Description of problem: failed to run vdsm cp command because of incorrect wildcard in the /etc/sudoers.d/50_vdsm Version-Release number of selected component (if applicable): vdsm-4.9.6-44.2.el6_3.x86_64 How reproducible: 100% Actual results: MainThread::DEBUG::2013-01-23 16:08:54,273::multipath::108::Storage.Misc.excCmd::(setupMultipath) '/usr/bin/sudo -n /bin/cp /etc/multipath.conf /etc/multipath.conf.1' (cwd None) MainThread::DEBUG::2013-01-23 16:08:54,281::multipath::108::Storage.Misc.excCmd::(setupMultipath) FAILED: <err> = 'sudo: sorry, a password is required to run sudo\n'; <rc> = 1 MainThread::DEBUG::2013-01-23 16:08:54,282::multipath::108::Storage.Misc.excCmd::(setupMultipath) '/usr/bin/sudo -n /usr/sbin/persist /etc/multipath.conf.1' (cwd None) MainThread::DEBUG::2013-01-23 16:08:54,288::multipath::108::Storage.Misc.excCmd::(setupMultipath) FAILED: <err> = 'sudo: sorry, a password is required to run sudo\n'; <rc> = 1 MainThread::DEBUG::2013-01-23 16:08:54,298::multipath::118::Storage.Misc.excCmd::(setupMultipath) '/usr/bin/sudo -n /usr/sbin/persist /etc/multipath.conf' (cwd None) MainThread::DEBUG::2013-01-23 16:08:54,304::multipath::118::Storage.Misc.excCmd::(setupMultipath) FAILED: <err> = 'sudo: sorry, a password is required to run sudo\n'; <rc> = 1 MainThread::DEBUG::2013-01-23 16:08:54,305::multipath::121::Storage.Misc.excCmd::(setupMultipath) '/usr/bin/sudo -n /sbin/multipath -F' (cwd None) MainThread::DEBUG::2013-01-23 16:08:54,336::multipath::121::Storage.Misc.excCmd::(setupMultipath) FAILED: <err> = ''; <rc> = 1 Expected results: Additional info: /bin/cp * multipath.conf *, \ should be /bin/cp *multipath.conf *, \ --- a/vdsm/sudoers.vdsm.in 2013-02-04 10:30:16.551216731 +0100 +++ b/vdsm/sudoers.vdsm.in 2013-02-04 10:30:25.434215066 +0100 @@ -31,7 +31,7 @@ @PERSIST@ /var/log/vdsm/backup/*, \ @UNPERSIST@ multipath.conf, \ @UNPERSIST@ /var/log/vdsm/backup/*, \ - @CP@ * multipath.conf *, \ + @CP@ *multipath.conf *, \ @CP@ * /var/log/vdsm/backup/* *, \ @MULTIPATH@, \ @BLOCKDEV@ --getsize64 *, \
--- a/vdsm/sudoers.vdsm.in 2013-02-04 10:32:56.958196462 +0100 +++ b/vdsm/sudoers.vdsm.in 2013-02-04 10:34:06.744183744 +0100 @@ -27,13 +27,13 @@ @CAT@ /etc/multipath.conf, \ @DD@ of=/sys/class/scsi_host/host*/scan, \ @DD@, \ - @PERSIST@ multipath.conf, \ + @PERSIST@ *multipath.conf, \ @PERSIST@ /var/log/vdsm/backup/*, \ - @UNPERSIST@ multipath.conf, \ + @UNPERSIST@ *multipath.conf, \ @UNPERSIST@ /var/log/vdsm/backup/*, \ - @CP@ * multipath.conf *, \ + @CP@ *multipath.conf *, \ @CP@ * /var/log/vdsm/backup/* *, \ - @MULTIPATH@, \ + @MULTIPATH@ *, \ @BLOCKDEV@ --getsize64 *, \ @SETSID@ @IONICE@ -c? -n? @SU@ vdsm -s /bin/sh -c /usr/libexec/vdsm/spmprotect.sh*, \ @SERVICE@ vdsmd *, \
Pavel, what is the base version of this diff? I do not see @CP@ * multipath.conf * in any recent vdsm version. Which version of sudo do you have installed? What is `rpm -V vdsm` ?
It was patch for rhev-3.0 in rhev-3.1 the similar situation: Checked with commit bc8e315ba242de52edf27cfc9b5d6834747a9fa7 --- a/vdsm/sudoers.vdsm.in 2013-02-04 12:41:25.183928796 +0100 +++ b/vdsm/sudoers.vdsm.in 2013-02-04 12:42:23.746927174 +0100 @@ -33,13 +33,13 @@ @CAT_PATH@ /etc/multipath.conf, \ @DD_PATH@ of=/sys/class/scsi_host/host*/scan, \ @DD_PATH@, \ - @PERSIST_PATH@ multipath.conf, \ + @PERSIST_PATH@ */multipath.conf, \ @PERSIST_PATH@ /var/log/vdsm/backup/*, \ - @UNPERSIST_PATH@ multipath.conf, \ + @UNPERSIST_PATH@ */multipath.conf, \ @UNPERSIST_PATH@ /var/log/vdsm/backup/*, \ - @CP_PATH@ * multipath.conf *, \ + @CP_PATH@ *multipath.conf *, \ @CP_PATH@ * /var/log/vdsm/backup/* *, \ - @MULTIPATH_PATH@, \ + @MULTIPATH_PATH@ *, \ @BLOCKDEV_PATH@ --getsize64 *, \ @SETSID_PATH@ @IONICE_PATH@ -c? -n? @SU_PATH@ vdsm -s /bin/sh -c /usr/libexec/vdsm/spmprotect.sh*, \
Pavel would you first suggest an upstream patch? It would be great if you explain how it has ever worked.
Please check: http://gerrit.ovirt.org/#/c/11687/
Sorry, commit message: Change sudo wildcards to work with absolute paths VDSM works with absolute paths of multipath,conf file but wildcards in /etc/sudoers.d/50_vdsm don't allow it. The patch just modify wildcards to allow absolute paths like "/usr/bin/sudo -n /usr/sbin/persist /etc/multipath.conf'" instead of "/usr/bin/sudo -n /usr/sbin/persist multipath.conf'" and so on
Pavel, Can you please supply the exact reproduce scenario ?
Error messages appears every time then setupMultipath called. I saw 3-4 systems affected. As workaround we use "vdsm ALL=(ALL) NOPASSWD: ALL" and this rule fixed issue.
Pavel, please help us understand how come the current code works for everybody but you. Also, (In reply to comment #2) > > Which version of sudo do you have installed?
Dan, systems don't be crashed after the errors, but the errors are present and It's not normal behaviour, isn't it? Please try to run command from #1 ('/usr/bin/sudo -n /bin/cp /etc/multipath.conf /etc/multipath.conf.1 for example) on any RHEV-H system as vdsm user (enable shell before) It will failed with error. setupMultipath cann't rotate or persist file in current realisation.
Hey Pavel, It does not normal behavior as you said, and we want to fix it. I updated your patch here - http://gerrit.ovirt.org/#/c/12226/2. please hit the verify if it does fix the bug, and abandon your second patch http://gerrit.ovirt.org/#/c/11687/1
3.2 has been released