Red Hat Bugzilla – Bug 1612093
Different users running upgrades from the same host causes conflict over file: /tmp/cert-expiry-report.html
Last modified: 2018-10-11 03:23:50 EDT
Description of problem: TASK [openshift_certificate_expiry : Generate expiration report HTML] ********************************************************************************************************************************************* Thursday 02 August 2018 19:17:02 +0000 (0:00:01.972) 0:08:05.262 ******* An exception occurred during task execution. To see the full traceback, use -vvv. The error was: OSError: [Errno 1] Operation not permitted fatal: [free-int-master-3c664 -> localhost]: FAILED! => {"changed": false, "checksum": "3f08244b525a120302159339e10250e1cd9768e5", "msg": "Unable to rename file: /home/jupierce/.ansible/tmp/ansible-tmp-1533237422.99-3207455506946/source to /tmp/cert-expiry-report.html: [Errno 1] Operation not permitted"} Version-Release number of selected component (if applicable): v3.11.0-0.10.0 How reproducible: 100% Steps to Reproduce: 1. Run upgrade as user X 2. Attempt to run upgrade as user Y 3. Actual results: User Y receives error attempting to modify /tmp/cert-expiry-report.html (owned by X). Expected results: Expiration reports should be stored in user specific temp directory (e.g. ~/tmp/cert-expiry-report.html)
Same applies to /tmp/cert-expiry-report.json
We need to make sure that we're creating unique tempdir per run and using that.
PR Created: https://github.com/openshift/openshift-ansible/pull/9430
In openshift-ansible-3.11.0-0.12.0
Verify this bug with openshift-ansible-3.11.0-0.16.0.git.0.e82689aNone.noarch. The html and json report would be copied to user's own home dir with timestamp. 1. Run 3.10 to 3.11 upgrade as user1 TASK [openshift_certificate_expiry : Generate expiration report HTML] ******************************************************************************************************* changed: [ec2-34-228-230-143.compute-1.amazonaws.com -> localhost] => {"changed": true, "checksum": "9ef75568088c70927315572216a55a9028d7084a", "dest": "/home/user1/cert-expiry-report.20180816T061013.html", "gid": 1002, "group": "user1", "md5sum": "fc99ebbbaf23200dba73ac70dbf24e0a", "mode": "0664", "owner": "user1", "secontext": "unconfined_u:object_r:user_home_t:s0", "size": 4839, "src": "/home/user1/.ansible/tmp/ansible-tmp-1534414219.67-125264013360188/source", "state": "file", "uid": 1002} TASK [openshift_certificate_expiry : Generate results JSON file] ************************************************************************************************************ changed: [ec2-34-228-230-143.compute-1.amazonaws.com -> localhost] => {"changed": true, "checksum": "dd207e1b6bebd9f0ef5274bcfe4095c84dba2d1f", "dest": "/home/user1/cert-expiry-report.20180816T061013.json", "gid": 1002, "group": "user1", "md5sum": "9bbda912a248c6e77917a251f69b886c", "mode": "0664", "owner": "user1", "secontext": "unconfined_u:object_r:user_home_t:s0", "size": 480, "src": "/home/user1/.ansible/tmp/ansible-tmp-1534414222.05-84948013888706/source", "state": "file", "uid": 1002} 2. Run 3.10 to 3.11 upgrade as user2 TASK [openshift_certificate_expiry : Generate expiration report HTML] ******************************************************************************************************* changed: [ec2-34-228-230-143.compute-1.amazonaws.com -> localhost] => {"changed": true, "checksum": "b1afd89d0c9ad3648c0d1cef56d2fba170d654c9", "dest": "/home/user2/cert-expiry-report.20180816T061413.html", "gid": 1003, "group": "user2", "md5sum": "076cde1a8ba23d9ab3f1e4811d6bfd2e", "mode": "0664", "owner": "user2", "secontext": "unconfined_u:object_r:user_home_t:s0", "size": 4839, "src": "/home/user2/.ansible/tmp/ansible-tmp-1534414459.3-12129705807138/source", "state": "file", "uid": 1003} TASK [openshift_certificate_expiry : Generate results JSON file] ************************************************************************************************************ changed: [ec2-34-228-230-143.compute-1.amazonaws.com -> localhost] => {"changed": true, "checksum": "e408d643ed8e42a50ffd866968913913ad80f147", "dest": "/home/user2/cert-expiry-report.20180816T061413.json", "gid": 1003, "group": "user2", "md5sum": "e84b2ab2ab3cdff88b6adc5e40688013", "mode": "0664", "owner": "user2", "secontext": "unconfined_u:object_r:user_home_t:s0", "size": 480, "src": "/home/user2/.ansible/tmp/ansible-tmp-1534414461.84-191176885436782/source", "state": "file", "uid": 1003}
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:2652