【标题描述】cloud-init-hotplugd.socket服务启动失败,必须关闭selinux才能启动成功
【环境信息】
软件信息:
1) OS版本及分支:openEuler 22.03 (LTS-SP1)
2) 内核信息:5.10.0-126.0.0.66.oe2203sp1.x86_64
3) 发现问题的组件版本信息:cloud-init-21.4-4.oe2203sp1.noarch
【问题复现步骤】
具体操作步骤
dnf idnstall -y cloud-init
systemctl start cloud-init-hotplugd.socket
systemctl status cloud-init-hotplugd.socket
出现概率(是否必现,概率性错误):必现
【预期结果】
服务启动成功
【实际结果】
服务启动失败,如下图所示
关闭selinux之后,服务可以正常启动,但是selinux的开关不应影响服务的启动停止,还请进行修复
【附件信息】
比如系统message日志/组件日志、dump信息、图片等
Hi wenjunryou, welcome to the openEuler Community.
I'm the Bot here serving you. You can find the instructions on how to interact with me at Here.
If you have any questions, please contact the SIG: Base-service, and any of the maintainers: @Monday , @谢志鹏 , @hexiaowen , @zhujianwei001 , @Lv Ying , @HuBin95 , @陈子扬 , @gaoruoshu , @znzjugod
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
cloud-init 21.3版本(2021年11月发布)开始引入的服务。与cloud-init-hotplugd.socket配对,实现热插拔功能。该服务默认不启动,需要启动服务时,先关闭selinux。
社区已知问题:
https://bugs.launchpad.net/cloud-init/+bug/1936229
与社区沟通近期修复计划,社区近期还是无计划去修复该问题。
相关权限问题,可以在开启selinux的情况下,启动cloud-init-hotplugd.socket,然后会失败,查看audit.log
热拔插使用介绍1:
https://cloudinit.readthedocs.io/en/latest/topics/modules.html#install-hotplug
热拔插使用介绍2:
这里对实例my-lxd添加网卡eth1。
https://cloudinit.readthedocs.io/en/latest/topics/datasources/lxd.html#hotplug
需要排查redhat、suse等友商是否有使用cloud-init-hotplugd,如果有使用,他们是怎么解决上面的问题的?我们需要参考他们的方案进行解决。如果没有,我们也不解决,issue继续挂起
[root@localhost ~]# cat /etc/os-release
NAME="Fedora Linux"
VERSION="37 (Server Edition)"
ID=fedora
VERSION_ID=37
VERSION_CODENAME=""
PLATFORM_ID="platform:f37"
PRETTY_NAME="Fedora Linux 37 (Server Edition)"
ANSI_COLOR="0;38;2;60;110;180"
LOGO=fedora-logo-icon
CPE_NAME="cpe:/o:fedoraproject:fedora:37"
HOME_URL="https://fedoraproject.org/"
DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/f37/system-administrators-guide/"
SUPPORT_URL="https://ask.fedoraproject.org/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=37
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=37
VARIANT="Server Edition"
VARIANT_ID=server
[root@localhost ~]# getenforce
Enforcing
[root@localhost ~]# systemctl status cloud-init-hotplugd.socket
× cloud-init-hotplugd.socket - cloud-init hotplug hook socket
Loaded: loaded (/usr/lib/systemd/system/cloud-init-hotplugd.socket; disabled; preset: disabled)
Active: failed (Result: resources)
Triggers: ● cloud-init-hotplugd.service
Listen: /run/cloud-init/hook-hotplug-cmd (FIFO)
Dec 13 02:46:57 localhost.localdomain systemd[1]: cloud-init-hotplugd.socket: Failed to open FIFO /run/cloud-init/hook-hotplug-cmd: Permission denied
Dec 13 02:46:57 localhost.localdomain systemd[1]: cloud-init-hotplugd.socket: Failed to listen on sockets: Permission denied
Dec 13 02:46:57 localhost.localdomain systemd[1]: cloud-init-hotplugd.socket: Failed with result 'resources'.
Dec 13 02:46:57 localhost.localdomain systemd[1]: Failed to listen on cloud-init-hotplugd.socket - cloud-init hotplug hook socket.
Dec 13 02:47:12 localhost.localdomain systemd[1]: cloud-init-hotplugd.socket: Failed to open FIFO /run/cloud-init/hook-hotplug-cmd: Permission denied
Dec 13 02:47:12 localhost.localdomain systemd[1]: cloud-init-hotplugd.socket: Failed to listen on sockets: Permission denied
Dec 13 02:47:12 localhost.localdomain systemd[1]: cloud-init-hotplugd.socket: Failed with result 'resources'.
Dec 13 02:47:12 localhost.localdomain systemd[1]: Failed to listen on cloud-init-hotplugd.socket - cloud-init hotplug hook socket.
[root@localhost ~]#
2.基于centos 9 os环境上进行验证,也存在同样的问题
https://build.opensuse.org/package/view_file/Cloud:Tools/cloud-init/cloud-init.spec?expand=1
SUSE cloud-init spec文件内容节选:
%{systemd_prefix}/systemd/system/cloud-final.service
%dir %{_sysconfdir}/rsyslog.d
%{_sysconfdir}/rsyslog.d/21-cloudinit.conf
/usr/lib/udev/rules.d/66-azure-ephemeral.rules
**# We use cloud-netconfig to handle new interfaces added to the instance**
%exclude %{systemd_prefix}/systemd/system/cloud-init-hotplugd.service
%exclude %{systemd_prefix}/systemd/system/cloud-init-hotplugd.socket
%dir %attr(0755, root, root) %{_localstatedir}/lib/cloud
%dir %{docdir}
%dir /etc/NetworkManager
%dir /etc/NetworkManager/dispatcher.d
可以看出suse 是将关于热插拔模块(网络类)进行自研(自由方案)管理;对于自研管理方案suse 没有对外公开
22.03 LTS SP1版本上selinux-policy 版本是35.5-15
该问题还存在
22.03 LTS SP1版本上selinux-policy 版本是35.5-15
该问题还存在
@zhangpanting 修复PR:https://gitee.com/src-openeuler/selinux-policy/pulls/223/files ,修复版本是35.5-18,版本未发布
登录 后才可以发表评论