[uyuni-users] Problem running remote commands with Centos 8
Hello, Spacewalk orphan looking for new home here. New Leap 15.2 and Uyuni 2020.07 install. On bootstrapping a Centos 8 client, I hit some snags initially, and needed to install salt-minion on the client, which in turn needed a new repo adding. yum install https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest.el8.noarch.rpm yum install salt-minion This installs salt-minion 3001-1.el8 plus dependencies. This allowed me to bootstrap through the Uyuni web interface and add the client successfully using the salt method. However, when running a remote command, such as "touch /tmp/i_exist.txt" (actual path doesn't matter), this fails with stderr: /bin/sh: /tmp/__salt.tmp.jir6xlhr.sh: Permission denied Googling tells me this is a salt error rather than a Uyuni one, but as Uyuni set up salt-minion I'm hoping to gain a solution here. Can anyone point me in the right direction please? Thanks
Please check that /tmp does not have the noexec mount option set.
Had that issue on specially secured images.
Robert
sent from my mobile device
-------- Originale Nachricht --------
Von: Simon Avery
If it has the noexec set, you could get around this by seeing the TMPDIR variable to another push within the systemctl service of salt-minion... Or, if this is possible (and have no problem with that) remove the noexec flag
Robert
sent from my mobile device
-------- Originale Nachricht --------
Von: Robert Paschedag
Thanks again to Robert for this pointer, that is indeed the exact cause. Disabling that allowed salt to work properly.
We have noexec enabled on /tmp for scap reasons - and I'm wondering if there is a way for Uyuni to specify another directory where Salt can do its thing rather than off /tmp?
Disabling noexec is not impossible, but if there's an alternative way it would be better for us.
Thanks
S
-----Original Message-----
From: Robert Paschedag
If it has the noexec set, you could get around this by seeing the TMPDIR variable to another push within the systemctl service of salt-minion...
sent from my mobile device
-------- Originale Nachricht --------
Von: Simon Avery
This has to be set on every minion. We solved it by providing a state, that implements this via a systemctl drop-in config
sent from my mobile device
-------- Originale Nachricht --------
Von: Robert Paschedag
Thanks Robert - the pointer towards the systemd unit was what I was needing, and it's working fine in /var/tmp now
Cheers
S
-----Original Message-----
From: Robert Paschedag
Hi Robert,
Ah - it is. Bingo. Thanks for the lead, I'll be testing that shortly.
S
-----Original Message-----
From: Robert Paschedag
Hi, What were your initial problems bootstrapping? Was https://www.uyuni-project.org/uyuni-docs/uyuni/client-configuration/clients-... for CentOS8 followed? Using salt 3001 from saltstack could work, but if there are problems we can't provide help (salt from the Uyuni CentOS8 client tools should be used as that's what is tested and it's the official salt for Uyuni). On martes, 4 de agosto de 2020 15:51:18 (CEST) Simon Avery wrote:
Hello, Spacewalk orphan looking for new home here.
New Leap 15.2 and Uyuni 2020.07 install.
On bootstrapping a Centos 8 client, I hit some snags initially, and needed to install salt-minion on the client, which in turn needed a new repo adding.
yum install https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest.el8.noarch.rpm yum install salt-minion
This installs salt-minion 3001-1.el8 plus dependencies.
This allowed me to bootstrap through the Uyuni web interface and add the client successfully using the salt method.
However, when running a remote command, such as "touch /tmp/i_exist.txt" (actual path doesn't matter), this fails with
stderr: /bin/sh: /tmp/__salt.tmp.jir6xlhr.sh: Permission denied
Googling tells me this is a salt error rather than a Uyuni one, but as Uyuni set up salt-minion I'm hoping to gain a solution here.
Can anyone point me in the right direction please?
Thanks
-- Julio González Gil Release Engineer, SUSE Manager and Uyuni jgonzalez@suse.com
Hi Julio,
No - I didn't follow that guide, but that looks very useful and I'm inclined to re-register my test machine after following that.
The problem I encountered was that the client did not have salt-minion installed, nor was it in the standard repos, but I've detailed that in my original post.
Thanks for the link, I'll be trying that.
S
-----Original Message-----
From: Julio González Gil
Hello, Spacewalk orphan looking for new home here.
New Leap 15.2 and Uyuni 2020.07 install.
On bootstrapping a Centos 8 client, I hit some snags initially, and needed to install salt-minion on the client, which in turn needed a new repo adding.
yum install https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest.el8.noarch. rpm yum install salt-minion
This installs salt-minion 3001-1.el8 plus dependencies.
This allowed me to bootstrap through the Uyuni web interface and add the client successfully using the salt method.
However, when running a remote command, such as "touch /tmp/i_exist.txt" (actual path doesn't matter), this fails with
stderr: /bin/sh: /tmp/__salt.tmp.jir6xlhr.sh: Permission denied
Googling tells me this is a salt error rather than a Uyuni one, but as Uyuni set up salt-minion I'm hoping to gain a solution here.
Can anyone point me in the right direction please?
Thanks
-- Julio González Gil Release Engineer, SUSE Manager and Uyuni jgonzalez@suse.com -- To unsubscribe, e-mail: uyuni-users+unsubscribe@opensuse.org To contact the owner, e-mail: uyuni-users+owner@opensuse.org
participants (3)
-
Julio González Gil
-
Robert Paschedag
-
Simon Avery