Description of problem: pam_systemd generates 'Failed to connect to system bus: No such file or directory' in containers which run su ~~~ su:pam_systemd(su:session): Failed to connect to system bus: No such file or directory ~~~ This behavior causes too many logs into /var/log/secure of the nodes. It makes /var/log/secure hard to read. Version-Release number of selected component (if applicable): Current RHOSP13. How reproducible: Always Steps to Reproduce: 1. Deploy Overcloud in RHOSP13. 2. Check overcloud node's /var/log/secure. 3. Actual results: The process inside containers which run su command generates the pam_systemd error. Expected results: The error messages aren't written to /var/log/secure in overcloud nodes. Additional info: pam_systemd is optional in su file of PAM. It requires to communicate system bug(dbus). However container doesn't mount host's /var/run/dbus directory to it. In container, as far as I check, we don't use systemctl command to launch services. So, I think we have 2 options. 1. Mount /var/run/dbus directory to avoid the error log by T-H-T. 2. Modify su file to not include pam_systemd in container image by openstack-container component. At first,
Sorry, I posted the unfinished description. At first, I'd like to hear T-H-T side's opinion
Hello Michele, Thank you for your work on this bugzilla. If I understand proposed patches correctly, upstream gerrit doesn't handle the message, 'su:pam_systemd(su:session): Failed to connect to system bus: No such file or directory'. If you have any room to take look into it, could you check it and proceed the work? Best Regards, Keigo Noha
That is not what I wrote in the upstream bug. I now updated it.
Hello Michele, Thank you for your work on this bugzilla. In upstream, the gerrit focuses on rabbitmq side. However, the same su error messages are shown in cron container or other su operation included container. Is it possible to make the modification for rabbitmq as default for all containers? Best Regards, Keigo Noha
(In reply to Keigo Noha from comment #10) > Hello Michele, > > Thank you for your work on this bugzilla. > > In upstream, the gerrit focuses on rabbitmq side. However, the same su error > messages are shown in cron container or other su operation included > container. > > Is it possible to make the modification for rabbitmq as default for all > containers? Hi Keigo, do you have some examples about this I can look at? I did a quick grep on my osp13 env and did not see anything relevant thanks, Michele
Hi Michele, Thank you for your update on this bugzilla. I checked my environment again and I found that rabbitmq container is the only affected contain by this issue. Initially, I thought crond was affected. However the crond's message was generated at host side, not in container side. I apologize to it. So, we need to fix this issue in rabbitmq side only. Best Regards, Keigo Noha
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0448