2110003 – smart-proxy consumes 100% cpu after connecting to WebConsole with krb5 auth on RHEL8

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2110003 - smart-proxy consumes 100% cpu after connecting to WebConsole with krb5 auth on RHEL8

Summary: smart-proxy consumes 100% cpu after connecting to WebConsole with krb5 auth o...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Remote Execution
Sub Component:
Version:	6.11.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	6.12.0
Assignee:	Adam Ruzicka
QA Contact:	Peter Ondrejka
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-07-22 16:54 UTC by Paul Armstrong
Modified:	2022-11-16 13:35 UTC (History)
CC List:	4 users (show)
Fixed In Version:	rubygem-smart_proxy_remote_execution_ssh-0.7.1
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2022-11-16 13:34:44 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Foreman Issue Tracker	35230	Normal	Ready For Testing	Proxy-side implementation of cockpit integration spins too much	2022-07-25 07:45:18 UTC
Red Hat Issue Tracker	SAT-12948	None	None	None	2022-09-14 15:07:00 UTC
Red Hat Product Errata	RHSA-2022:8506	None	None	None	2022-11-16 13:35:05 UTC

Description Paul Armstrong 2022-07-22 16:54:19 UTC

Description of problem:
When the system is configured to use an IdM user for remote execution and you launch the web console (cockpit) for a system, you are properly logged in as the realm user (realm-capsule in my case), however, the smart-proxy process goes to 100% of a cpu.

Version-Release number of selected component (if applicable):
Satellite 6.11.0
RHEL 8.6
LEAPP in-place upgrade
System was configured for krb5 auth before upgrade

How reproducible:
Always

Steps to Reproduce:
1. See above. Configure system as per documentaiton for krb5 auth for RE
2. Ensure RE functions
3. Log in to remote system using Web Console button

Actual results:
Logged in appropriately
smart-proxy goes to 100% cpu

Expected results:
Logged in appropriately
smart-proxy normal cpu usage

Additional info:
My recommendation is that the default cockpit URL is:
https://{%host}:{%cockpit_port} - this requires the admin to log in with an appropriate username and password on the box. Better security. Compromise of the  Satellite login does not give access to Satellite managed systems.

Comment 1 Paul Armstrong 2022-07-22 17:06:59 UTC




Stopped foreman-proxy with systemctl --- restarting
2022-07-22T12:57:24  [D] 'pulpcore' settings: 'client_authentication': ["client_certificate"], 'content_app_url': https://sat6.parmstrong.ca/pulp/content, 'enabled': https, 'mirror': false (default), 'pulp_url': https://sat6.parmstrong.ca, 'rhsm_url': https://sat6.parmstrong.ca:443/rhsm
2022-07-22T12:57:24  [D] 'pulpcore' ports: 'http': false, 'https': true
2022-07-22T12:57:24  [D] 'discovery' settings: 'enabled': true, 'node_port': 8443 (default), 'node_scheme': https (default)
2022-07-22T12:57:24  [D] 'discovery' ports: 'http': true, 'https': true
2022-07-22T12:57:24  [D] 'dynflow' settings: 'console_auth': true (default), 'core_url': https://sat6.parmstrong.ca:8008, 'database': , 'enabled': https, 'execution_plan_cleaner_age': 1800 (default), 'external_core': false
2022-07-22T12:57:24  [D] 'dynflow' ports: 'http': false, 'https': true
2022-07-22T12:57:24  [D] 'openscap' settings: 'contentdir': /var/lib/foreman-proxy/openscap/content, 'corrupted_dir': /var/lib/foreman-proxy/openscap/corrupted, 'enabled': https, 'failed_dir': /var/lib/foreman-proxy/openscap/failed, 'openscap_send_log_file': /var/log/foreman-proxy/openscap-send.log, 'oval_content_dir': /usr/share/foreman-proxy/lib/../openscap/oval_content (default), 'registered_proxy_name': sat6.parmstrong.ca, 'registered_proxy_url': https://sat6.parmstrong.ca:9090, 'reportsdir': /var/lib/foreman-proxy/openscap/reports, 'spooldir': /var/spool/foreman-proxy/openscap (default), 'tailoring_dir': /usr/share/foreman-proxy/lib/../openscap/tailoring (default), 'timeout': 60
2022-07-22T12:57:24  [D] 'openscap' ports: 'http': false, 'https': true
2022-07-22T12:57:24  [D] 'ssh' settings: 'async_ssh': false, 'cleanup_working_dirs': true (default), 'enabled': https, 'kerberos_auth': true, 'local_working_dir': /var/tmp (default), 'mode': ssh (default), 'remote_working_dir': /var/tmp (default), 'ssh_identity_key_file': /var/lib/foreman-proxy/ssh/id_rsa_foreman_proxy, 'ssh_log_level': error (default), 'ssh_user': root (default)
2022-07-22T12:57:24  [D] 'ssh' ports: 'http': false, 'https': true
2022-07-22T12:57:25  [D] 'ansible' settings: 'ansible_dir': /usr/share/foreman-proxy (default), 'enabled': https, 'working_dir': /tmp
2022-07-22T12:57:25  [D] 'ansible' ports: 'http': false, 'https': true
2022-07-22T12:57:25  [D] 'dns' settings: 'dns_ttl': 86400 (default), 'enabled': https, 'use_provider': dns_nsupdate_gss
2022-07-22T12:57:25  [D] 'dns' ports: 'http': false, 'https': true
2022-07-22T12:57:25  [D] 'templates' settings: 'enabled': true, 'template_url': http://sat6.parmstrong.ca:8000
2022-07-22T12:57:25  [D] 'templates' ports: 'http': true, 'https': true
2022-07-22T12:57:25  [D] 'tftp' settings: 'enabled': https, 'tftp_connect_timeout': 10 (default), 'tftp_servername': sat6.parmstrong.ca, 'tftproot': /var/lib/tftpboot (default), 'verify_server_cert': true (default)
2022-07-22T12:57:25  [D] 'tftp' ports: 'http': false, 'https': true
2022-07-22T12:57:25  [D] 'realm' settings: 'enabled': https, 'use_provider': realm_freeipa (default)
2022-07-22T12:57:25  [D] 'realm' ports: 'http': false, 'https': true
2022-07-22T12:57:25  [D] 'logs' settings: 'enabled': https
2022-07-22T12:57:25  [D] 'logs' ports: 'http': false, 'https': true
2022-07-22T12:57:25  [D] Providers ['dns_nsupdate_gss'] are going to be configured for 'dns'
2022-07-22T12:57:25  [D] Providers ['realm_freeipa'] are going to be configured for 'realm'
2022-07-22T12:57:25  [D] 'dns_nsupdate_gss' settings: 'dns_server': idm10.parmstrong.ca, 'dns_tsig_keytab': /etc/foreman-proxy/freeipa.keytab, 'dns_tsig_principal': realm-capsule, 'dns_ttl': 86400, 'use_provider': dns_nsupdate_gss
2022-07-22T12:57:25  [D] 'realm_freeipa' settings: 'ipa_config': /etc/ipa/default.conf (default), 'keytab_path': /etc/foreman-proxy/freeipa.keytab, 'principal': realm-capsule, 'remove_dns': true (default), 'use_provider': realm_freeipa, 'verify_ca': true (default)
2022-07-22T12:57:25  [I] Successfully initialized 'pulpcore'
2022-07-22T12:57:25  [I] Successfully initialized 'discovery'
2022-07-22T12:57:25  [W] Could not open DB for dynflow at '', will keep data in memory. Restart will drop all dynflow data.
2022-07-22T12:57:25  [I] Execution plan cleaner removing 0 execution plans.
2022-07-22T12:57:25  [I] Successfully initialized 'dynflow'
2022-07-22T12:57:25  [I] Successfully initialized 'openscap'
2022-07-22T12:57:25  [I] Successfully initialized 'ssh'
2022-07-22T12:57:25  [I] Successfully initialized 'ansible'
2022-07-22T12:57:25  [I] Successfully initialized 'foreman_proxy'
2022-07-22T12:57:25  [I] Successfully initialized 'dns_nsupdate_gss'
2022-07-22T12:57:25  [I] Successfully initialized 'dns'
2022-07-22T12:57:25  [I] Successfully initialized 'templates'
2022-07-22T12:57:25  [I] Successfully initialized 'tftp'
2022-07-22T12:57:25  [I] Successfully initialized 'realm_freeipa'
2022-07-22T12:57:25  [I] Successfully initialized 'realm'
2022-07-22T12:57:25  [D] Log buffer API initialized, available capacity: 2000/1000
2022-07-22T12:57:25  [I] Successfully initialized 'logs'
2022-07-22T12:57:25  [I] WEBrick 1.6.1
2022-07-22T12:57:25  [I] ruby 2.7.4 (2021-07-07) [x86_64-linux]
2022-07-22T12:57:25  [I] 
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 268369922 (0xfff0002)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: O=PARMSTRONG.CA, CN=Certificate Authority
        Validity
            Not Before: Apr 20 20:40:50 2021 GMT
            Not After : Apr 21 20:40:50 2023 GMT
        Subject: O=PARMSTRONG.CA, CN=sat6.parmstrong.ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (4096 bit)
                Modulus:
                    00:bb:e5:9f:f5:d2:09:29:ec:fb:8b:7a:6a:30:45:
                    c1:a6:c4:fd:b2:df:4a:1e:3a:ca:80:ff:c0:ce:25:
                    e7:eb:81:f0:b1:2f:4e:38:8c:cd:c1:e0:e4:2f:58:
                    90:aa:0b:ac:cb:28:6d:c8:db:6f:de:b9:8d:a1:7c:
                    5a:fe:91:e4:76:9e:ab:67:7d:ad:9d:90:ab:46:5d:
                    5b:0e:91:48:86:e3:ba:5c:c3:58:74:73:d2:85:ee:
                    ae:85:c2:b0:d3:fb:86:5d:ae:cc:7e:cf:64:30:9b:
                    d1:e0:6d:f8:79:43:69:76:84:07:11:7f:2e:58:2c:
                    88:58:49:10:4b:08:60:ba:c6:e1:05:d5:0a:ff:20:
                    d9:78:73:d2:79:eb:d4:70:44:fe:77:0b:20:32:5f:
                    a0:47:b7:d5:5d:38:70:4d:46:d5:96:0c:07:f9:35:
                    44:df:b8:1b:9d:e2:cf:c9:cf:c4:78:f3:f1:c7:d4:
                    a3:22:a6:88:de:ed:b7:f2:1b:82:7c:cd:17:7e:98:
                    8a:1d:3b:1b:56:99:20:1e:d2:e7:13:60:a5:5d:16:
                    3d:e9:e9:35:78:ad:54:69:1e:d2:2b:60:0b:63:4a:
                    c0:2d:02:05:ed:6a:ae:9b:ca:b3:da:38:e8:ea:45:
                    c4:d4:b3:4a:33:a7:e4:72:e9:8e:0f:d2:61:f0:75:
                    3c:18:06:60:b5:3b:8b:bf:d5:d6:30:bd:8b:1f:0a:
                    a8:70:5b:55:04:51:ff:14:31:7a:b9:f4:9b:54:0a:
                    54:f4:9d:29:01:44:b1:42:32:6c:5c:da:5a:92:81:
                    2b:d2:9f:91:d9:8f:7e:fb:dc:a3:0b:a6:27:01:61:
                    32:dd:e8:a0:e4:8a:d5:11:f2:fd:e0:93:46:1d:ed:
                    7e:b1:0a:bd:0a:70:ef:85:59:4f:a4:7e:2a:e8:d8:
                    a5:7d:ca:e7:87:b3:c7:c0:de:7f:31:50:59:36:99:
                    28:0a:94:e5:d0:f6:27:3b:7c:1b:b3:ba:77:c2:40:
                    60:54:4e:8a:bf:03:43:bf:79:55:9d:2c:e8:00:bf:
                    c6:a9:5e:88:01:d7:7b:17:23:c7:51:05:33:63:7c:
                    74:28:46:1d:42:ef:c2:78:5a:b3:2f:ac:d1:ff:7c:
                    16:05:69:db:c0:f7:47:e4:a0:1d:7a:bf:5c:26:4d:
                    2d:6d:d1:dc:77:4b:db:9d:da:77:51:72:30:57:65:
                    dd:5b:8a:c0:39:6d:29:1f:07:a0:50:7c:e0:01:b6:
                    da:9d:a8:1b:38:34:68:4d:a6:7c:de:dc:32:29:92:
                    4e:8e:04:b3:ed:56:ed:bf:18:44:30:f9:72:b9:91:
                    d4:44:60:54:a1:ea:dd:2b:14:1a:29:93:34:c0:1a:
                    7c:da:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                keyid:E2:ED:9F:03:32:E7:50:71:08:4E:10:18:26:D2:47:1C:6A:A6:46:F7

            Authority Information Access: 
                OCSP - URI:http://ipa-ca.parmstrong.ca/ca/ocsp

            X509v3 Key Usage: critical
                Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://ipa-ca.parmstrong.ca/ipa/crl/MasterCRL.bin
                CRL Issuer:
                  DirName:O = ipaca, CN = Certificate Authority

            X509v3 Subject Key Identifier: 
                74:67:DE:FC:83:1D:A7:4B:54:B0:9A:D7:C6:E5:22:81:74:C8:25:33
            X509v3 Subject Alternative Name: 
                DNS:sat6.parmstrong.ca
    Signature Algorithm: sha256WithRSAEncryption
         a5:22:bb:79:bd:c4:0a:62:cc:c2:b0:1e:2b:a3:12:02:dc:7a:
         b0:0f:ab:f9:a5:d7:e0:c2:a0:f0:c3:cb:89:f1:24:9f:6f:aa:
         9a:2e:04:f7:6a:ba:dd:d8:e7:0d:f8:69:cc:ec:90:88:90:9f:
         15:a1:f6:eb:9a:71:7f:45:a5:b5:95:78:86:69:05:bb:b3:5c:
         5c:1b:aa:f6:c0:2f:65:cf:8b:5c:b0:36:69:ac:4b:e4:1b:f0:
         d3:42:63:d6:5f:53:ed:4b:ed:37:3f:c8:f2:01:e6:54:3d:d3:
         69:b0:1e:24:de:9a:ed:93:79:0e:43:d8:01:f6:a9:0f:a3:78:
         0a:92:c2:93:c7:0c:9d:ec:87:11:58:3c:cf:40:0d:de:a8:10:
         78:b7:e8:ee:63:42:1a:40:49:b9:66:b9:cb:72:39:01:56:3b:
         98:e4:58:86:bb:61:85:c7:6e:cb:9a:93:96:87:1a:9b:93:25:
         d9:5d:e1:45:6e:fb:a7:fb:ba:c0:a5:99:2c:6f:11:bd:5b:da:
         03:e9:2f:e7:8b:d7:0d:4d:79:87:44:01:31:b5:d8:00:8f:34:
         4e:81:74:cc:2e:6c:c4:42:ca:1a:4d:32:27:33:eb:88:45:ef:
         82:c9:68:e0:ba:61:36:ac:ee:0b:64:66:80:ac:c2:7e:10:d3:
         75:de:3b:e9:fd:3a:b3:f1:9b:5b:15:67:5d:09:9b:e7:a3:37:
         83:eb:11:36:62:45:c2:88:0c:1f:23:25:42:20:bf:e8:b4:50:
         55:2d:60:ab:9e:d0:4c:38:6c:38:07:66:48:dd:51:b9:5e:5f:
         9b:67:84:75:81:e9:27:7c:10:09:77:ec:cc:4b:07:f2:97:19:
         66:c8:d9:25:58:79:35:42:13:40:ec:f7:0e:68:9c:a7:6b:78:
         6e:98:de:07:6b:ca:b6:34:25:35:5d:28:b8:05:10:e6:8f:37:
         84:49:5e:64:40:33:3f:fc:2e:d0:ae:41:e3:21:4c:b8:d6:f4:
         c3:13:86:a5:40:80

2022-07-22T12:57:25  [D] Rack::Handler::WEBrick is mounted on /.
2022-07-22T12:57:25  [I] WEBrick::HTTPServer#start: pid=48508 port=9090
2022-07-22T12:57:25  [I] Smart proxy has launched on 2 socket(s), waiting for requests
2022-07-22T12:57:40  [D] Executor heartbeat
2022-07-22T12:57:55  [D] Executor heartbeat
2022-07-22T12:58:10  [D] Executor heartbeat
2022-07-22T12:58:25  [D] Executor heartbeat
2022-07-22T12:58:40  [D] Executor heartbeat
2022-07-22T12:58:55  [D] Executor heartbeat

Heartbeat and nothing else

2022-07-22T12:59:10  [D] Executor heartbeat
2022-07-22T12:59:25  [D] Executor heartbeat

Launching console

2022-07-22T12:59:40  [D] Executor heartbeat
2022-07-22T12:59:55  [D] Executor heartbeat
2022-07-22T13:00:10  [D] Executor heartbeat
2022-07-22T13:00:25  [D] Executor heartbeat
2022-07-22T13:00:40  [D] Executor heartbeat
2022-07-22T13:00:51  [D] accept: 192.168.252.12:37490
2022-07-22T13:00:51  [D] Rack::Handler::WEBrick is invoked.
2022-07-22T13:00:51 cf49a69f [I] Started GET /dynflow/tasks/count state=running
2022-07-22T13:00:51 cf49a69f [D] verifying remote client 192.168.252.12 against trusted_hosts ["sat6.parmstrong.ca"]
2022-07-22T13:00:51 cf49a69f [I] Finished GET /dynflow/tasks/count with 200 (4.96 ms)
2022-07-22T13:00:51  [D] close: 192.168.252.12:37490
2022-07-22T13:00:51  [D] accept: 192.168.252.12:37492
2022-07-22T13:00:51  [D] Rack::Handler::WEBrick is invoked.
2022-07-22T13:00:51 462ae60a [I] Started POST /ssh/session 
2022-07-22T13:00:51 462ae60a [D] verifying remote client 192.168.252.12 against trusted_hosts ["sat6.parmstrong.ca"]
2022-07-22T13:00:55  [D] Executor heartbeat
2022-07-22T13:01:10  [D] Executor heartbeat
2022-07-22T13:01:25  [D] Executor heartbeat

Debug logging is on
nothing...\
CPU 100%

2022-07-22T13:01:40  [D] Executor heartbeat
2022-07-22T13:01:55  [D] Executor heartbeat
2022-07-22T13:02:10  [D] Executor heartbeat
2022-07-22T13:02:25  [D] Executor heartbeat
2022-07-22T13:02:40  [D] Executor heartbeat
2022-07-22T13:02:55  [D] Executor heartbeat
2022-07-22T13:03:10  [D] Executor heartbeat

still nothing

2022-07-22T13:03:25  [D] Executor heartbeat
2022-07-22T13:03:40  [D] Executor heartbeat
2022-07-22T13:03:55  [D] Executor heartbeat

stopping foreman-proxy with systemctl

2022-07-22T13:04:00  [I] start terminating delayed_executor...
2022-07-22T13:04:00  [I] start terminating throttle_limiter...
2022-07-22T13:04:00  [I] start terminating executor...
2022-07-22T13:04:00 462ae60a [I] Finished POST /ssh/session with 101 (189028.63 ms)
2022-07-22T13:04:00  [D] close: 192.168.252.12:37492
2022-07-22T13:04:00  [I] shutting down Core ...
2022-07-22T13:04:00  [I] ... Dynflow core terminated.
2022-07-22T13:04:00  [I] start terminating executor dispatcher...
2022-07-22T13:04:00  [I] start terminating client dispatcher...
2022-07-22T13:04:00  [I] stop listening for new events...
2022-07-22T13:04:00  [I] start terminating clock...
2022-07-22T13:04:00  [D] close TCPSocket(0.0.0.0, 9090)
2022-07-22T13:04:00  [D] close TCPSocket(::, 9090)
2022-07-22T13:04:00  [I] going to shutdown ...
2022-07-22T13:04:00  [I] WEBrick::HTTPServer#start done.

Comment 2 Paul Armstrong 2022-07-22 17:07:45 UTC

root@sat6 settings.d]# ps -ef | grep smart-proxy
foreman+   48508       1 28 12:57 ?        00:01:22 /usr/bin/ruby /usr/share/foreman-proxy/bin/smart-proxy --no-daemonize
root       48687    2275  0 13:02 pts/0    00:00:00 grep --color=auto smart-proxy
[root@sat6 settings.d]# ps -ef | grep proxy
root        1485       1  0 01:18 ?        00:00:00 /usr/sbin/gssproxy -D
root       48461   45180  0 12:55 pts/3    00:00:00 tail -f proxy.log
foreman+   48508       1 30 12:57 ?        00:01:29 /usr/bin/ruby /usr/share/foreman-proxy/bin/smart-proxy --no-daemonize
foreman+   48654   48508  0 13:00 ?        00:00:00 /usr/bin/sshpass -e /usr/bin/ssh testdeploy-sat-on-8.parmstrong.ca -o User=realm-capsule -o Port=22 -o IdentityFile=/var/lib/foreman-proxy/ssh/id_rsa_foreman_proxy -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o PreferredAuthentications=password,publickey,gssapi-with-mic -o NumberOfPasswordPrompts=1 -o LogLevel=error -o ControlMaster=auto -o ControlPath=/var/tmp/foreman-proxy/foreman-ssh-cmd-2f5f57ee-5de3-4dc2-b8e0-5830e2466b4a/socket -o ControlPersist=yes cockpit-bridge
foreman+   48655   48654  0 13:00 pts/2    00:00:00 /usr/bin/ssh testdeploy-sat-on-8.parmstrong.ca -o User=realm-capsule -o Port=22 -o IdentityFile=/var/lib/foreman-proxy/ssh/id_rsa_foreman_proxy -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o PreferredAuthentications=password,publickey,gssapi-with-mic -o NumberOfPasswordPrompts=1 -o LogLevel=error -o ControlMaster=auto -o ControlPath=/var/tmp/foreman-proxy/foreman-ssh-cmd-2f5f57ee-5de3-4dc2-b8e0-5830e2466b4a/socket -o ControlPersist=yes cockpit-bridge
foreman+   48659       1  0 13:00 ?        00:00:00 ssh: /var/tmp/foreman-proxy/foreman-ssh-cmd-2f5f57ee-5de3-4dc2-b8e0-5830e2466b4a/socket [mux]
root       48692    2275  0 13:02 pts/0    00:00:00 grep --color=auto proxy
[root@sat6 settings.d]# systemctl stop foreman-proxy

Comment 3 Paul Armstrong 2022-07-22 17:08:29 UTC

top - 13:03:22 up 11:45,  3 users,  load average: 0.97, 0.50, 0.39
Tasks: 333 total,   1 running, 332 sleeping,   0 stopped,   0 zombie
%Cpu(s): 23.2 us,  2.3 sy,  0.0 ni, 74.3 id,  0.1 wa,  0.1 hi,  0.1 si,  0.0 st
MiB Mem :  31731.5 total,  11462.5 free,   8379.6 used,  11889.4 buff/cache
MiB Swap:  16380.0 total,  16327.2 free,     52.8 used.  22717.5 avail Mem 

    PID USER      PR  NI    VIRT    RES    SHR S  %CPU  %MEM     TIME+ COMMAND                                                                                                                                     
  48508 foreman+  20   0  567420  88628  12920 S 100.0   0.3   2:32.04 smart-proxy                                                                                                                                 
  47231 tomcat    20   0 8415720   1.1g  46800 S   0.7   3.5   1:22.03 java                                                                                                                                        
  47191 postgres  20   0  352136   4940   3072 S   0.3   0.0   0:00.52 postmaster                                                                                                                                  
  47206 pulp      20   0  866148 127408  26436 S   0.3   0.4   0:06.36 gunicorn                                                                                                                                    
  47208 pulp      20   0  866140 127416  26436 S   0.3   0.4   0:06.47 gunicorn                                                                                                                                    
  47212 pulp      20   0  866140 127260  26436 S   0.3   0.4   0:06.31 gunicorn                                                                                                                                    
  48136 root      20   0  275496   5504   4452 R   0.3   0.0   0:03.74 top                                                                                                                                         
      1 root      20   0  390536  14516   8436 S   0.0   0.0   0:10.18 systemd                                                                                                                                     
      2 root      20   0       0      0      0 S   0.0   0.0   0:00.04 kthreadd                                                                                                                                    
      3 root       0 -20       0      0      0 I   0.0   0.0   0:00.00 rcu_gp                                                                                                                                      
      4 root       0 -20       0      0      0 I   0.0   0.0   0:00.00 rcu_par_gp                                                                                                                                  
      6 root       0 -20       0      0      0 I   0.0   0.0   0:00.00 kworker/0:0H-events_highpri                                                                                                                 
      9 root       0 -20       0      0      0 I   0.0   0.0   0:00.00 mm_percpu_wq                                                                                                                                
     10 root      20   0       0      0      0 S   0.0   0.0   0:00.00 rcu_tasks_rude_                                                                                                                             
     11 root      20   0       0      0      0 S   0.0   0.0   0:00.00 rcu_tasks_trace

Comment 4 Adam Ruzicka 2022-07-25 07:45:18 UTC

Connecting to an upstream issue

Just to clarify, from what I've seen the "with krb5 auth on RHEL8" is irrelevant. It happens all the time and everywhere, no matter the os or configuration.

Comment 5 Bryan Kearney 2022-08-01 16:05:19 UTC

Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/35230 has been resolved.

Comment 7 Adam Ruzicka 2022-09-14 15:11:47 UTC

There were actually two issues fixed in a single PR (see separate commits). The first one (the one that is not included in downstream) was to make the cockpit integration work with the changes that landed in master, but are not yet present in the version we ship in downstream. If you see all the changes from the second commit[1], then all should be good. I just checked the rpm itself and the changes from the second commit seem to be there.

[1] - https://github.com/theforeman/smart_proxy_remote_execution_ssh/pull/88/commits/b1289c99131f12cb02f1a55d89a80f6f5c50afd5

Comment 8 Adam Ruzicka 2022-09-15 09:47:04 UTC

I just checked this on a fresh 6.12 snap 11 box and it looks like the necessary changes have landed, the smart-proxy process is not longer consuming 100% cpu, in fact it seems to be mostly idle. Moving back to ON_QA

Comment 9 Peter Ondrejka 2022-09-19 13:01:50 UTC

(In reply to Adam Ruzicka from comment #7)
> There were actually two issues fixed in a single PR (see separate commits).
> The first one (the one that is not included in downstream) was to make the
> cockpit integration work with the changes that landed in master, but are not
> yet present in the version we ship in downstream. If you see all the changes
> from the second commit[1], then all should be good. I just checked the rpm
> itself and the changes from the second commit seem to be there.
> 
> [1] -
> https://github.com/theforeman/smart_proxy_remote_execution_ssh/pull/88/
> commits/b1289c99131f12cb02f1a55d89a80f6f5c50afd5

Ah, that explains it

Comment 10 Peter Ondrejka 2022-09-19 13:04:05 UTC

Verified on Sat 6.12 snap 11, no trace of increased smart-proxy cpu consumption

Comment 14 errata-xmlrpc 2022-11-16 13:34:44 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Satellite 6.12 Release), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:8506

Note You need to log in before you can comment on or make changes to this bug.