Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

InSpec tests fail on new fedora-31 pre-salted image #64

Closed
myii opened this issue Oct 25, 2019 · 7 comments · Fixed by myii/ssf-formula#116 or #69
Closed

InSpec tests fail on new fedora-31 pre-salted image #64

myii opened this issue Oct 25, 2019 · 7 comments · Fixed by myii/ssf-formula#116 or #69
Assignees
@baby-gnu
Labels
released

Comments

@myii
Copy link
Member

myii commented Oct 25, 2019

@baby-gnu A quick note for you, while I've been testing the new pre-salted images across all of our formulas:

You can use the links at the top of that page (i.e. the commit) to get details about the new fedora-31 image, should you desire to get to the bottom of this. Let me know how you'd like to proceed.
@baby-gnu
Copy link
Contributor

Thanks, I'll try locally and fix it.

Regards.

@baby-gnu
Copy link
Contributor

Ok, this is due to systemd socket activation, the settings in /etc/libvirt/libvirtd.conf is ignored:

#################################################################
#
# UNIX socket access controls
#

# Set the UNIX domain socket group ownership. This can be used to
# allow a 'trusted' set of users access to management capabilities
# without becoming root.
#
# This setting is not required or honoured if using systemd socket
# activation.
#
# This is restricted to 'root' by default.
#unix_sock_group = "libvirt"

# Set the UNIX socket permissions for the R/O socket. This is used
# for monitoring VM status only
#
# This setting is not required or honoured if using systemd socket
# activation.
#
# Default allows any user. If setting group ownership, you may want to
# restrict this too.
#unix_sock_ro_perms = "0777"

# Set the UNIX socket permissions for the R/W socket. This is used
# for full management of VMs
#
# This setting is not required or honoured if using systemd socket
# activation.
#
# Default allows only root. If PolicyKit is enabled on the socket,
# the default will change to allow everyone (eg, 0777)
#
# If not using PolicyKit and setting group ownership for access
# control, then you may want to relax this too.
#unix_sock_rw_perms = "0770"

# Set the UNIX socket permissions for the admin interface socket.
#
# This setting is not required or honoured if using systemd socket
# activation.
#
# Default allows only owner (root), do not change it unless you are
# sure to whom you are exposing the access to.
#unix_sock_admin_perms = "0700"

# Set the name of the directory in which sockets will be found/created.
#
# This setting is not required or honoured if using systemd socket
# activation with systemd version >= 227
#
#unix_sock_dir = "/var/run/libvirt"

It will take a little more effort than I thought.

@myii
Copy link
Member Author

myii commented Oct 30, 2019
edited
Loading

Here is the upgraded matrix (only one failure):

Here are all of the rest of the instances (12 to choose from):

@myii
Copy link
Member Author

myii commented Oct 30, 2019

@baby-gnu OK, I've switched fedora and opensuse (between 2019.2 and 2018.3) and pushed the updated matrix to the formula. This will workaround the issue for the time being. This issue can remain open as a reminder that fedora-31 will require some work.

@baby-gnu
Copy link
Contributor

Thanks @myii.

From time to time I run a kitchen verify locally to see how the non travis-tested environment are working.

@baby-gnu
Copy link
Contributor

For fedora-31, I think the solution will be provided by the Running the formula without specific pillar should provide the OS default configuration from #33.

@baby-gnu baby-gnu mentioned this issue Jan 6, 2020
Merged
19 tasks
@baby-gnu baby-gnu self-assigned this Jan 6, 2020
myii added a commit to myii/ssf-formula that referenced this issue Jan 7, 2020
@myii
feat(libvirt): update Travis matrix after recent platform fixes
631074d 
* Close saltstack-formulas/libvirt-formula#64
* Based on:
  - saltstack-formulas/libvirt-formula#66
  - saltstack-formulas/libvirt-formula#67
  - saltstack-formulas/libvirt-formula#68
@myii myii mentioned this issue Jan 7, 2020
Merged
myii added a commit to myii/libvirt-formula that referenced this issue Jan 7, 2020
@myii
ci(travis): update matrix after recent platform fixes
a6dd1d3 
* Automated using myii/ssf-formula#116
* Close saltstack-formulas#64
* Based on:
  - saltstack-formulas#66
  - saltstack-formulas#67
  - saltstack-formulas#68
@myii myii mentioned this issue Jan 7, 2020
Merged
19 tasks
saltstack-formulas-travis pushed a commit that referenced this issue Mar 24, 2020
@semantic-release-bot
chore(release): 3.7.0 [skip ci]
94cf084 
# [3.7.0](v3.6.0...v3.7.0) (2020-03-24)

### Bug Fixes

* **libtofs:** “files_switch” mess up the variable exported by “map.jinja” [skip ci] ([fd277ec](fd277ec))

### Continuous Integration

* workaround issues with newly introduced `amazonlinux-1` [skip ci] ([9299b03](9299b03))
* **kitchen:** avoid using bootstrap for `master` instances [skip ci] ([58709f6](58709f6))
* **travis:** update matrix after recent platform fixes ([a6dd1d3](a6dd1d3)), closes [#64](#64) [#66](#66) [#67](#67) [#68](#68)

### Features

* **map.jinja:** `defaults.yaml` must be under `parameters/` ([3ca19bc](3ca19bc))
* **map.jinja:** load a configurable list of YAML files ([ce1782c](ce1782c))
* **map.jinja:** split `osfamilymap.yaml` under `parameters/os_family/` ([e82d184](e82d184))
* **map.jinja:** split `osfingermap.yaml` under `parameters/osfinger/` ([365f711](365f711))
* **map.jinja:** split `osmap.yaml` under `parameters/os/` ([4255397](4255397))
@saltstack-formulas-travis
Copy link

🎉 This issue has been resolved in version 3.7.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@baby-gnu baby-gnu

Labels
released
Projects
None yet
Milestone
No milestone
3 participants
@baby-gnu @myii @saltstack-formulas-travis