Bug 1612093 - Different users running upgrades from the same host causes conflict over file: /tmp/cert-expiry-report.html
Summary: Different users running upgrades from the same host causes conflict over file...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 3.11.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: 3.11.0
Assignee: Michael Gugino
QA Contact: Gaoyun Pei
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-08-03 13:03 UTC by Justin Pierce
Modified: 2018-10-11 07:23 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-10-11 07:23:29 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:2652 0 None None None 2018-10-11 07:23:49 UTC

Description Justin Pierce 2018-08-03 13:03:10 UTC 
Description of problem:


TASK [openshift_certificate_expiry : Generate expiration report HTML] *********************************************************************************************************************************************
Thursday 02 August 2018  19:17:02 +0000 (0:00:01.972)       0:08:05.262 ******* 
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: OSError: [Errno 1] Operation not permitted
fatal: [free-int-master-3c664 -> localhost]: FAILED! => {"changed": false, "checksum": "3f08244b525a120302159339e10250e1cd9768e5", "msg": "Unable to rename file: /home/jupierce/.ansible/tmp/ansible-tmp-1533237422.99-3207455506946/source to /tmp/cert-expiry-report.html: [Errno 1] Operation not permitted"}

Version-Release number of selected component (if applicable):
v3.11.0-0.10.0

How reproducible:
100%

Steps to Reproduce:
1. Run upgrade as user X
2. Attempt to run upgrade as user Y
3.

Actual results:
User Y receives error attempting to modify /tmp/cert-expiry-report.html (owned by X).

Expected results:
Expiration reports should be stored in user specific temp directory (e.g. ~/tmp/cert-expiry-report.html)
Comment 1 Justin Pierce 2018-08-03 13:12:11 UTC 
Same applies to /tmp/cert-expiry-report.json
Comment 2 Scott Dodson 2018-08-03 13:54:06 UTC 
We need to make sure that we're creating unique tempdir per run and using that.
Comment 3 Michael Gugino 2018-08-03 20:09:57 UTC 
PR Created: https://github.com/openshift/openshift-ansible/pull/9430
Comment 4 Scott Dodson 2018-08-09 13:41:42 UTC 
In openshift-ansible-3.11.0-0.12.0
Comment 6 Gaoyun Pei 2018-08-16 10:19:49 UTC 
Verify this bug with openshift-ansible-3.11.0-0.16.0.git.0.e82689aNone.noarch. The html and json report would be copied to user's own home dir with timestamp.


1. Run 3.10 to 3.11 upgrade as user1
TASK [openshift_certificate_expiry : Generate expiration report HTML] *******************************************************************************************************
changed: [ec2-34-228-230-143.compute-1.amazonaws.com -> localhost] => {"changed": true, "checksum": "9ef75568088c70927315572216a55a9028d7084a", "dest": "/home/user1/cert-expiry-report.20180816T061013.html", "gid": 1002, "group": "user1", "md5sum": "fc99ebbbaf23200dba73ac70dbf24e0a", "mode": "0664", "owner": "user1", "secontext": "unconfined_u:object_r:user_home_t:s0", "size": 4839, "src": "/home/user1/.ansible/tmp/ansible-tmp-1534414219.67-125264013360188/source", "state": "file", "uid": 1002}

TASK [openshift_certificate_expiry : Generate results JSON file] ************************************************************************************************************
changed: [ec2-34-228-230-143.compute-1.amazonaws.com -> localhost] => {"changed": true, "checksum": "dd207e1b6bebd9f0ef5274bcfe4095c84dba2d1f", "dest": "/home/user1/cert-expiry-report.20180816T061013.json", "gid": 1002, "group": "user1", "md5sum": "9bbda912a248c6e77917a251f69b886c", "mode": "0664", "owner": "user1", "secontext": "unconfined_u:object_r:user_home_t:s0", "size": 480, "src": "/home/user1/.ansible/tmp/ansible-tmp-1534414222.05-84948013888706/source", "state": "file", "uid": 1002}


2. Run 3.10 to 3.11 upgrade as user2
TASK [openshift_certificate_expiry : Generate expiration report HTML] *******************************************************************************************************
changed: [ec2-34-228-230-143.compute-1.amazonaws.com -> localhost] => {"changed": true, "checksum": "b1afd89d0c9ad3648c0d1cef56d2fba170d654c9", "dest": "/home/user2/cert-expiry-report.20180816T061413.html", "gid": 1003, "group": "user2", "md5sum": "076cde1a8ba23d9ab3f1e4811d6bfd2e", "mode": "0664", "owner": "user2", "secontext": "unconfined_u:object_r:user_home_t:s0", "size": 4839, "src": "/home/user2/.ansible/tmp/ansible-tmp-1534414459.3-12129705807138/source", "state": "file", "uid": 1003}

TASK [openshift_certificate_expiry : Generate results JSON file] ************************************************************************************************************
changed: [ec2-34-228-230-143.compute-1.amazonaws.com -> localhost] => {"changed": true, "checksum": "e408d643ed8e42a50ffd866968913913ad80f147", "dest": "/home/user2/cert-expiry-report.20180816T061413.json", "gid": 1003, "group": "user2", "md5sum": "e84b2ab2ab3cdff88b6adc5e40688013", "mode": "0664", "owner": "user2", "secontext": "unconfined_u:object_r:user_home_t:s0", "size": 480, "src": "/home/user2/.ansible/tmp/ansible-tmp-1534414461.84-191176885436782/source", "state": "file", "uid": 1003}
Comment 8 errata-xmlrpc 2018-10-11 07:23:29 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:2652
Note You need to log in before you can comment on or make changes to this bug.