4 Replies Latest reply: Jan 13, 2012 10:33 AM by Vinnie Lima RSS

Problem in BL Linux Patch Remediation

Vinnie Lima

Heya,

 

Have a RH Linux Patch Catalog with only Critical-level Erratas as filter.  Analysis finds various patches due for updates, and creates the remediation artifacts fine.  But when the Remediation job kicks in , it fails complaining about the following:

 

01/12/12 17:52:51.462 INFO     bldeploy - [2][New RPM Group] Executing command:

 

"sh linux-deploy.sh 8393.1/samba-common-3.0.33-3.29.el5_7.4.x86_64.rpm"

mounting requirements

01/12/12 17:52:51.462 INFO     bldeploy - [2][New RPM Group] Executing command:

"sh linux-deploy.sh 8393.1/samba-common-3.0.33-3.29.el5_7.4.x86_64.rpm"

 

01/12/12 17:52:51.462 DEBUG    bldeploy - [2][New RPM Group] chdir to PkgDir: '/

opt/bmc/stage/536b7c78055139fdaf496dfed58afbff/'

 

01/12/12 17:52:51.509 INFO     bldeploy - [2][New RPM Group] [stdout: 2]

Using Includes List =

 

Using Excludes List = INFO     bldeploy - [2][New RPM Group] [stdout: 2]

 

Using Deploy Type: updateO     bldeploy - [2][New RPM Group] [stdout: 2]

 

Running yum from /opt/bmc/stage/536b7c78055139fdaf496dfed58afbff...t: 2]

 

01/12/12 17:52:54.933 WARN     bldeploy - [2][New RPM Group] [stderr: 2]

Error unpacking rpm package samba-common-3.0.33-3.29.el5_7.4.x86_64

 

 

I ran out of ideas on what it could be. The RPM is in the patch depot, and running the command manually on the remote host receives same error:

 

flex-rh-1% nexec -e sh linux-deploy.sh 8393.1/samba-common-3.0.33-3.29.el5_7.4.x

86_64.rpm

Using Includes List =

Using Excludes List =

Using Deploy Type: update

Running yum from /opt/bmc/stage/536b7c78055139fdaf496dfed58afbff...

Error unpacking rpm package samba-common-3.0.33-3.29.el5_7.4.x86_64

yum deploy failed.

 

 

If I try to rpm -i the samba package manually, there is a slew of errors which seem to indicate the reason why it's failing but I cant explain why:

 

flex-rh-1% nexec -e rpm -i samba-common-3.0.33-3.29.el5_7.4.x86_64.rpm

        file /lib64/libnss_winbind.so.2 from install of samba-common-3.0.33-3.29.el5_7.4.x86_64 conflicts with file from package samba-common-3.0.33-3.7.el5.x86

_64

        file /lib64/libnss_wins.so.2 from install of samba-common-3.0.33-3.29.el5_7.4.x86_64 conflicts with file from package samba-common-3.0.33-3.7.el5.x86_64

 

 

        file /lib64/security/pam_smbpass.so from install of samba-common-3.0.33-3.29.el5_7.4.x86_64 conflicts with file from package samba-common-3.0.33-3.7.el5

.x86_64

        file /lib64/security/pam_winbind.so from install of samba-common-3.0.33-3.29.el5_7.4.x86_64 conflicts with file from package samba-common-3.0.33-3.7.el5

.x86_64

 

<...more of the same conflict errors...>

 

So then I tried rpm install with the "--replacefiles"  to overwrite, then ran into a new set of issues:

 

flex-rh-1% nexec -e rpm -i --replacefiles samba-common-3.0.33-3.29.el5_7.4.x86_64.rpm

error: unpacking of archive failed on file /etc/samba/smb.conf: cpio: rename fai

led - Operation not permitted

 

any suggestions?  This is BL 8.1 SP2, target machine is:

 

Linux flex-rh-1 2.6.18-274.3.1.el5 #1 SMP Fri Aug 26 18:49:02 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux

 

Vinnie

  • 1. Problem in BL Linux Patch Remediation
    Bill Robinson

    rpm -i is going to conflict because that doesn't handle upgrading an existing copy.  you should use -U instead.

     

    but also try running:

     

    rpm -qip --verfiy <rpm file> and see if the package is ok

     

    also make sure you are mapped to root.

  • 2. Problem in BL Linux Patch Remediation
    Vinnie Lima

    Result of the command above:

     

    flex-rh-1% nexec -e rpm -qip --verify samba-common-3.0.33-3.29.el5_7.4.x86_64.rpm

    Unsatisfied dependencies for samba-common-3.0.33-3.29.el5_7.4.x86_64: config(samba-common) = 0:3.0.33-3.29.el5_7.4

    .......T  c /etc/samba/smb.conf

    .......T  c /etc/security/pam_winbind.conf

    S.5....T    /lib64/libnss_winbind.so.2

    S.5....T    /lib64/libnss_wins.so.2

    S.5....T    /lib64/security/pam_smbpass.so

    ..5....T    /lib64/security/pam_winbind.so

    S.5....T    /usr/bin/net

    S.5....T    /usr/bin/ntlm_auth

    ..5....T    /usr/bin/pdbedit

    ..5....T    /usr/bin/profiles

    S.5....T    /usr/bin/smbcquotas

    ..5....T    /usr/bin/smbpasswd

    S.5....T    /usr/bin/testparm

    S.5....T    /usr/bin/wbinfo

    ..5....T    /usr/lib64/samba/auth/script.so

    ..5....T    /usr/lib64/samba/charset/CP437.so

    ..5....T    /usr/lib64/samba/charset/CP850.so

    ..5....T    /usr/lib64/samba/idmap/ad.so

    ..5....T    /usr/lib64/samba/idmap/rid.so

    .......T    /usr/lib64/samba/lowcase.dat

    .......T    /usr/lib64/samba/upcase.dat

    .......T    /usr/lib64/samba/valid.dat

    S.5....T    /usr/sbin/winbindd

    .......T  d /usr/share/man/man1/ntlm_auth.1.gz

    .......T  d /usr/share/man/man1/profiles.1.gz

    .......T  d /usr/share/man/man1/smbcquotas.1.gz

    .......T  d /usr/share/man/man1/testparm.1.gz

    .......T  d /usr/share/man/man1/vfstest.1.gz

    .......T  d /usr/share/man/man1/wbinfo.1.gz

    .......T  d /usr/share/man/man5/lmhosts.5.gz

    .......T  d /usr/share/man/man5/smb.conf.5.gz

    .......T  d /usr/share/man/man7/pam_winbind.7.gz

    .......T  d /usr/share/man/man8/eventlogadm.8.gz

    .......T  d /usr/share/man/man8/idmap_ad.8.gz

    .......T  d /usr/share/man/man8/idmap_ldap.8.gz

    .......T  d /usr/share/man/man8/idmap_nss.8.gz

    .......T  d /usr/share/man/man8/idmap_rid.8.gz

    .......T  d /usr/share/man/man8/idmap_tdb.8.gz

    .......T  d /usr/share/man/man8/net.8.gz

    .......T  d /usr/share/man/man8/smbpasswd.8.gz

    .......T  d /usr/share/man/man8/winbindd.8.gz

     

     

    So I thought the Patch analysis is supposed to resolve any dependencies as part of the patch analysis phase?

     

    The rpm package seems to be ok though.

  • 3. Re: Problem in BL Linux Patch Remediation
    Rohit Nayyar

    You might be hitting the immutable file attribute issue on the file /etc/samba/smb.conf

    see this

    https://bugzilla.redhat.com/show_bug.cgi?id=573320

    The simplest solution is to use the chattr command with -i option to remove immutable attribute,

    Good idea to  FInd out first why was this set in the first place, by some admin or by Samba itself.

     

    thanks,

    Rohit

  • 4. Problem in BL Linux Patch Remediation
    Vinnie Lima

    So it is set to immutable:

     

    flex-rh-1% nexec -e lsattr /etc/samba/smb.conf

    ----i-------- /etc/samba/smb.conf

     

     

    I have changed it per the article, and re-ran the remediation job and it worked!

     

    Thanks Rohit.