Rocky 9.4 bootstrapping bug

[gbts]

There's a small issue preventing the headnode from booting on the new Rocky 9.4 AMIs. The failure is in this step:

cookbooks/aws-parallelcluster-environment/resources/system_authentication/system_authentication_rocky8.rb

authselect select sssd with-mkhomedir fails with the following error:

[error] File [/etc/pam.d/system-auth] exists but it needs to be overwritten!
[error] File [/etc/pam.d/password-auth] exists but it needs to be overwritten!
[error] File [/etc/pam.d/fingerprint-auth] exists but it needs to be overwritten!
[error] File [/etc/pam.d/smartcard-auth] exists but it needs to be overwritten!
[error] File [/etc/pam.d/postlogin] exists but it needs to be overwritten!
[error] File [/etc/nsswitch.conf] exists but it needs to be overwritten!
[error] File that needs to be overwritten was found
[error] Refusing to activate profile unless this file is removed or overwrite is requested.

Some unexpected changes to the configuration were detected.
Use --force parameter if you want to overwrite these changes.

As it suggests, adding the --force parameter fixes it, although I'm not sure if there any side-effects. I'm seeing a similar bug report on RHEL's issue tracker so this possibly affects RHEL 9.4 too.

[himani2411]

Hi @gbts,

Sorry for the late reply.

Is the issue tracker that you mentioned is this one? https://forums.rockylinux.org/t/changed-permissions-on-etc-in-rl9-4-genericcloud-image/14449/3

If not, can you provide the link on that tracker?

Also, can we get the AMI ID that you are using so that I can replicate the issue.

Thanks

[gbts]

Sorry for the late reply on my part too. I'm seeing this error with both the marketplace rocky 9.4 AMI (ami-09fb459fad4613d55) and the official AMI from rocky's website that just had the same issue, ami-09d1c0fa810f404d6

It's been a few weeks now so I can't find the RHEL bug report, but you can easily replicate it by launching either of those AMIs and running that command, you should see the following output:

[root@* ~]# authselect select sssd with-mkhomedir
[error] File [/etc/pam.d/system-auth] exists but it needs to be overwritten!
[error] File [/etc/pam.d/password-auth] exists but it needs to be overwritten!
[error] File [/etc/pam.d/fingerprint-auth] exists but it needs to be overwritten!
[error] File [/etc/pam.d/smartcard-auth] exists but it needs to be overwritten!
[error] File [/etc/pam.d/postlogin] exists but it needs to be overwritten!
[error] File [/etc/nsswitch.conf] exists but it needs to be overwritten!
[error] File that needs to be overwritten was found
[error] Refusing to activate profile unless this file is removed or overwrite is requested.

Some unexpected changes to the configuration were detected.
Use --force parameter if you want to overwrite these changes.

[gbts]

I think this is the bug report I was referring to: https://access.redhat.com/solutions/7057219

[gbts]

Jst noticed another small issue starting up a cluster with the same AMIs, munged refuses to start because /etc is group-writeable. Changing the permissions fixes the issue and the cluster comes up normally.