NS8: After uninstall and reinstall there's no admin user anymore

Support
1

Environment: NS8 on Rocky Linux 9.1 installed from ISO on Proxmox

After uninstall and reinstall there’s no admin user anymore:

[root@rocky1 ~]# redis-cli acl getuser admin
(nil)

I tried to setup the admin again:

[root@rocky1 ~]# api-cli run alter-user --data '{"user":"admin","set":{"password":"Nethesis,1234"},"revoke":[],"grant":[]}'
Warning: using user "cluster" credentials from the environment
""
[root@rocky1 ~]# redis-cli acl getuser admin
 1) "flags"
 2) 1) "on"
 3) "passwords"
 4) 1) "648a5db6b14800f4009f62ec6bdbd04b91b6b25179c92626839e3a91fb32da5e"
 5) "commands"
 6) "-@all"
 7) "keys"
 8) ""
 9) "channels"
10) ""
11) "selectors"
12) (empty array)
[root@rocky1 ~]# systemctl status api-server
● api-server.service - Cluster API server
     Loaded: loaded (/etc/systemd/system/api-server.service; enabled; vendor preset: disabled)
     Active: active (running) since Tue 2023-05-16 00:47:53 CEST; 9min ago
    Process: 9741 ExecStartPre=mkdir -vp -m 0700 ${SECRETS_DIR}/node ${SECRETS_DIR}/module ${TOKENS_DIR}/node ${TOKENS_DIR}/module (code=exited, status=0/SUCCESS)
   Main PID: 9754 (api-server)
      Tasks: 8 (limit: 23137)
     Memory: 35.3M
        CPU: 873ms
     CGroup: /system.slice/api-server.service
             └─9754 /usr/local/bin/api-server

May 16 00:55:05 rocky1.ns8.mrmarkuz.ddnss.eu api-server[9754]: [AUTH] error retrieving user authorizations: redis: nil

But login doesn’t work, following error in /var/log/messages:

May 16 00:58:03 rocky1 api-server[9754]: [AUTH] error retrieving user authorizations: redis: nil

/var/log/audit/audit.log:

type=SERVICE_START msg=audit(1684190873.057:632): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=agent@cluster comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'^]UID="root" AUID="unset"
type=SERVICE_START msg=audit(1684190873.080:633): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=agent@node comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'^]UID="root" AUID="unset"
type=SERVICE_START msg=audit(1684190873.094:634): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=api-server comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'^]UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1684190877.571:635): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'^]UID="root" AUID="unset"
type=BPF msg=audit(1684190877.592:636): prog-id=0 op=UNLOAD
type=BPF msg=audit(1684190877.592:637): prog-id=0 op=UNLOAD
type=ADD_GROUP msg=audit(1684190879.588:638): pid=10354 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=add-group acct="traefik1" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'^]UID="root" AUID="unset"
type=ADD_USER msg=audit(1684190879.594:639): pid=10354 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=add-user acct="traefik1" exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'^]UID="root" AUID="unset"
type=USER_MGMT msg=audit(1684190879.684:640): pid=10354 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=add-home-dir id=1000 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'^]UID="root" AUID="unset" ID="traefik1"
type=SERVICE_START msg=audit(1684190880.339:641): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user-runtime-dir@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'^]UID="root" AUID="unset"
type=USER_ACCT msg=audit(1684190880.504:642): pid=10410 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:accounting grantors=pam_unix acct="traefik1" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'^]UID="root" AUID="unset"
type=CRED_ACQ msg=audit(1684190880.504:643): pid=10410 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:setcred grantors=? acct="traefik1" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'^]UID="root" AUID="unset"
type=USER_ROLE_CHANGE msg=audit(1684190880.504:644): pid=10410 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'^]UID="root" AUID="unset"
type=LOGIN msg=audit(1684190880.507:645): pid=10410 uid=0 subj=system_u:system_r:init_t:s0 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=7 res=1^]UID="root" OLD-AUID="unset" AUID="traefik1"
type=SYSCALL msg=audit(1684190880.507:645): arch=c000003e syscall=1 success=yes exit=4 a0=7 a1=7ffc343320f0 a2=4 a3=3e8 items=0 ppid=1 pid=10410 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=7 comm="(systemd)" exe="/usr/lib/systemd/systemd" subj=system_u:system_r:init_t:s0 key=(null)^]ARCH=x86_64 SYSCALL=write AUID="traefik1" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1684190880.507:645): proctitle="(systemd)"
type=USER_START msg=audit(1684190880.518:646): pid=10410 uid=0 auid=1000 ses=7 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_limits,pam_systemd,pam_unix acct="traefik1" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'^]UID="root" AUID="traefik1"
type=SERVICE_START msg=audit(1684190880.755:647): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@1000 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'^]UID="root" AUID="unset"
type=SERVICE_START msg=audit(1684191864.097:648): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-r1668e5f327f94724a6e8cc3e4c705fc6 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'^]UID="root" AUID="unset"
type=SOFTWARE_UPDATE msg=audit(1684191864.106:649): pid=10643 uid=0 auid=0 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="nano-5.6.1-5.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=1 root_dir="/" comm="dnf" exe="/usr/bin/python3.9" hostname=rocky1.ns8.mrmarkuz.ddnss.eu addr=? terminal=pts/0 res=success'^]UID="root" AUID="root"
type=SERVICE_START msg=audit(1684191864.747:650): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=man-db-cache-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'^]UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1684191864.747:651): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=man-db-cache-update comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'^]UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1684191864.760:652): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-r1668e5f327f94724a6e8cc3e4c705fc6 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'^]UID="root" AUID="unset"

Last lines of installation procedure on CLI:

Start API server and core agents:
Created symlink /etc/systemd/system/multi-user.target.wants/api-server.service → /etc/systemd/system/api-server.service.
Created symlink /etc/systemd/system/default.target.wants/agent@cluster.service → /etc/systemd/system/agent@.service.
Created symlink /etc/systemd/system/default.target.wants/agent@node.service → /etc/systemd/system/agent@.service.
Grant initial permissions:
Install Traefik:
<7>podman-pull-missing ghcr.io/nethserver/traefik:0.0.12
Trying to pull ghcr.io/nethserver/traefik:0.0.12...
Getting image source signatures
Copying blob sha256:09162905b8134233771eb175fd33ed61e4af6df9fc3b9091950afbcd88df4aae
Copying config sha256:19d93e981c33f9f41bae92b525644f133cfdd431fbdb8cec171d43183fda455b
Writing manifest to image destination
Storing signatures
19d93e981c33f9f41bae92b525644f133cfdd431fbdb8cec171d43183fda455b
<7>extract-ui ghcr.io/nethserver/traefik:0.0.12
Extracting container filesystem ui to /var/lib/nethserver/cluster/ui/apps/traefik1
ui/index.html
eadaee232c41b77ee62ea806ad1d0b462a4e37de34dec3345fff26fb3c294d85
Assertion failed
  File "/var/lib/nethserver/cluster/actions/add-module/50update", line 202, in <module>
    agent.assert_exp(create_module_result['exit_code'] == 0) # Ensure create-module is successful
3 Likes
2

This is for sure unexpected.
We use this procedure to test the system during the development.

Sometimes I saw something similar and the problem was that the uninstall command didn’t complete correctly.
The install procedure spreads a lot of things around the system and if something is not cleaned up correctly, you could face such situation. My advice, in this case, is just a clean install: less quick, but hassle free! :smiley:

1 Like