Bug 1406111
| Summary: | augeas lens cannot process "includedir /etc/krb5.conf.d/" line in /etc/krb5.conf | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Michal Wasilewski <mwasilewski> | ||||
| Component: | augeas | Assignee: | Pino Toscano <ptoscano> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 7.3 | CC: | egolov, mwasilewski, smithj4, xchen, yoguo | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | augeas-1.4.0-4.el7 | Doc Type: | Bug Fix | ||||
| Doc Text: |
Prior to this update, Augeas was not able to read include and includedir directives in the kerberos configuration (/etc/krb5.conf), and it did not parse additional configuration files under /etc/krb5.conf.d. The krb5 lens of Augeas has been fixed to parse also the include and includedir directives in existing configuration, and to parse additional configuration files. As a result, Augeas now correctly reads all the kerberos configuration as expected.
|
Story Points: | --- | ||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2018-04-10 09:55:26 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 1420851 | ||||||
| Attachments: |
|
||||||
(In reply to Michal Wasilewski from comment #0) > Created attachment 1233478 [details] > yum.log which contains info about packages installed as a result of the > group installation > > Description of problem: > during installation of 'Directory Client' yum group, a line is added to > krb5.conf file which stops augeas from working normally with /etc/krb5.conf > > Version-Release number of selected component (if applicable): > augeas-1.4.0-2.el7 > > How reproducible: > > Steps to Reproduce: > 1.augtool > 2. print /files/etc/krb5.conf <- this time will work > 3. yum groupinstall 'Directory Client' <- adds line to krb5.conf Do you mean that after this installation, there will a line added to krb5.conf? includedir /etc/krb5.conf.d/ Or which repo did you use? I can't execute it sucessfully. > 4.augtool > 5.print /files/etc/krb5.conf <- won't work > > Actual results: > augeas can no longer work with the file > > Expected results: > augeas should be able to process the includedir line > > Additional info: > removing includedir from krb5.conf fixes the problem, augeas can process the > file > > attached is a log file from the yum groupinstall Can reproduce it with: augeas-1.4.0-2.el7.x86_64 Steps: 1. Add this line to /etc/krb5.conf: includedir /etc/krb5.conf.d/ 2. augtool augtool> print /files/etc/krb5.conf augtool> print /augeas/files/etc/krb5.conf /augeas/files/etc/krb5.conf /augeas/files/etc/krb5.conf/path = "/files/etc/krb5.conf" /augeas/files/etc/krb5.conf/mtime = "1482303488" /augeas/files/etc/krb5.conf/lens = "@Krb5" /augeas/files/etc/krb5.conf/lens/info = "/usr/share/augeas/lenses/dist/krb5.aug:154.10-156.66:" /augeas/files/etc/krb5.conf/error = "parse_failed" /augeas/files/etc/krb5.conf/error/pos = "188" /augeas/files/etc/krb5.conf/error/line = "6" /augeas/files/etc/krb5.conf/error/char = "0" /augeas/files/etc/krb5.conf/error/lens = "/usr/share/augeas/lenses/dist/krb5.aug:154.10-156.66:" /augeas/files/etc/krb5.conf/error/message = "Get did not match entire input" *** Bug 1408526 has been marked as a duplicate of this bug. *** yes, installing "Directory Client" group resulted in that line being added to krb5.conf I did some more debugging and narrowed it down to the following update: Updating: krb5-libs-1.14.1-27.el7_3.x86_64 Cleanup: krb5-libs-1.13.2-12.el7_2.x86_64 I submitted a pull request to the upstream project on github that was merged last month: https://github.com/hercules-team/augeas/pull/431 So this should be fixed in the next version. Until that is released, maybe RedHat can update the augeas rpm in RHEL7 to include this patch. Verified with packages:
augeas-1.4.0-4.el7.x86_64
krb5-libs-1.15.1-8.el7.x86_64
Steps:
1. #augtool
augtool> print /files/etc/krb5.conf
----------------------------------------------------
/files/etc/krb5.conf
/files/etc/krb5.conf/#comment = "Configuration snippets may be placed in this directory as well"
/files/etc/krb5.conf/includedir = "/etc/krb5.conf.d/"
/files/etc/krb5.conf/logging
/files/etc/krb5.conf/logging/default
/files/etc/krb5.conf/logging/default/file = "/var/log/krb5libs.log"
/files/etc/krb5.conf/logging/kdc
/files/etc/krb5.conf/logging/kdc/file = "/var/log/krb5kdc.log"
/files/etc/krb5.conf/logging/admin_server
/files/etc/krb5.conf/logging/admin_server/file = "/var/log/kadmind.log"
/files/etc/krb5.conf/libdefaults
/files/etc/krb5.conf/libdefaults/dns_lookup_realm = "false"
/files/etc/krb5.conf/libdefaults/ticket_lifetime = "24h"
/files/etc/krb5.conf/libdefaults/renew_lifetime = "7d"
/files/etc/krb5.conf/libdefaults/forwardable = "true"
/files/etc/krb5.conf/libdefaults/rdns = "false"
/files/etc/krb5.conf/libdefaults/#comment = "default_realm = EXAMPLE.COM"
/files/etc/krb5.conf/libdefaults/default_ccache_name = "KEYRING:persistent:%{uid}"
/files/etc/krb5.conf/realms
/files/etc/krb5.conf/realms/#comment[1] = "EXAMPLE.COM = {"
/files/etc/krb5.conf/realms/#comment[2] = "kdc = kerberos.example.com"
/files/etc/krb5.conf/realms/#comment[3] = "admin_server = kerberos.example.com"
/files/etc/krb5.conf/realms/#comment[4] = "}"
/files/etc/krb5.conf/domain_realm
/files/etc/krb5.conf/domain_realm/#comment[1] = ".example.com = EXAMPLE.COM"
/files/etc/krb5.conf/domain_realm/#comment[2] = "example.com = EXAMPLE.COM"
----------------------------------------------------
Augeas can parse /etc/krb5.conf which contains "includedir /etc/krb5.conf.d/" line. So verified it.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0684 |
Created attachment 1233478 [details] yum.log which contains info about packages installed as a result of the group installation Description of problem: during installation of 'Directory Client' yum group, a line is added to krb5.conf file which stops augeas from working normally with /etc/krb5.conf Version-Release number of selected component (if applicable): augeas-1.4.0-2.el7 How reproducible: Steps to Reproduce: 1.augtool 2. print /files/etc/krb5.conf <- this time will work 3. yum groupinstall 'Directory Client' <- adds line to krb5.conf 4.augtool 5.print /files/etc/krb5.conf <- won't work Actual results: augeas can no longer work with the file Expected results: augeas should be able to process the includedir line Additional info: removing includedir from krb5.conf fixes the problem, augeas can process the file attached is a log file from the yum groupinstall