Bug 1286928 - Errors found switching from openscap policy causing satellite to hang
Errors found switching from openscap policy causing satellite to hang
Status: CLOSED ERRATA
Product: Red Hat Satellite 6
Classification: Red Hat
Component: SCAP Plugin (Show other bugs)
6.1.4
Unspecified Unspecified
unspecified Severity high (vote)
: Beta
: --
Assigned To: Shlomi Zadok
Kedar Bidarkar
: Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-12-01 01:21 EST by jnikolak
Modified: 2016-07-27 05:21 EDT (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-07-27 05:21:06 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description jnikolak 2015-12-01 01:21:19 EST
The issue was caused by adjusting the openscap policy from:
XCCDF Profile: Example Server Profile

To: SCAP Content: Red Hat rhel6 default content


From the strace, during switching to openscap profiles we can see the following errors.

[pid  4009] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  4009] munmap(0x7efdba67c000, 145896) = 0
[pid  4009] close(16)                   = -1 EBADF (Bad file descriptor)



This also causes the satellite gui to become hung.
During time of issue, it was observed that the passenger limits were reached.

passenger-status
Version : 4.0.18
Date    : Mon Nov 30 17:15:12 -0700 2015
Instance: 14071
----------- General information -----------
Max pool size : 6
Processes     : 6
Requests in top-level queue : 0

----------- Application groups -----------
/usr/share/foreman#default:
  App root: /usr/share/foreman
  Requests in queue: 100
Comment 3 Zbynek Moravec 2015-12-01 04:18:43 EST
How do I reproduce it?
Comment 8 Shlomi Zadok 2015-12-21 10:49:14 EST
In current implementation, sometime (randomly) arf report arrives corrupted (not in bz2 format).
(See also https://bugzilla.redhat.com/show_bug.cgi?id=1250065)
The problem is that it happens randomly
Comment 13 Kedar Bidarkar 2016-04-04 17:17:05 EDT
The issue was caused by adjusting the openscap policy from:
XCCDF Profile: Example Server Profile

To: SCAP Content: Red Hat rhel6 default content

-----------------------------------------------------------
Can you please mention what exactly was changed from and to.

Currently From appears to be XCCDF profile  and TO appears to be OSCAP content.
Comment 15 Kedar Bidarkar 2016-04-05 18:18:30 EDT
I want to know what exactly is being switched here , which is not clear to me.

As per initial bug description, 


FROM --> appears to be "profile" (XCCDF Profile: Example Server Profile)
TO --> appears to be "Content"  (SCAP Content: Red Hat rhel6 default content)


Both ( FROM and TO ) should be referring to "profile" or "content".
Comment 16 Kedar Bidarkar 2016-04-05 18:21:23 EDT
I Wonder if I am missing something here.
Comment 17 Kedar Bidarkar 2016-04-06 12:36:42 EDT
Ok, my best guess is, that we are switching the OSCAP profiles here.

Will try switching OSCAP profiles and run 2 seperate reports on the host and then verify this bug.
Comment 18 Kedar Bidarkar 2016-04-12 06:57:14 EDT
rhel6_policy was created first with,

XCCDF profile: Common Profile for General-Purpose Systems
OSCAP content: default rhel6 content

A scan was run on the host and uploaded to capsule which was visible under the compliance reports.

Afterwards,

XCCDF profile: Example Server Profile
OSCAP content: default rhel6 content

A scan was run on the host and uploaded to capsule which was visible under the compliance reports.

No Errors were found or did the sat6 went in a hung state.

---------------------------------------------------

Logs from /v/l/foreman/production.log

2016-04-12 06:21:28 [app] [I] Started PATCH "/compliance/policies/2" for 10.10.63.50 at 2016-04-12 06:21:28 -0400
2016-04-12 06:21:28 [app] [I] Processing by PoliciesController#update as HTML
2016-04-12 06:21:28 [app] [I]   Parameters: {"utf8"=>"✓", "authenticity_token"=>"B1qpKe7IUw/zVNOLdjnryiVM4jc3FZlfFqSSkMmVvb8=", "policy"=>{"name"=>"rhel6_policy", "description"=>"", "scap_content_id"=>"3", "scap_content_profile_id"=>"3", "period"=>"weekly", "weekday"=>"tuesday", "day_of_month"=>"1", "cron_line"=>"", "location_ids"=>["2", ""], "organization_ids"=>["1", ""], "hostgroup_ids"=>["", "4", "2"]}, "commit"=>"Submit", "id"=>"2"}
2016-04-12 06:21:29 [app] [I] Redirected to https://katello1.katello-latest.satellite.lab.eng.rdu2.redhat.com/compliance/policies
2016-04-12 06:21:29 [app] [I] Completed 302 Found in 332ms (ActiveRecord: 60.4ms)
2016-04-12 06:21:29 [app] [I] Started GET "/compliance/policies" for 10.10.63.50 at 2016-04-12 06:21:29 -0400
2016-04-12 06:21:29 [app] [I] Processing by PoliciesController#index as HTML
2016-04-12 06:21:29 [app] [I]   Rendered /opt/theforeman/tfm/root/usr/share/gems/gems/foreman_openscap-0.5.3.3/app/views/policies/_list.html.erb (269.8ms)
2016-04-12 06:21:29 [app] [I]   Rendered /opt/theforeman/tfm/root/usr/share/gems/gems/foreman_openscap-0.5.3.3/app/views/policies/index.html.erb within layouts/application (279.3ms)
2016-04-12 06:21:29 [app] [I]   Rendered common/_searchbar.html.erb (13.0ms)
2016-04-12 06:21:29 [app] [I]   Rendered layouts/_application_content.html.erb (16.1ms)
2016-04-12 06:21:29 [app] [I]   Rendered home/_submenu.html.erb (5.8ms)
2016-04-12 06:21:29 [app] [I]   Rendered home/_user_dropdown.html.erb (7.0ms)
2016-04-12 06:21:29 [app] [I] Read fragment views/tabs_and_title_records-3 (0.7ms)
2016-04-12 06:21:29 [app] [I]   Rendered home/_topbar.html.erb (18.5ms)
2016-04-12 06:21:29 [app] [I]   Rendered layouts/base.html.erb (23.7ms)
2016-04-12 06:21:29 [app] [I] Completed 200 OK in 365ms (Views: 198.0ms | ActiveRecord: 133.7ms)




VERIFIED with sat62-snap7.1
Comment 20 errata-xmlrpc 2016-07-27 05:21:06 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1501

Note You need to log in before you can comment on or make changes to this bug.