[PUP-11000] Race condition with agent_disabled_lockfile - Puppet Jira Server

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: High
Resolution: Fixed
Affects Version/s: None
Fix Version/s: PUP 6.22.0, PUP 7.6.0
Component/s: None
Labels:
- doc_reviewed

Master OS:
CentOS 7
Method Found:
Inspection
Community Contributors:
gcampbell12

Release Notes:
Bug Fix
Release Notes Summary:

Hide
Fixes a race condition that could cause an agent to become disabled and no longer enforce desired state.

This was a community contribution from https://github.com/gcampbell12

Show
Fixes a race condition that could cause an agent to become disabled and no longer enforce desired state. This was a community contribution from https://github.com/gcampbell12

QA Risk Assessment:
Needs Assessment

Description

Puppet Version: Affects all versions
Puppet Server Version:
OS Name/Version: CentOS 7

This is essentially the same issue as seen in a an old PR which was lost over the years - https://github.com/puppetlabs/puppet/pull/1158 where rapid or parallel puppet runs can cause an already existing agent_disabled_lockfile to get truncated

Desired Behavior:

I do not believe puppet actually needs to be creating a resource for this file, the agent_catalog_run_lockfile has a setting type of string for this reason (https://github.com/puppetlabs/puppet/blob/main/lib/puppet/defaults.rb#L1669) I'd like to apply the same setting type to agent_disabled_lockfile

Actual Behavior:

Examples:
puppet agent --test --trace --debug --logdest /root/puppet-debug.log

Lockfile being created (grep agent_disabled puppet-debug.log):

Note: File[/opt/puppetlabs/puppet/cache/state/agent_disabled.lock]/ensure (debug): created

2021-03-31 10:49:33 +0000 Puppet (debug): Using settings: adding file resource 'agent_disabled_lockfile': 'File[/opt/puppetlabs/puppet/cache/state/agent_disabled.lock]{:path=>"/opt/puppetlabs/puppet/cache/state/agent_disabled.lock", :ensure=>:file, :loglevel=>:debug, :links=>:follow, :backup=>false}'

2021-03-31 10:49:34 +0000 /File[/opt/puppetlabs/puppet/cache/state/agent_disabled.lock]/seluser (debug): Found seluser default 'system_u' for /opt/puppetlabs/puppet/cache/state/agent_disabled.lock

2021-03-31 10:49:34 +0000 /File[/opt/puppetlabs/puppet/cache/state/agent_disabled.lock]/selrole (debug): Found selrole default 'object_r' for /opt/puppetlabs/puppet/cache/state/agent_disabled.lock

2021-03-31 10:49:34 +0000 /File[/opt/puppetlabs/puppet/cache/state/agent_disabled.lock]/seltype (debug): Found seltype default 'usr_t' for /opt/puppetlabs/puppet/cache/state/agent_disabled.lock

2021-03-31 10:49:34 +0000 /File[/opt/puppetlabs/puppet/cache/state/agent_disabled.lock]/selrange (debug): Found selrange default 's0' for /opt/puppetlabs/puppet/cache/state/agent_disabled.lock

2021-03-31 10:49:34 +0000 /File[/opt/puppetlabs/puppet/cache/state/agent_disabled.lock] (debug): Adding autorequire relationship with File[/opt/puppetlabs/puppet/cache/state]

2021-03-31 10:49:34 +0000 /File[/opt/puppetlabs/puppet/cache/state/agent_disabled.lock]/ensure (debug): created

Strace from guilty puppet agent --test

428070 10:49:34.313537 open("/opt/puppetlabs/puppet/cache/state/agent_disabled.lock", O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0666) = 18</opt/puppetlabs/puppet/cache/state/agent_disabled.lock> <0.000076>

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: George Campbell

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2021/03/31 4:27 AM

Updated:: 2021/04/23 11:09 AM

Resolved:: 2021/04/02 3:27 PM