1639203 – pam_systemd generates 'Failed to connect to system bus: No such file or directory' in containers which run su

Bug 1639203 - pam_systemd generates 'Failed to connect to system bus: No such file or directory' in containers which run su

Summary: pam_systemd generates 'Failed to connect to system bus: No such file or direc...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-tripleo-heat-templates
Sub Component:
Version:	13.0 (Queens)
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	z5
Target Release:	13.0 (Queens)
Assignee:	Michele Baldessari
QA Contact:	pkomarov
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-10-15 09:43 UTC by Keigo Noha
Modified:	2019-12-29 18:45 UTC (History)
CC List:	7 users (show)
Fixed In Version:	openstack-tripleo-heat-templates-8.0.7-27.el7ost puppet-tripleo-8.3.6-9.el7ost
Doc Type:	Bug Fix
Doc Text:	Previously, the rabbitmq pacemaker bundle logged excessively during normal operation. With this update, the rabbitmq bundle no longer logs excessively. In particular, the rabbitmq bundle does not log the harmless error `Failed to connect to system bus: No such file or directory`.
Clone Of:
Environment:
Last Closed:	2019-03-14 13:54:52 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Launchpad	1806451	None	None	None	2018-12-03 17:34:51 UTC
OpenStack gerrit	629199	None	MERGED	puppet_config for rabbitmq_bundle needs file_line	2021-01-08 05:33:26 UTC
OpenStack gerrit	629200	None	MERGED	Remove some of the excessive rabbitmq bundle logging	2021-01-08 05:34:06 UTC
Red Hat Bugzilla	1655655	high	CLOSED	ocf_log debug outputs the message when HA_debug is unset	2021-02-22 00:41:40 UTC
Red Hat Knowledge Base (Solution)	3664411	None	None	None	2018-10-24 07:13:44 UTC
Red Hat Product Errata	RHBA-2019:0448	None	None	None	2019-03-14 13:55:01 UTC

Internal Links: 1655655 1692890

Description Keigo Noha 2018-10-15 09:43:54 UTC

Description of problem:
pam_systemd generates 'Failed to connect to system bus: No such file or directory' in containers which run su

~~~
su:pam_systemd(su:session): Failed to connect to system bus: No such file or 
directory
~~~

This behavior causes too many logs into /var/log/secure of the nodes.
It makes /var/log/secure hard to read.

Version-Release number of selected component (if applicable):
Current RHOSP13.

How reproducible:
Always

Steps to Reproduce:
1. Deploy Overcloud in RHOSP13.
2. Check overcloud node's /var/log/secure.
3.

Actual results:
The process inside containers which run su command generates the pam_systemd error.

Expected results:
The error messages aren't written to /var/log/secure in overcloud nodes.

Additional info:
pam_systemd is optional in su file of PAM. It requires to communicate system bug(dbus). However container doesn't mount host's /var/run/dbus directory to it.
In container, as far as I check, we don't use systemctl command to launch services.
So, I think we have 2 options.
1. Mount /var/run/dbus directory to avoid the error log by T-H-T.
2. Modify su file to not include pam_systemd in container image by openstack-container component.


At first,

Comment 1 Keigo Noha 2018-10-15 09:44:37 UTC

Sorry, I posted the unfinished description. 
At first, I'd like to hear T-H-T side's opinion

Comment 8 Keigo Noha 2018-12-13 08:16:38 UTC

Hello Michele,

Thank you for your work on this bugzilla.
If I understand proposed patches correctly, upstream gerrit doesn't handle the message, 'su:pam_systemd(su:session): Failed to connect to system bus: No such file or directory'.
If you have any room to take look into it, could you check it and proceed the work?

Best Regards,
Keigo Noha

Comment 9 Michele Baldessari 2018-12-13 09:12:10 UTC

That is not what I wrote in the upstream bug. I now updated it.

Comment 10 Keigo Noha 2018-12-25 00:18:58 UTC

Hello Michele,

Thank you for your work on this bugzilla.

In upstream, the gerrit focuses on rabbitmq side. However, the same su error messages are shown in cron container or other su operation included container.

Is it possible to make the modification for rabbitmq as default for all containers?

Best Regards,
Keigo Noha

Comment 11 Michele Baldessari 2019-01-09 10:35:25 UTC

(In reply to Keigo Noha from comment #10)
> Hello Michele,
> 
> Thank you for your work on this bugzilla.
> 
> In upstream, the gerrit focuses on rabbitmq side. However, the same su error
> messages are shown in cron container or other su operation included
> container.
> 
> Is it possible to make the modification for rabbitmq as default for all
> containers?

Hi Keigo,

do you have some examples about this I can look at?
I did a quick grep on my osp13 env and did not see anything relevant

thanks,
Michele

Comment 12 Keigo Noha 2019-01-15 01:02:08 UTC

Hi Michele,

Thank you for your update on this bugzilla.
I checked my environment again and I found that rabbitmq container is the only affected contain by this issue.
Initially, I thought crond was affected. However the crond's message was generated at host side, not in container side.
I apologize to it. So, we need to  fix this issue in rabbitmq side only.

Best Regards,
Keigo Noha

Comment 33 errata-xmlrpc 2019-03-14 13:54:52 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0448

Note You need to log in before you can comment on or make changes to this bug.