Bug 1286928 - Errors found switching from openscap policy causing satellite to hang
Summary: Errors found switching from openscap policy causing satellite to hang
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: SCAP Plugin
Version: 6.1.4
Hardware: Unspecified
OS: Unspecified
unspecified
high vote
Target Milestone: Unspecified
Assignee: Shlomi Zadok
QA Contact: Kedar Bidarkar
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-12-01 06:21 UTC by jnikolak
Modified: 2019-09-26 14:35 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-07-27 09:21:06 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:1501 normal SHIPPED_LIVE Red Hat Satellite 6.2 Capsule and Server 2016-07-27 12:28:58 UTC

Description jnikolak 2015-12-01 06:21:19 UTC
The issue was caused by adjusting the openscap policy from:
XCCDF Profile: Example Server Profile

To: SCAP Content: Red Hat rhel6 default content


From the strace, during switching to openscap profiles we can see the following errors.

[pid  4009] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  4009] munmap(0x7efdba67c000, 145896) = 0
[pid  4009] close(16)                   = -1 EBADF (Bad file descriptor)



This also causes the satellite gui to become hung.
During time of issue, it was observed that the passenger limits were reached.

passenger-status
Version : 4.0.18
Date    : Mon Nov 30 17:15:12 -0700 2015
Instance: 14071
----------- General information -----------
Max pool size : 6
Processes     : 6
Requests in top-level queue : 0

----------- Application groups -----------
/usr/share/foreman#default:
  App root: /usr/share/foreman
  Requests in queue: 100

Comment 3 Zbynek Moravec 2015-12-01 09:18:43 UTC
How do I reproduce it?

Comment 8 Shlomi Zadok 2015-12-21 15:49:14 UTC
In current implementation, sometime (randomly) arf report arrives corrupted (not in bz2 format).
(See also https://bugzilla.redhat.com/show_bug.cgi?id=1250065)
The problem is that it happens randomly

Comment 13 Kedar Bidarkar 2016-04-04 21:17:05 UTC
The issue was caused by adjusting the openscap policy from:
XCCDF Profile: Example Server Profile

To: SCAP Content: Red Hat rhel6 default content

-----------------------------------------------------------
Can you please mention what exactly was changed from and to.

Currently From appears to be XCCDF profile  and TO appears to be OSCAP content.

Comment 15 Kedar Bidarkar 2016-04-05 22:18:30 UTC
I want to know what exactly is being switched here , which is not clear to me.

As per initial bug description, 


FROM --> appears to be "profile" (XCCDF Profile: Example Server Profile)
TO --> appears to be "Content"  (SCAP Content: Red Hat rhel6 default content)


Both ( FROM and TO ) should be referring to "profile" or "content".

Comment 16 Kedar Bidarkar 2016-04-05 22:21:23 UTC
I Wonder if I am missing something here.

Comment 17 Kedar Bidarkar 2016-04-06 16:36:42 UTC
Ok, my best guess is, that we are switching the OSCAP profiles here.

Will try switching OSCAP profiles and run 2 seperate reports on the host and then verify this bug.

Comment 18 Kedar Bidarkar 2016-04-12 10:57:14 UTC
rhel6_policy was created first with,

XCCDF profile: Common Profile for General-Purpose Systems
OSCAP content: default rhel6 content

A scan was run on the host and uploaded to capsule which was visible under the compliance reports.

Afterwards,

XCCDF profile: Example Server Profile
OSCAP content: default rhel6 content

A scan was run on the host and uploaded to capsule which was visible under the compliance reports.

No Errors were found or did the sat6 went in a hung state.

---------------------------------------------------

Logs from /v/l/foreman/production.log

2016-04-12 06:21:28 [app] [I] Started PATCH "/compliance/policies/2" for 10.10.63.50 at 2016-04-12 06:21:28 -0400
2016-04-12 06:21:28 [app] [I] Processing by PoliciesController#update as HTML
2016-04-12 06:21:28 [app] [I]   Parameters: {"utf8"=>"✓", "authenticity_token"=>"B1qpKe7IUw/zVNOLdjnryiVM4jc3FZlfFqSSkMmVvb8=", "policy"=>{"name"=>"rhel6_policy", "description"=>"", "scap_content_id"=>"3", "scap_content_profile_id"=>"3", "period"=>"weekly", "weekday"=>"tuesday", "day_of_month"=>"1", "cron_line"=>"", "location_ids"=>["2", ""], "organization_ids"=>["1", ""], "hostgroup_ids"=>["", "4", "2"]}, "commit"=>"Submit", "id"=>"2"}
2016-04-12 06:21:29 [app] [I] Redirected to https://katello1.katello-latest.satellite.lab.eng.rdu2.redhat.com/compliance/policies
2016-04-12 06:21:29 [app] [I] Completed 302 Found in 332ms (ActiveRecord: 60.4ms)
2016-04-12 06:21:29 [app] [I] Started GET "/compliance/policies" for 10.10.63.50 at 2016-04-12 06:21:29 -0400
2016-04-12 06:21:29 [app] [I] Processing by PoliciesController#index as HTML
2016-04-12 06:21:29 [app] [I]   Rendered /opt/theforeman/tfm/root/usr/share/gems/gems/foreman_openscap-0.5.3.3/app/views/policies/_list.html.erb (269.8ms)
2016-04-12 06:21:29 [app] [I]   Rendered /opt/theforeman/tfm/root/usr/share/gems/gems/foreman_openscap-0.5.3.3/app/views/policies/index.html.erb within layouts/application (279.3ms)
2016-04-12 06:21:29 [app] [I]   Rendered common/_searchbar.html.erb (13.0ms)
2016-04-12 06:21:29 [app] [I]   Rendered layouts/_application_content.html.erb (16.1ms)
2016-04-12 06:21:29 [app] [I]   Rendered home/_submenu.html.erb (5.8ms)
2016-04-12 06:21:29 [app] [I]   Rendered home/_user_dropdown.html.erb (7.0ms)
2016-04-12 06:21:29 [app] [I] Read fragment views/tabs_and_title_records-3 (0.7ms)
2016-04-12 06:21:29 [app] [I]   Rendered home/_topbar.html.erb (18.5ms)
2016-04-12 06:21:29 [app] [I]   Rendered layouts/base.html.erb (23.7ms)
2016-04-12 06:21:29 [app] [I] Completed 200 OK in 365ms (Views: 198.0ms | ActiveRecord: 133.7ms)




VERIFIED with sat62-snap7.1

Comment 20 errata-xmlrpc 2016-07-27 09:21:06 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1501


Note You need to log in before you can comment on or make changes to this bug.