View Issue Details

IDProjectCategoryView StatusLast Update
0010990CentOS-7Cloud-Imagespublic2017-05-26 00:52
Reporterjhmartin 
PrioritynormalSeveritymajorReproducibilityalways
Status newResolutionopen 
PlatformX86_64OSCentOSOS Version7.2
Product Version7.2.1511 
Target VersionFixed in Version 
Summary0010990: cloud-init chef module fails restoring SELinux labels
DescriptionCloud-init is failing to bootstrap chef when SELinux is enabled. It occurs when it attempts to relabel /var/lib/nfs/rpc_pipefs as part of creating /var/lib/chef and relabeling /var/lib. Libselinux-python is encountering:

/etc/selinux/targeted/contexts/files/file_contexts:
/var/lib/nfs/rpc_pipefs(/.*)? <<none>>

which causes matchpathcon to return
  OSError: [Errno 2] No such file or directory
and causes cloud-init to abort the chef module.

The error is occurring before Chef is invoked. It fails during the directory-preparation step due to a directory that is specified in the selinux configuration as not having a default context. This bubbles up as a not-found error that is not handled by cc_chef.py.
Steps To Reproduce1. Provision a CentOS AMI that has SELinux in enforcing mode.
2. Launch the node with a userdata that invokes the chef handler. A working chef server is not required for the test.
3. While creating /var/lib/chef, /var/lib is recursively re-labeled for SELinux.
4. The process fails when it encounters /var/lib/nfs/rpc_pipefs and aborts chef installation.
Additional Information [CLOUDINIT] util.py[DEBUG]: Running chef (<module 'cloudinit.config.cc_chef' from '/usr/lib/python2.7/site-packages/cloudinit/config/cc_chef.py'>) failed
  Traceback (most recent call last):
    File "/usr/lib/python2.7/site-packages/cloudinit/stages.py", line 658, in _run_modules
      cc.run(run_name, mod.handle, func_args, freq=freq)
    File "/usr/lib/python2.7/site-packages/cloudinit/cloud.py", line 63, in run
      return self._runners.run(name, functor, args, freq, clear_on_fail)
    File "/usr/lib/python2.7/site-packages/cloudinit/helpers.py", line 197, in run
      results = functor(*args)
    File "/usr/lib/python2.7/site-packages/cloudinit/config/cc_chef.py", line 54, in handle
      util.ensure_dir(d)
    File "/usr/lib/python2.7/site-packages/cloudinit/util.py", line 1291, in ensure_dir
      os.makedirs(path)
    File "/usr/lib/python2.7/site-packages/cloudinit/util.py", line 167, in __exit__
      self.selinux.restorecon(path, recursive=self.recursive)
    File "/usr/lib64/python2.7/site-packages/selinux/__init__.py", line 95, in restorecon
      for fname in fnames]), None)
    File "/usr/lib64/python2.7/posixpath.py", line 246, in walk
      walk(name, func, arg)
    File "/usr/lib64/python2.7/posixpath.py", line 238, in walk
      func(arg, top, names)
    File "/usr/lib64/python2.7/site-packages/selinux/__init__.py", line 95, in <lambda>
      for fname in fnames]), None)
    File "/usr/lib64/python2.7/site-packages/selinux/__init__.py", line 85, in restorecon
      status, context = matchpathcon(path, mode)
  OSError: [Errno 2] No such file or directory

Relevant line in /etc/selinux/targeted/contexts/files/file_contexts:
/var/lib/nfs/rpc_pipefs(/.*)? <<none>>
TagsNo tags attached.
abrt_hash
URL

Activities

swackhamer

swackhamer

2017-05-26 00:52

reporter   ~0029340

I worked around this bug by adding this to my cloud-config; not elegant but it works:

        bootcmd:
          # solves bug: https://bugs.centos.org/view.php?id=10990#bugnotes
         - mkdir -p /etc/chef
         - mkdir -p /var/log/chef
         - mkdir -p /var/lib/chef
         - mkdir -p /var/cache/chef
         - mkdir -p /var/backups/chef
         - mkdir -p /var/run/chef

Issue History

Date Modified Username Field Change
2016-06-09 14:01 jhmartin New Issue
2017-05-26 00:52 swackhamer Note Added: 0029340