Comments
martinpitt
@cInetbox: Whoops, thanks for the report! This was not intended indeed, so let's not push this to stable. I'll send a PR to drop the dependency on Fedora again.
This update has been unpushed.
@clnetbox: I suppose this got mis-directed here, and you meant that for the cockpit update in FEDORA-2019-33e925fa59
I ran this against the cockpit integration tests, which covers a lot of APIs. Each test checks for new violations, too. I also confirmed that this now works with cockpit-tls. Thanks!
I ran this against the cockpit integration tests, which covers a lot of APIs. Each test checks for new violations, too. I also confirmed that this now works with cockpit-tls. Thanks!
Package installs and works fine.
With this version, we now see regressions with mdadm and pcp:
audit: type=1400 audit(1560408406.661:341): avc: denied { read } for pid=7637 comm="mdadm" path="/var/lib/pcp/pmdas/linux/help.dir" dev="dm-0" ino=27031698 scontext=system_u:system_r:mdadm_t:s0 tcontext=system_u:object_r:pcp_var_lib_t:s0 tclass=file permissive=0
audit: type=1400 audit(1560408406.661:341): avc: denied { read } for pid=7637 comm="mdadm" path="/var/lib/pcp/pmdas/linux/help.pag" dev="dm-0" ino=27031699 scontext=system_u:system_r:mdadm_t:s0 tcontext=system_u:object_r:pcp_var_lib_t:s0 tclass=file permissive=0
audit: type=1400 audit(1560408406.702:342): avc: denied { read } for pid=7639 comm="mdadm" path="/var/lib/pcp/pmdas/linux/help.dir" dev="dm-0" ino=27031698 scontext=system_u:system_r:mdadm_t:s0 tcontext=system_u:object_r:pcp_var_lib_t:s0 tclass=file permissive=0
Aside from this SELinux policy update, the only other package from updates-testing which sounds relevant is
audit x86_64 3.0-0.9.20190507gitf58ec40.fc30
updates-testing 229 k
audit-libs x86_64 3.0-0.9.20190507gitf58ec40.fc30
updates-testing 106 k
mdadm and pcp didn't get an update recently, and with selinux-policy from current stable (3.14.3-37.fc30) we don't see these.
So -1 due to this regression.
Install&upgrade and all pages work as expected.
I've run my laptop with this for two days, including several reboots. No noticeable regressions. The cockpit tests also work fine against this version, and they cover quite a lot (in particular the happy eyeballs bits).
Tested with cockpit-podman, together with podman 1.4, works fine.
Tested with cockpit-podman, together with containernetworking-plugins, works fine.
Confirmed to work in https://bugzilla.redhat.com/show_bug.cgi?id=1710604#c20
Install/upgrade and all pages work as expected.
Install, upgrade, and all pages work.
Works fine here as well.
Install/upgrade and all cockpit pages work as expected.
Works great, thank you!
Upgrade starts up fine now. I also tested it with kubernetes and cockpit-kubernetes' tests. Thanks!
This still fails, but differently now. On a current and clean F-29, with etcd-3.2.16-6.fc29.x86_64:
# systemctl status -l etcd
● etcd.service - Etcd Server
Loaded: loaded (/usr/lib/systemd/system/etcd.service; disabled; vendor preset: disabled)
Active: active (running) since Tue 2019-04-16 02:18:20 EDT; 35s ago
Main PID: 7797 (etcd)
Tasks: 9 (limit: 1147)
Memory: 35.6M
CPU: 226ms
CGroup: /system.slice/etcd.service
└─7797 /usr/bin/etcd --name=default --data-dir=/var/lib/etcd/default.etcd --listen-client-urls=http://localhost:2379
Apr 16 02:18:20 m1.cockpit.lan etcd[7797]: 8e9e05c52164694d received MsgVoteResp from 8e9e05c52164694d at term 2
Apr 16 02:18:20 m1.cockpit.lan etcd[7797]: 8e9e05c52164694d became leader at term 2
Apr 16 02:18:20 m1.cockpit.lan etcd[7797]: raft.node: 8e9e05c52164694d elected leader 8e9e05c52164694d at term 2
Apr 16 02:18:20 m1.cockpit.lan etcd[7797]: setting up the initial cluster version to 3.2
Apr 16 02:18:20 m1.cockpit.lan etcd[7797]: published {Name:default ClientURLs:[http://localhost:2379]} to cluster cdf818194e3a8c32
Apr 16 02:18:20 m1.cockpit.lan systemd[1]: Started Etcd Server.
Apr 16 02:18:20 m1.cockpit.lan etcd[7797]: ready to serve client requests
Apr 16 02:18:20 m1.cockpit.lan etcd[7797]: serving insecure client requests on 127.0.0.1:2379, this is strongly discouraged!
Apr 16 02:18:20 m1.cockpit.lan etcd[7797]: set the initial cluster version to 3.2
Apr 16 02:18:20 m1.cockpit.lan etcd[7797]: enabled capabilities for version 3.2
Somehow dnf upgrade --enablerepo=updates-testing etcd and dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2019-049b108f40 say "nothing to do", so it seems this isn't yet published. However, I downloaded the build manually with koji download-build, and it fails again:
# systemctl status -l etcd
● etcd.service - Etcd Server
Loaded: loaded (/usr/lib/systemd/system/etcd.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Tue 2019-04-16 02:25:42 EDT; 2min 33s ago
Process: 23291 ExecStart=/bin/bash -c GOMAXPROCS=$(nproc) /usr/bin/etcd --name="${ETCD_NAME}" --data-dir="${ETCD_DATA_DIR}" --listen-client-urls="${ETCD_LISTEN_>
Main PID: 23291 (code=exited, status=1/FAILURE)
CPU: 16ms
Apr 16 02:25:42 m1.cockpit.lan systemd[1]: Starting Etcd Server...
Apr 16 02:25:42 m1.cockpit.lan etcd[23291]: recognized and used environment variable ETCD_ADVERTISE_CLIENT_URLS=http://localhost:2379
Apr 16 02:25:42 m1.cockpit.lan etcd[23291]: conflicting environment variable "ETCD_LISTEN_CLIENT_URLS" is shadowed by corresponding command-line flag (either unset environment variable or disable flag)
Apr 16 02:25:42 m1.cockpit.lan systemd[1]: etcd.service: Main process exited, code=exited, status=1/FAILURE
Apr 16 02:25:42 m1.cockpit.lan systemd[1]: etcd.service: Failed with result 'exit-code'.
Apr 16 02:25:42 m1.cockpit.lan systemd[1]: Failed to start Etcd Server.
Fixed in https://github.com/cockpit-project/cockpit/pull/12236