harvester icon indicating copy to clipboard operation
harvester copied to clipboard
verified publisher icon harvester

[BUG] All Elemental Systemd services are marked executable (`ls -all /usr/lib/systemd/system/elemental-*-*.service`)

Open irishgordo opened this issue 1 year ago • 1 comments

Describe the bug On first boot of a single node Harvester cluster journalctl --follow shows that all elemental systemd services are marked executable and the logs say that they should not.

To Reproduce Steps to reproduce the behavior:

  1. Create a single-node Harvester cluster
  2. Shell into the instance, rancher@ipv4:
    1. jump in as sudo, sudo su
    2. watch as the node comes up for the logs journalctl --follow

Expected behavior If it is not an error having an elemental systemd .service file being executable, that the logs would not show that message - if it is in error having the elemental .service systemd files being executable, then maybe they shouldn't be.

Environment

  • Harvester ISO version: v1.3-head
  • Underlying Infrastructure: bare-metal / qemu-kvm

Additional context Journalctl Example log:

Jun 03 17:57:38 testnode4-v13head0603 systemd[1]: Configuration file /usr/lib/systemd/system/elemental-setup-initramfs.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Jun 03 17:57:38 testnode4-v13head0603 systemd[1]: Configuration file /usr/lib/systemd/system/elemental-setup-reconcile.timer is marked executable. Please remove executable permission bits. Proceeding anyway.
Jun 03 17:57:38 testnode4-v13head0603 systemd[1]: Configuration file /usr/lib/systemd/system/elemental-setup-reconcile.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Jun 03 17:57:38 testnode4-v13head0603 systemd[1]: Configuration file /usr/lib/systemd/system/elemental-setup-network.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Jun 03 17:57:38 testnode4-v13head0603 systemd[1]: Configuration file /usr/lib/systemd/system/elemental-setup-boot.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Jun 03 17:57:38 testnode4-v13head0603 systemd[1]: Configuration file /usr/lib/systemd/system/elemental-setup-rootfs.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Jun 03 17:57:38 testnode4-v13head0603 systemd[1]: Configuration file /usr/lib/systemd/system/elemental-setup-fs.service is marked executable. Please remove executable permission bits. Proceeding anyway.

And additionally after the node is booted fully (Harvester VIP) is accessible, sill noting:

Last login: Mon Jun  3 17:54:04 2024 from 192.168.9.163
rancher@testnode4-v13head0603:~> sudo su
testnode4-v13head0603:/home/rancher # file /usr/lib/systemd/system/elemental-setup-fs.service 
/usr/lib/systemd/system/elemental-setup-fs.service: ASCII text
testnode4-v13head0603:/home/rancher # ls -all /usr/lib/systemd/system/elemental-setup-fs.service
-rwxr-xr-x. 1 root root 261 May 31 02:29 /usr/lib/systemd/system/elemental-setup-fs.service
testnode4-v13head0603:/home/rancher #

irishgordo avatar Jun 03 '24 18:06 irishgordo

This issue is stale because it has been open for 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

github-actions[bot] avatar Oct 18 '24 02:10 github-actions[bot]

This issue was closed because it has been stalled for 5 days with no activity.

github-actions[bot] avatar Oct 24 '24 02:10 github-actions[bot]

Seeing something similar on Harvester 1.6.0-rc5 after successful install and reboot:

Aug 15 21:14:43 junglebox rancher-system-agent[65051]: time="2025-08-15T21:14:43Z" level=info msg="[d0f90e51c7fb1b289ebac4904feaed5e61bee306ad01a42b3c2d161681741ace_0:stdout]: [INFO]  updating tarball contents to reflect install path"
Aug 15 21:14:43 junglebox rancher-system-agent[65051]: time="2025-08-15T21:14:43Z" level=info msg="[d0f90e51c7fb1b289ebac4904feaed5e61bee306ad01a42b3c2d161681741ace_0:stdout]: [INFO]  moving systemd units to /etc/systemd/system"
Aug 15 21:14:43 junglebox rancher-system-agent[65051]: time="2025-08-15T21:14:43Z" level=info msg="[d0f90e51c7fb1b289ebac4904feaed5e61bee306ad01a42b3c2d161681741ace_0:stdout]: [INFO]  install complete; you may want to run:  export PATH=$PATH:/opt/rke2/bin"
Aug 15 21:14:43 junglebox systemd[1]: Reloading.
Aug 15 21:14:43 junglebox systemd[1]: Configuration file /usr/lib/systemd/system/elemental-setup-initramfs.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Aug 15 21:14:43 junglebox systemd[1]: Configuration file /usr/lib/systemd/system/elemental-setup-reconcile.timer is marked executable. Please remove executable permission bits. Proceeding anyway.
Aug 15 21:14:43 junglebox systemd[1]: Configuration file /usr/lib/systemd/system/elemental-setup-reconcile.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Aug 15 21:14:43 junglebox systemd[1]: Configuration file /usr/lib/systemd/system/elemental-setup-network.service is marked executable. Please remove executable permission bits. Proceeding anyway.

thadguidry avatar Aug 15 '25 21:08 thadguidry

I checked the v1.5.1 and v1.6.0-rc6. It appears that these services are also executable.

reopen it for tracking

Vicente-Cheng avatar Aug 17 '25 14:08 Vicente-Cheng

AFAIK this is largely cosmetic, but I agree we should fix it. This was fixed in elemental-toolkit (see https://github.com/rancher/elemental-toolkit/issues/1895 and https://github.com/rancher/elemental-toolkit/pull/1961) but the commit with the fix (https://github.com/rancher/elemental-toolkit/commit/ca17862e390c706beeb0fc5abd74e7e43e04fd73) only made it into elemental-toolkit v2.x, and we're still on v1.7.

We should pick up elemental-toolkit v2.x when we rebase on SL Micro 6.x, but in the meantime a quick fix might be to just add a chmod a-x /usr/lib/systemd/system/elemental*.service somewhere in our build process...

tserong avatar Aug 18 '25 07:08 tserong