/etc/resolv.conf file permission changed while applying highstate on the client

This document (000021122) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Manager Server 4.2

Situation

When custom channel and configuration files are applied to a client, the /etc/resolv.conf file permissions change on the client during highstate when applied by the SUSE Manager Server. DNS query fails on the client, and nscd logs the following during SUMA patching or deployment:

Jan 20 11:55:48 vadcslest01 nscd[71793]: 71793 monitored file `/etc/resolv.conf` was moved into place, adding watch
Jan 20 11:55:48 vadcslest01 nscd[71793]: 71793 failed to add file watch `/etc/resolv.conf`: Permission denied
Jan 20 11:55:51 vadcslest01 nscd[71793]: 71793 monitored file `/etc/resolv.conf` was moved into place, adding watch
Jan 20 11:55:51 vadcslest01 nscd[71793]: 71793 failed to add file watch `/etc/resolv.conf`: Permission denied

Example of the problem configuration file:

manager_org_1.SLES15_Basic_Config_LAN./etc/nscd.conf:
    file.managed:
    -   name: /etc/nscd.conf
    -   source: salt://manager_org_1/SLES15_Basic_Config_LAN/etc/nscd.conf
    -   makedirs: true
    -   template: jinja
    -   user: root
    -   group: root
    -   mode: 640
manager_org_1.SLES15_Basic_Config_LAN./etc/resolv.conf:
    file.managed:
    -   name: /etc/resolv.conf
    -   source: salt://manager_org_1/SLES15_Basic_Config_LAN/etc/resolv.conf
    -   makedirs: true
    -   template: jinja
    -   user: root
    -   group: root
    -   mode: 644

Resolution

Use the workaround below until the fix is released. Change the configuration file as follows:

manager_org_1.SLES15_Basic_Config_LAN./etc/nscd.conf.tmp:
    file.managed:
    -   name: /etc/nscd.conf.tmp
    -   source: salt://manager_org_1/SLES15_Basic_Config_LAN/etc/nscd.conf
    -   makedirs: true
    -   template: jinja
    -   user: root
    -   group: root
    -   mode: 640
manager_org_1.SLES15_Basic_Config_LAN./etc/nscd.conf:
    file.rename:
    -   source: /etc/nscd.conf.tmp
    -   name: /etc/nscd.conf
    -   force: True
    -   makedirs: true
    - require:
        - file: manager_org_1.SLES15_Basic_Config_LAN./etc/nscd.conf.tmp
    
manager_org_1.SLES15_Basic_Config_LAN./etc/resolv.conf.tmp:
    file.managed:
    -   name: /etc/resolv.conf.tmp
    -   source: salt://manager_org_1/SLES15_Basic_Config_LAN/etc/resolv.conf
    -   makedirs: true
    -   template: jinja
    -   user: root
    -   group: root
    -   mode: 644
    
manager_org_1.SLES15_Basic_Config_LAN./etc/resolv.conf:
    file.rename:
    -   source: /etc/resolv.conf.tmp
    -   name: /etc/resolv.conf
    -   force: True
    -   makedirs: true
    - require:
        - file: manager_org_1.SLES15_Basic_Config_LAN./etc/resolv.conf.tmp

The change in file name doesn't throw the error when highstate is applied.

Cause

There was a change in the salt code which causes the issue, which has been reported to the Engineering.

Status

Reported to Engineering

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.