4 Replies Latest reply: Jan 13, 2012 10:33 AM by Vinnie Lima RSS

    Problem in BL Linux Patch Remediation

    Vinnie Lima

      Heya,

       

      Have a RH Linux Patch Catalog with only Critical-level Erratas as filter.  Analysis finds various patches due for updates, and creates the remediation artifacts fine.  But when the Remediation job kicks in , it fails complaining about the following:

       

      01/12/12 17:52:51.462 INFO     bldeploy - [2][New RPM Group] Executing command:

       

      "sh linux-deploy.sh 8393.1/samba-common-3.0.33-3.29.el5_7.4.x86_64.rpm"

      mounting requirements

      01/12/12 17:52:51.462 INFO     bldeploy - [2][New RPM Group] Executing command:

      "sh linux-deploy.sh 8393.1/samba-common-3.0.33-3.29.el5_7.4.x86_64.rpm"

       

      01/12/12 17:52:51.462 DEBUG    bldeploy - [2][New RPM Group] chdir to PkgDir: '/

      opt/bmc/stage/536b7c78055139fdaf496dfed58afbff/'

       

      01/12/12 17:52:51.509 INFO     bldeploy - [2][New RPM Group] [stdout: 2]

      Using Includes List =

       

      Using Excludes List = INFO     bldeploy - [2][New RPM Group] [stdout: 2]

       

      Using Deploy Type: updateO     bldeploy - [2][New RPM Group] [stdout: 2]

       

      Running yum from /opt/bmc/stage/536b7c78055139fdaf496dfed58afbff...t: 2]

       

      01/12/12 17:52:54.933 WARN     bldeploy - [2][New RPM Group] [stderr: 2]

      Error unpacking rpm package samba-common-3.0.33-3.29.el5_7.4.x86_64

       

       

      I ran out of ideas on what it could be. The RPM is in the patch depot, and running the command manually on the remote host receives same error:

       

      flex-rh-1% nexec -e sh linux-deploy.sh 8393.1/samba-common-3.0.33-3.29.el5_7.4.x

      86_64.rpm

      Using Includes List =

      Using Excludes List =

      Using Deploy Type: update

      Running yum from /opt/bmc/stage/536b7c78055139fdaf496dfed58afbff...

      Error unpacking rpm package samba-common-3.0.33-3.29.el5_7.4.x86_64

      yum deploy failed.

       

       

      If I try to rpm -i the samba package manually, there is a slew of errors which seem to indicate the reason why it's failing but I cant explain why:

       

      flex-rh-1% nexec -e rpm -i samba-common-3.0.33-3.29.el5_7.4.x86_64.rpm

              file /lib64/libnss_winbind.so.2 from install of samba-common-3.0.33-3.29.el5_7.4.x86_64 conflicts with file from package samba-common-3.0.33-3.7.el5.x86

      _64

              file /lib64/libnss_wins.so.2 from install of samba-common-3.0.33-3.29.el5_7.4.x86_64 conflicts with file from package samba-common-3.0.33-3.7.el5.x86_64

       

       

              file /lib64/security/pam_smbpass.so from install of samba-common-3.0.33-3.29.el5_7.4.x86_64 conflicts with file from package samba-common-3.0.33-3.7.el5

      .x86_64

              file /lib64/security/pam_winbind.so from install of samba-common-3.0.33-3.29.el5_7.4.x86_64 conflicts with file from package samba-common-3.0.33-3.7.el5

      .x86_64

       

      <...more of the same conflict errors...>

       

      So then I tried rpm install with the "--replacefiles"  to overwrite, then ran into a new set of issues:

       

      flex-rh-1% nexec -e rpm -i --replacefiles samba-common-3.0.33-3.29.el5_7.4.x86_64.rpm

      error: unpacking of archive failed on file /etc/samba/smb.conf: cpio: rename fai

      led - Operation not permitted

       

      any suggestions?  This is BL 8.1 SP2, target machine is:

       

      Linux flex-rh-1 2.6.18-274.3.1.el5 #1 SMP Fri Aug 26 18:49:02 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux

       

      Vinnie

        • 1. Problem in BL Linux Patch Remediation
          Bill Robinson

          rpm -i is going to conflict because that doesn't handle upgrading an existing copy.  you should use -U instead.

           

          but also try running:

           

          rpm -qip --verfiy <rpm file> and see if the package is ok

           

          also make sure you are mapped to root.

          • 2. Problem in BL Linux Patch Remediation
            Vinnie Lima

            Result of the command above:

             

            flex-rh-1% nexec -e rpm -qip --verify samba-common-3.0.33-3.29.el5_7.4.x86_64.rpm

            Unsatisfied dependencies for samba-common-3.0.33-3.29.el5_7.4.x86_64: config(samba-common) = 0:3.0.33-3.29.el5_7.4

            .......T  c /etc/samba/smb.conf

            .......T  c /etc/security/pam_winbind.conf

            S.5....T    /lib64/libnss_winbind.so.2

            S.5....T    /lib64/libnss_wins.so.2

            S.5....T    /lib64/security/pam_smbpass.so

            ..5....T    /lib64/security/pam_winbind.so

            S.5....T    /usr/bin/net

            S.5....T    /usr/bin/ntlm_auth

            ..5....T    /usr/bin/pdbedit

            ..5....T    /usr/bin/profiles

            S.5....T    /usr/bin/smbcquotas

            ..5....T    /usr/bin/smbpasswd

            S.5....T    /usr/bin/testparm

            S.5....T    /usr/bin/wbinfo

            ..5....T    /usr/lib64/samba/auth/script.so

            ..5....T    /usr/lib64/samba/charset/CP437.so

            ..5....T    /usr/lib64/samba/charset/CP850.so

            ..5....T    /usr/lib64/samba/idmap/ad.so

            ..5....T    /usr/lib64/samba/idmap/rid.so

            .......T    /usr/lib64/samba/lowcase.dat

            .......T    /usr/lib64/samba/upcase.dat

            .......T    /usr/lib64/samba/valid.dat

            S.5....T    /usr/sbin/winbindd

            .......T  d /usr/share/man/man1/ntlm_auth.1.gz

            .......T  d /usr/share/man/man1/profiles.1.gz

            .......T  d /usr/share/man/man1/smbcquotas.1.gz

            .......T  d /usr/share/man/man1/testparm.1.gz

            .......T  d /usr/share/man/man1/vfstest.1.gz

            .......T  d /usr/share/man/man1/wbinfo.1.gz

            .......T  d /usr/share/man/man5/lmhosts.5.gz

            .......T  d /usr/share/man/man5/smb.conf.5.gz

            .......T  d /usr/share/man/man7/pam_winbind.7.gz

            .......T  d /usr/share/man/man8/eventlogadm.8.gz

            .......T  d /usr/share/man/man8/idmap_ad.8.gz

            .......T  d /usr/share/man/man8/idmap_ldap.8.gz

            .......T  d /usr/share/man/man8/idmap_nss.8.gz

            .......T  d /usr/share/man/man8/idmap_rid.8.gz

            .......T  d /usr/share/man/man8/idmap_tdb.8.gz

            .......T  d /usr/share/man/man8/net.8.gz

            .......T  d /usr/share/man/man8/smbpasswd.8.gz

            .......T  d /usr/share/man/man8/winbindd.8.gz

             

             

            So I thought the Patch analysis is supposed to resolve any dependencies as part of the patch analysis phase?

             

            The rpm package seems to be ok though.

            • 3. Re: Problem in BL Linux Patch Remediation
              Rohit Nayyar

              You might be hitting the immutable file attribute issue on the file /etc/samba/smb.conf

              see this

              https://bugzilla.redhat.com/show_bug.cgi?id=573320

              The simplest solution is to use the chattr command with -i option to remove immutable attribute,

              Good idea to  FInd out first why was this set in the first place, by some admin or by Samba itself.

               

              thanks,

              Rohit

              • 4. Problem in BL Linux Patch Remediation
                Vinnie Lima

                So it is set to immutable:

                 

                flex-rh-1% nexec -e lsattr /etc/samba/smb.conf

                ----i-------- /etc/samba/smb.conf

                 

                 

                I have changed it per the article, and re-ran the remediation job and it worked!

                 

                Thanks Rohit.