Uploaded image for project: 'Facter'
  1. Facter
  2. FACT-211

Facter 1.7.x crashes on CentOS 6.x VMs with an illegal instruction while looking up sshfp

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Cannot Reproduce
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Template:

      Description

      Support for ssh fingerprints (as merged in https://github.com/puppetlabs/facter/pull/162) breaks facter while running on CentOS 6.x on a VM due to a bug with ruby 1.8.7, which is what CentOS 6 provides.

       
          [acompton@] /usr/lib/ruby/site_ruby/1.8/facter >> facter --debug
          Relative directory ./facter removed from search path.
          value for lsbdistid is still nil
          value for ipaddress6_lo is still nil
          ruby-augeas not available
          value for augeasversion is still nil
          value for sshecdsakey is still nil
          value for sshfp_ecdsa is still nil
          Found no suitable resolves of 1 for selinux_policyversion
          value for selinux_policyversion is still nil
          value for lsbdistdescription is still nil
          Found no suitable resolves of 1 for xendomains
          value for xendomains is still nil
          value for lsbrelease is still nil
          Found no suitable resolves of 1 for selinux_mode
          value for selinux_mode is still nil
          Found no suitable resolves of 1 for zonename
          value for zonename is still nil
          value for ipaddress6_eth0 is still nil
          value for cfkey is still nil
          value for lsbdistid is still nil
          value for zpool_version is still nil
          value for macaddress_lo is still nil
          Illegal instruction
          [acompton@] /usr/lib/ruby/site_ruby/1.8/facter >> strace -f -- facter 2>&1 | grep -v SIG_ | tail
          stat("/usr/lib64/site_ruby/1.8/x86_64-linux/digest.rb", 0x7fff6c9843d0) = -1 ENOENT (No such file or directory)
          stat("/usr/lib64/site_ruby/1.8/x86_64-linux/digest.so", 0x7fff6c9843d0) = -1 ENOENT (No such file or directory)
          stat("/usr/lib64/site_ruby/digest.rb", 0x7fff6c9843d0) = -1 ENOENT (No such file or directory)
          stat("/usr/lib64/site_ruby/digest.so", 0x7fff6c9843d0) = -1 ENOENT (No such file or directory)
          stat("/usr/lib/ruby/1.8/digest.rb", {st_mode=S_IFREG|0644, st_size=1145, ...}) = 0
          open("/usr/lib/ruby/1.8/digest.rb", O_RDONLY) = 3
          fstat(3, {st_mode=S_IFREG|0644, st_size=1145, ...}) = 0
          close(3)                                = 0
          --- SIGILL (Illegal instruction) @ 0 (0) ---
          +++ killed by SIGILL +++
          (...comment out sshfp support...)
          [acompton@] /usr/lib/ruby/site_ruby/1.8/facter >> cat ssh.rb
          # Fact: ssh
          #
          # Purpose:
          #
          # Resolution:
          #
          # Caveats:
          #
          
          ## ssh.rb
          ## Facts related to SSH
          ##
          
          {"SSHDSAKey" => { :file => "ssh_host_dsa_key.pub", :sshfprrtype => 2 } , "SSHRSAKey" => { :file => "ssh_host_rsa_key.pub", :sshfprrtype => 1 }, "SSHECDSAKey" => { :file => "ssh_host_ecdsa_key.pub", :sshfprrtype => 3 } }.each do |name,key|
          
            Facter.add(name) do
              setcode do
                value = nil
          
                [ "/etc/ssh",
                  "/usr/local/etc/ssh",
                  "/etc",
                  "/usr/local/etc",
                  "/etc/opt/ssh",
                ].each do |dir|
          
                  filepath = File.join(dir,key[:file])
          
                  if FileTest.file?(filepath)
                    begin
                      value = File.read(filepath).chomp.split(/\s+/)[1]
                      break
                    rescue
                      value = nil
                    end
                  end
                end
          
                value
              end
            end
          
            # Facter.add('SSHFP_' + name[3..-4]) do
            #   setcode do
            #     ssh = Facter.fact(name).value
            #     value = nil
          
            #     if ssh && key[:sshfprrtype]
            #       begin
            #         require 'digest/sha1'
            #         require 'base64'
            #         digest = Base64.decode64(ssh)
            #         value = 'SSHFP ' + key[:sshfprrtype].to_s + ' 1 ' + Digest::SHA1.hexdigest(digest)
            #         begin
            #           require 'digest/sha2'
            #           value += "\nSSHFP " + key[:sshfprrtype].to_s + ' 2 ' + Digest::SHA256.hexdigest(digest)
            #         rescue
            #         end
            #       rescue
            #         value = nil
            #       end
            #     end
          
            #     value
            #   end
          
            # end
          
          end
          [acompton@] /usr/lib/ruby/site_ruby/1.8/facter >> facter | head -n 5
          architecture => x86_64
          bios_release_date => 01/01/2007
          bios_vendor => Bochs
          bios_version => Bochs
          blockdevice_vda_size => 42949672960
      
      

      I'm running the latest version of ruby available:

       
          [acompton@] /usr/lib/ruby/site_ruby/1.8/facter >> rpm -qa | grep ruby | sort
          ruby-1.8.7.352-12.el6_4.x86_64
          ruby-libs-1.8.7.352-12.el6_4.x86_64
      
      

      although this happens with every version I can find for CentOS 6.

      This does not happen (i.e., facter works fine) on physical machines with the same configuration.

      This problem is trivially demonstrated with this short example program (from https://groups.google.com/forum/#!topic/comp.lang.ruby/iFm1r1tvuC8):

          [acompton@] ~ >> cat 1.rb
          #!/usr/bin/ruby
          #
          require 'digest/sha1'
          require 'base64'
          require 'digest/sha2'
          puts Digest::SHA256.hexdigest("123")
          [acompton@] ~ >> ruby 1.rb
          Illegal instruction
          
      

      I'm not actually sure what you guys should do about this, since it's obviously a ruby bug, but perhaps you could constrain the sshfp check to only run on real hardware so facter can still function in this case?

      Thanks,
      Adam

        Attachments

          Activity

            jsd-sla-details-panel

              People

              • Assignee:
                Unassigned
                Reporter:
                redmine.exporter redmine.exporter
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: