SUSE Support

Here When You Need Us

/etc/resolv.conf file permission changed while applying highstate on the client

This document (000021122) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Manager Server 4.2

Situation

When custom channel and configuration files are applied to a client, the /etc/resolv.conf file permissions change on the client during highstate when applied by the SUSE Manager Server.  DNS query fails on the client, and nscd logs the following during SUMA patching or deployment:
 

Jan 20 11:55:48 vadcslest01 nscd[71793]: 71793 monitored file `/etc/resolv.conf` was moved into place, adding watch
Jan 20 11:55:48 vadcslest01 nscd[71793]: 71793 failed to add file watch `/etc/resolv.conf`: Permission denied
Jan 20 11:55:51 vadcslest01 nscd[71793]: 71793 monitored file `/etc/resolv.conf` was moved into place, adding watch
Jan 20 11:55:51 vadcslest01 nscd[71793]: 71793 failed to add file watch `/etc/resolv.conf`: Permission denied
Example of the problem configuration file:
manager_org_1.SLES15_Basic_Config_LAN./etc/nscd.conf:
    file.managed:
    -   name: /etc/nscd.conf
    -   source: salt://manager_org_1/SLES15_Basic_Config_LAN/etc/nscd.conf
    -   makedirs: true
    -   template: jinja
    -   user: root
    -   group: root
    -   mode: 640
manager_org_1.SLES15_Basic_Config_LAN./etc/resolv.conf:
    file.managed:
    -   name: /etc/resolv.conf
    -   source: salt://manager_org_1/SLES15_Basic_Config_LAN/etc/resolv.conf
    -   makedirs: true
    -   template: jinja
    -   user: root
    -   group: root
    -   mode: 644

Resolution

Use the workaround below until the fix is released.  Change the configuration file as follows:
manager_org_1.SLES15_Basic_Config_LAN./etc/nscd.conf.tmp:
    file.managed:
    -   name: /etc/nscd.conf.tmp
    -   source: salt://manager_org_1/SLES15_Basic_Config_LAN/etc/nscd.conf
    -   makedirs: true
    -   template: jinja
    -   user: root
    -   group: root
    -   mode: 640
manager_org_1.SLES15_Basic_Config_LAN./etc/nscd.conf:
    file.rename:
    -   source: /etc/nscd.conf.tmp
    -   name: /etc/nscd.conf
    -   force: True
    -   makedirs: true
    - require:
        - file: manager_org_1.SLES15_Basic_Config_LAN./etc/nscd.conf.tmp
    
manager_org_1.SLES15_Basic_Config_LAN./etc/resolv.conf.tmp:
    file.managed:
    -   name: /etc/resolv.conf.tmp
    -   source: salt://manager_org_1/SLES15_Basic_Config_LAN/etc/resolv.conf
    -   makedirs: true
    -   template: jinja
    -   user: root
    -   group: root
    -   mode: 644
    
manager_org_1.SLES15_Basic_Config_LAN./etc/resolv.conf:
    file.rename:
    -   source: /etc/resolv.conf.tmp
    -   name: /etc/resolv.conf
    -   force: True
    -   makedirs: true
    - require:
        - file: manager_org_1.SLES15_Basic_Config_LAN./etc/resolv.conf.tmp

The change in file name doesn't throw the error when highstate is applied.

Cause

There was a change in the salt code which causes the issue, which has been reported to the Engineering.

Status

Reported to Engineering

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000021122
  • Creation Date: 28-Jun-2023
  • Modified Date:28-Jun-2023
    • SUSE Manager Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.