I’m having an issue where all my Oracle Linux 8 clients have a ton of security fixlets reported as relevant in the console, reported relevant in the log initially and then reported non-relevant in the log (as usual as part of the fixlet log flow), exits with an exit code=1, but the patch actions status is reported as Failed with Exit code 1 and the fixlet remains in the relevant fixlets list for the clients.
This is happening to all our 8 Oracle Linux Servers for fixlets with the following naming: “ELBA-###-###-oracle linux” and “ELSA-###-###-oracle linux”
Here’s the Log from one of the clients (/var/opt/BESClient/__BESData/__Global/Logs/YYYMMDD.log):
Successful Synchronization with site ‘actionsite’ (version 554) - 'http://myservername:52311/cgi-bin/bfgather.exe/actionsite’
Successful Synchronization with site ‘mailboxsite’ (version 9) - ‘http://myservername:52311/cgi-bin/bfgather.exe/mailboxsite1619820185’
[ThreadTime:23:56:22] SetupListener success: IPV4/6
Encryption: optional encryption with no certificate; reports in cleartext
Report posted successfully
At 23:56:58 -0400 -
GatherHashMV command received.
At 23:56:59 -0400 - mailboxsite (http://myservername:52311/cgi-bin/bfgather.exe/mailboxsite1619820185)
Downloaded ‘http://myservername:52311/mailbox/files/da/d5/dad5a7a3091c31d5397fbcb20044f282d5e78ad4’ as 'Action 1433.fxf’
Gather::SyncSiteByFile adding files - count: 1
At 23:56:59 -0400 -
Successful Synchronization with site ‘mailboxsite’ (version 10) - 'http://myservername:52311/cgi-bin/bfgather.exe/mailboxsite1619820185’
Processing action site.
At 23:56:59 -0400 - mailboxsite (http://myservername:52311/cgi-bin/bfgather.exe/mailboxsite1619820185)
Relevant - ELSA-2020-4670 - Oracle Linux idm:DL1 and idm:client security, bug fix, and enhancement update - Oracle Linux 8 x86_64 (fixlet:1433)
At 23:57:00 -0400 -
ActionLogMessage: (action:1433) Action signature verified for Execution
ActionLogMessage: (action:1433) starting action
At 23:57:00 -0400 - actionsite (http://myservername:52311/cgi-bin/bfgather.exe/actionsite)
Command succeeded parameter “sitefolder” = “/var/opt/BESClient/__BESData/Patches for Oracle Linux 8” (action:1433)
Command succeeded parameter “EDR_DeployDataDir” = “/var/opt/BESClient/EDRDeployData/” (action:1433)
Command succeeded parameter “cwd” = “/var/opt/BESClient/EDRDeployData/” (action:1433)
Command succeeded parameter “fixletid” = “20467001” (action:1433)
Command succeeded parameter “t0” = “” (action:1433)
Command succeeded parameter “t1” = “” (action:1433)
Command succeeded parameter “t2” = “” (action:1433)
Command succeeded parameter “t3” = “” (action:1433)
Command succeeded parameter “t4” = “” (action:1433)
Command succeeded parameter “t5” = “” (action:1433)
Command succeeded parameter “t6” = “” (action:1433)
Command succeeded parameter “t7” = “” (action:1433)
Command succeeded parameter “t8” = “” (action:1433)
Command succeeded parameter “t9” = “” (action:1433)
Command succeeded parameter “t10” = “” (action:1433)
Command succeeded parameter “t11” = “” (action:1433)
Command succeeded parameter “t12” = “” (action:1433)
Command succeeded parameter “t13” = “” (action:1433)
Command succeeded parameter “t14” = “” (action:1433)
Command succeeded parameter “t15” = “” (action:1433)
Command succeeded parameter “t16” = “” (action:1433)
Command succeeded parameter “t17” = “” (action:1433)
Command succeeded parameter “t18” = “” (action:1433)
Command succeeded parameter “t19” = “” (action:1433)
Command succeeded parameter “t20” = “” (action:1433)
Command succeeded parameter “t21” = “” (action:1433)
Command succeeded parameter “t22” = “” (action:1433)
Command succeeded parameter “t23” = “” (action:1433)
Command succeeded parameter “t24” = “python3-qrcode-core-5.1-12.module+el8.3.0+7868+2151076c.noarch” (action:1433)
Command succeeded parameter “t25” = “” (action:1433)
Command succeeded parameter “t26” = “” (action:1433)
Command succeeded parameter “t27” = “” (action:1433)
Command succeeded parameter “t28” = “” (action:1433)
Command succeeded parameter “packages” = " python3-qrcode-core-5.1-12.module+el8.3.0+7868+2151076c.noarch " (action:1433)
Command started - wait /bin/bash “/var/opt/BESClient/__BESData/Patches for Oracle Linux 8/InstallPackages.sh” -f “20467001” -l “/var/opt/BESClient/EDRDeployData/” python3-qrcode-core-5.1-12.module+el8.3.0+7868+2151076c.noarch (action:1433)
At 23:57:02 -0400 - actionsite (http://myservername:52311/cgi-bin/bfgather.exe/actionsite)
Command succeeded (Exit Code=1) wait /bin/bash “/var/opt/BESClient/__BESData/Patches for Oracle Linux 8/InstallPackages.sh” -f “20467001” -l “/var/opt/BESClient/EDRDeployData/” python3-qrcode-core-5.1-12.module+el8.3.0+7868+2151076c.noarch (action:1433)
At 23:57:02 -0400 -
ActionLogMessage: (action:1433) ending action
At 23:57:02 -0400 - mailboxsite (http://myservername:52311/cgi-bin/bfgather.exe/mailboxsite1619820185)
Not Relevant - ELSA-2020-4670 - Oracle Linux idm:DL1 and idm:client security, bug fix, and enhancement update - Oracle Linux 8 x86_64 (fixlet:1433)
–
rerunning the fixlet action returns the same results… reported as relevant, all the stuff goes through, and then non relevant… its like it was never run before.
The relevance clause is required for the relevance to place it in the list of relevant fixlets for a client… and the clients are listed in the applicable computers for the fixlet… so what’s the deal?
– the description of the fixlet reads:
Oracle Linux idm:DL1 bug fix update.
For more information, see the corresponding Oracle Linux errata page.
Target RPMs
bind-dyndb-ldap-11.6-2.module+el8.4.0+20088+3d202164.x86_64.rpm
custodia-0.6.0-3.module+el8.3.0+7868+2151076c.noarch.rpm
ipa-client-4.9.2-4.0.2.module+el8.4.0+20421+d66d64cb.x86_64.rpm
ipa-client-common-4.9.2-4.0.2.module+el8.4.0+20421+d66d64cb.noarch.rpm
ipa-client-epn-4.9.2-4.0.2.module+el8.4.0+20421+d66d64cb.x86_64.rpm
ipa-client-samba-4.9.2-4.0.2.module+el8.4.0+20421+d66d64cb.x86_64.rpm
ipa-common-4.9.2-4.0.2.module+el8.4.0+20421+d66d64cb.noarch.rpm
ipa-healthcheck-0.7-3.module+el8.4.0+20088+3d202164.noarch.rpm
ipa-healthcheck-core-0.7-3.module+el8.4.0+20088+3d202164.noarch.rpm
ipa-python-compat-4.9.2-4.0.2.module+el8.4.0+20421+d66d64cb.noarch.rpm
ipa-selinux-4.9.2-4.0.2.module+el8.4.0+20421+d66d64cb.noarch.rpm
ipa-server-4.9.2-4.0.2.module+el8.4.0+20421+d66d64cb.x86_64.rpm
ipa-server-common-4.9.2-4.0.2.module+el8.4.0+20421+d66d64cb.noarch.rpm
ipa-server-dns-4.9.2-4.0.2.module+el8.4.0+20421+d66d64cb.noarch.rpm
ipa-server-trust-ad-4.9.2-4.0.2.module+el8.4.0+20421+d66d64cb.x86_64.rpm
opendnssec-2.1.7-1.module+el8.4.0+20088+3d202164.x86_64.rpm
python3-custodia-0.6.0-3.module+el8.3.0+7868+2151076c.noarch.rpm
python3-ipaclient-4.9.2-4.0.2.module+el8.4.0+20421+d66d64cb.noarch.rpm
python3-ipalib-4.9.2-4.0.2.module+el8.4.0+20421+d66d64cb.noarch.rpm
python3-ipaserver-4.9.2-4.0.2.module+el8.4.0+20421+d66d64cb.noarch.rpm
python3-ipatests-4.9.2-4.0.2.module+el8.4.0+20421+d66d64cb.noarch.rpm
python3-jwcrypto-0.5.0-1.module+el8.3.0+7868+2151076c.noarch.rpm
python3-kdcproxy-0.4-5.module+el8.3.0+7868+2151076c.noarch.rpm
python3-pyusb-1.0.0-9.module+el8.3.0+7868+2151076c.noarch.rpm
python3-qrcode-5.1-12.module+el8.3.0+7868+2151076c.noarch.rpm
python3-qrcode-core-5.1-12.module+el8.3.0+7868+2151076c.noarch.rpm
python3-yubico-1.3.2-9.module+el8.3.0+7868+2151076c.noarch.rpm
slapi-nis-0.56.6-2.1.module+el8.4.0+20393+6d4ac663.x86_64.rpm
softhsm-2.6.0-5.module+el8.4.0+20161+5ecb5b37.x86_64.rpm
softhsm-devel-2.6.0-5.module+el8.4.0+20161+5ecb5b37.x86_64.rpm
Note: A target package only installs if a previous version of that package exists on the targeted system. Additionally, the action also attempts to find and install all required dependency packages. It is possible that the dependencies might conflict with existing packages on the endpoint.
Note: Repository metadata are downloaded on the endpoint. The number of files, download size, and file size reflect the target packages only.
–
Your help is greatly appreciated.
Thanks