Project

General

Profile

Bug #14551

Updated by François ARMAND over 5 years ago

This happened on rudder 5.0, but it looks like it's not specific to that version of Rudder.  
 Maybe linked to #14391 (found in the same use case). 

 <pre> 
 [root@server vagrant]# curl -X POST 'http://localhost/rudder/relay-api/remote-run/nodes' -d "asynchronous=false" -d "keep_output=true" -d "nodes=a81c4150-974f-4155-a9b9-3cd2c38dbf96" 
 a81c4150-974f-4155-a9b9-3cd2c38dbf96:sudo: unable to open audit system: Permission denied 
 a81c4150-974f-4155-a9b9-3cd2c38dbf96:sudo: pam_open_session: System error 
 a81c4150-974f-4155-a9b9-3cd2c38dbf96:sudo: policy plugin failed session initialization 
 </pre> 

 It's SELinux related, because with "setenforce 0", the remote run is correctly started - so perhaps linked to rudder version after all. 

 journalctl logs are:  

 <pre> 
 server sudo[11520]:     rudder : TTY=unknown ; PWD=/var/rudder ; USER=root ; COMMAND=/opt/rudder/bin/rudder remote run agent1.rudder.local 
 server sudo[11520]: PAM audit_open() failed: Permission denied 
 server sudo[11520]: PAM audit_open() failed: Permission denied 
 server sudo[11520]:     rudder : pam_open_session: System error ; TTY=unknown ; PWD=/var/rudder ; USER=root ; COMMAND=/opt/rudder/bin/rudder remote run agent1.rudder.local 
 server sudo[11520]: PAM audit_open() failed: Permission denied 
 </pre>

Back