Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue locally running an inspec check on a service resource #1176

Closed
danrohr opened this issue Sep 27, 2016 · 7 comments
Closed

Issue locally running an inspec check on a service resource #1176

danrohr opened this issue Sep 27, 2016 · 7 comments

Comments

@danrohr
Copy link

danrohr commented Sep 27, 2016

Description

Locally running inspec of a profile to check to ensure that a service is installed/enabled/running fails. However when running the same profile from the Chef compliance server against the same system it runs successfuly.

InSpec and Platform Version

Using Inspec 1.0.0 and running on RHEL 7.2

Replication Case

On the system that fails the local runs. I have validated everything is updated. Using the inspec shell and using the following service('ntpd').params gives an empty {}.

On an identical system where inspec was just installed the same tests work perfectly and the service('ntpd').params gives a full listing of service parameters.

Compliance Recipe
control "NTP-1.3" do
impact 1.0
title "NTP"
desc "Testing the NTPD service enabled/running."
describe service 'ntpd' do
it { should be_enabled }
it { should be_running }
it { should be_installed }
end
end
@stevendanna
Copy link
Contributor

Thanks for filing this, I think we chatted a bit in Slack yesterday but I had to leave before we came to a root cause.

@stevendanna
Copy link
Contributor

Could you attach the output of:

systemctl show --all ntpd

run as the same user that inspec is running as?

@danrohr
Copy link
Author

danrohr commented Sep 27, 2016

[dan.rohr@testing ~]$ systemctl show --all ntpd
Failed to get properties: Operation not permitted

On the other system the command runs just fine with a ton of output

@danrohr
Copy link
Author

danrohr commented Sep 27, 2016

Also to note both systems were built from the same Satellite 6.1.9 server. Both joined to IdM as the authentication source and I can see all pertinent account information by doing an id dan.rohr. SeLinux is in enforcing mode on both systems.

@stevendanna
Copy link
Contributor 

[dan.rohr@testing ~]$ systemctl show --all ntpd
Failed to get properties: Operation not permitted

I think that this is the key difference between the two machines in terms of inspec's behavior. If that command fails it doesn't populate the service's data and returns false for running?, enabled?, and installed?.

@danrohr
Copy link
Author

danrohr commented Sep 27, 2016

Still not sure why I can run it on one system and not the as nothing was changed between the two. I'll have to dig into that a little and see what I can find, if anything.

@danrohr
Copy link
Author

danrohr commented Sep 27, 2016

No clue what happened to the system. I know I rebooted it yesterday but did a reboot again today and now everything is working fine. It showed an up time of less than 24 hours. Anyways it is all working as expected.

@danrohr danrohr closed this as completed Sep 27, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stevendanna @danrohr