Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-11000

Race condition with agent_disabled_lockfile

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PUP 6.22.0, PUP 7.6.0
    • Component/s: None
    • Labels:
    • Template:
      PUP Bug Template
    • Agent OS:
      CentOS 7
    • Master OS:
      CentOS 7
    • Method Found:
      Inspection
    • Community Contributors:
      gcampbell12
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      Hide
      Fixes a race condition that could cause an agent to become disabled and no longer enforce desired state.

      This was a community contribution from https://github.com/gcampbell12
      Show
      Fixes a race condition that could cause an agent to become disabled and no longer enforce desired state. This was a community contribution from https://github.com/gcampbell12
    • QA Risk Assessment:
      Needs Assessment

      Description

      Puppet Version: Affects all versions
      Puppet Server Version:
      OS Name/Version: CentOS 7

      This is essentially the same issue as seen in a an old PR which was lost over the years - https://github.com/puppetlabs/puppet/pull/1158 where rapid or parallel puppet runs can cause an already existing agent_disabled_lockfile to get truncated 

      Desired Behavior:

      I do not believe puppet actually needs to be creating a resource for this file, the agent_catalog_run_lockfile has a setting type of string for this reason (https://github.com/puppetlabs/puppet/blob/main/lib/puppet/defaults.rb#L1669) I'd like to apply the same setting type to agent_disabled_lockfile

      Actual Behavior:

      Examples:
      puppet agent --test --trace --debug --logdest /root/puppet-debug.log

      Lockfile being created (grep agent_disabled puppet-debug.log):

      Note: File[/opt/puppetlabs/puppet/cache/state/agent_disabled.lock]/ensure (debug): created

      2021-03-31 10:49:33 +0000 Puppet (debug): Using settings: adding file resource 'agent_disabled_lockfile': 'File[/opt/puppetlabs/puppet/cache/state/agent_disabled.lock]{:path=>"/opt/puppetlabs/puppet/cache/state/agent_disabled.lock", :ensure=>:file, :loglevel=>:debug, :links=>:follow, :backup=>false}'
      2021-03-31 10:49:34 +0000 /File[/opt/puppetlabs/puppet/cache/state/agent_disabled.lock]/seluser (debug): Found seluser default 'system_u' for /opt/puppetlabs/puppet/cache/state/agent_disabled.lock
      2021-03-31 10:49:34 +0000 /File[/opt/puppetlabs/puppet/cache/state/agent_disabled.lock]/selrole (debug): Found selrole default 'object_r' for /opt/puppetlabs/puppet/cache/state/agent_disabled.lock
      2021-03-31 10:49:34 +0000 /File[/opt/puppetlabs/puppet/cache/state/agent_disabled.lock]/seltype (debug): Found seltype default 'usr_t' for /opt/puppetlabs/puppet/cache/state/agent_disabled.lock
      2021-03-31 10:49:34 +0000 /File[/opt/puppetlabs/puppet/cache/state/agent_disabled.lock]/selrange (debug): Found selrange default 's0' for /opt/puppetlabs/puppet/cache/state/agent_disabled.lock
      2021-03-31 10:49:34 +0000 /File[/opt/puppetlabs/puppet/cache/state/agent_disabled.lock] (debug): Adding autorequire relationship with File[/opt/puppetlabs/puppet/cache/state]
      2021-03-31 10:49:34 +0000 /File[/opt/puppetlabs/puppet/cache/state/agent_disabled.lock]/ensure (debug): created
      

       Strace from guilty puppet agent --test

      428070 10:49:34.313537 open("/opt/puppetlabs/puppet/cache/state/agent_disabled.lock", O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0666) = 18</opt/puppetlabs/puppet/cache/state/agent_disabled.lock> <0.000076>
      

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            gcampbell George Campbell
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Zendesk Support