:06 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2016:1501	0	normal	SHIPPED_LIVE	Red Hat Satellite 6.2 Capsule and Server	2016-07-27 12:28:58 UTC

Description jnikolak 2015-12-01 06:21:19 UTC

The issue was caused by adjusting the openscap policy from:
XCCDF Profile: Example Server Profile

To: SCAP Content: Red Hat rhel6 default content


From the strace, during switching to openscap profiles we can see the following errors.

[pid  4009] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  4009] munmap(0x7efdba67c000, 145896) = 0
[pid  4009] close(16)                   = -1 EBADF (Bad file descriptor)



This also causes the satellite gui to become hung.
During time of issue, it was observed that the passenger limits were reached.

passenger-status
Version : 4.0.18
Date    : Mon Nov 30 17:15:12 -0700 2015
Instance: 14071
----------- General information -----------
Max pool size : 6
Processes     : 6
Requests in top-level queue : 0

----------- Application groups -----------
/usr/share/foreman#default:
  App root: /usr/share/foreman
  Requests in queue: 100

Comment 3 Zbynek Moravec 2015-12-01 09:18:43 UTC

How do I reproduce it?

Comment 8 Shlomi Zadok 2015-12-21 15:49:14 UTC

In current implementation, sometime (randomly) arf report arrives corrupted (not in bz2 format).
(See also https://bugzilla.redhat.com/show_bug.cgi?id=1250065)
The problem is that it happens randomly

Comment 13 Kedar Bidarkar 2016-04-04 21:17:05 UTC

The issue was caused by adjusting the openscap policy from:
XCCDF Profile: Example Server Profile

To: SCAP Content: Red Hat rhel6 default content

-----------------------------------------------------------
Can you please mention what exactly was changed from and to.

Currently From appears to be XCCDF profile  and TO appears to be OSCAP content.

Comment 15 Kedar Bidarkar 2016-04-05 22:18:30 UTC

I want to know what exactly is being switched here , which is not clear to me.

As per initial bug description, 


FROM --> appears to be "profile" (XCCDF Profile: Example Server Profile)
TO --> appears to be "Content"  (SCAP Content: Red Hat rhel6 default content)


Both ( FROM and TO ) should be referring to "profile" or "content".

Comment 16 Kedar Bidarkar 2016-04-05 22:21:23 UTC

I Wonder if I am missing something here.

Comment 17 Kedar Bidarkar 2016-04-06 16:36:42 UTC

Ok, my best guess is, that we are switching the OSCAP profiles here.

Will try switching OSCAP profiles and run 2 seperate reports on the host and then verify this bug.

Comment 18 Kedar Bidarkar 2016-04-12 10:57:14 UTC

rhel6_policy was created first with,

XCCDF profile: Common Profile for General-Purpose Systems
OSCAP content: default rhel6 content

A scan was run on the host and uploaded to capsule which was visible under the compliance reports.

Afterwards,

XCCDF profile: Example Server Profile
OSCAP content: default rhel6 content

A scan was run on the host and uploaded to capsule which was visible under the compliance reports.

No Errors were found or did the sat6 went in a hung state.

---------------------------------------------------

Logs from /v/l/foreman/production.log

2016-04-12 06:21:28 [app] [I] Started PATCH "/compliance/policies/2" for 10.10.63.50 at 2016-04-12 06:21:28 -0400
2016-04-12 06:21:28 [app] [I] Processing by PoliciesController#update as HTML
2016-04-12 06:21:28 [app] [I]   Parameters: {"utf8"=>"✓", "authenticity_token"=>"B1qpKe7IUw/zVNOLdjnryiVM4jc3FZlfFqSSkMmVvb8=", "policy"=>{"name"=>"rhel6_policy", "description"=>"", "scap_content_id"=>"3", "scap_content_profile_id"=>"3", "period"=>"weekly", "weekday"=>"tuesday", "day_of_month"=>"1", "cron_line"=>"", "location_ids"=>["2", ""], "organization_ids"=>["1", ""], "hostgroup_ids"=>["", "4", "2"]}, "commit"=>"Submit", "id"=>"2"}
2016-04-12 06:21:29 [app] [I] Redirected to https://katello1.katello-latest.satellite.lab.eng.rdu2.redhat.com/compliance/policies
2016-04-12 06:21:29 [app] [I] Completed 302 Found in 332ms (ActiveRecord: 60.4ms)
2016-04-12 06:21:29 [app] [I] Started GET "/compliance/policies" for 10.10.63.50 at 2016-04-12 06:21:29 -0400
2016-04-12 06:21:29 [app] [I] Processing by PoliciesController#index as HTML
2016-04-12 06:21:29 [app] [I]   Rendered /opt/theforeman/tfm/root/usr/share/gems/gems/foreman_openscap-0.5.3.3/app/views/policies/_list.html.erb (269.8ms)
2016-04-12 06:21:29 [app] [I]   Rendered /opt/theforeman/tfm/root/usr/share/gems/gems/foreman_openscap-0.5.3.3/app/views/policies/index.html.erb within layouts/application (279.3ms)
2016-04-12 06:21:29 [app] [I]   Rendered common/_searchbar.html.erb (13.0ms)
2016-04-12 06:21:29 [app] [I]   Rendered layouts/_application_content.html.erb (16.1ms)
2016-04-12 06:21:29 [app] [I]   Rendered home/_submenu.html.erb (5.8ms)
2016-04-12 06:21:29 [app] [I]   Rendered home/_user_dropdown.html.erb (7.0ms)
2016-04-12 06:21:29 [app] [I] Read fragment views/tabs_and_title_records-3 (0.7ms)
2016-04-12 06:21:29 [app] [I]   Rendered home/_topbar.html.erb (18.5ms)
2016-04-12 06:21:29 [app] [I]   Rendered layouts/base.html.erb (23.7ms)
2016-04-12 06:21:29 [app] [I] Completed 200 OK in 365ms (Views: 198.0ms | ActiveRecord: 133.7ms)




VERIFIED with sat62-snap7.1

Comment 20 errata-xmlrpc 2016-07-27 09:21:06 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1501

Note You need to log in before you can comment on or make changes to this bug.