rhel-system-roles/0112-fix-Ensure-user-linger-is-closed-on-EL10.patch

From 7473a31e3a0201131e42281bce9bbf9c88ac04ca Mon Sep 17 00:00:00 2001
From: Rich Megginson <rmeggins@redhat.com>
Date: Wed, 31 Jul 2024 18:52:57 -0600
Subject: [PATCH 112/115] fix: Ensure user linger is closed on EL10

Cause: There is an issue with loginctl on EL10 - doing cancel-linger
will leave the user session in the closing state.

Consequence: User sessions accumulate, and the test user cannot
be removed.

Fix: As suggested in the systemd issue, the fix is to shutdown and
restart systemd-logind in this situation.

Result: User cancel-linger works as expected.

Signed-off-by: Rich Megginson <rmeggins@redhat.com>
(cherry picked from commit 0ceea96a12bf0b462ca62d012d86cdcbd4f20eaa)
---
 tasks/cancel_linger.yml | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/tasks/cancel_linger.yml b/tasks/cancel_linger.yml
index f233fc4..00d38c2 100644
--- a/tasks/cancel_linger.yml
+++ b/tasks/cancel_linger.yml
@@ -58,5 +58,42 @@
       list | length == 0
     - __podman_linger_secrets.stdout == ""
   changed_when: true
+  register: __cancel_linger
   args:
     removes: /var/lib/systemd/linger/{{ __podman_linger_user }}
+
+- name: Wait for user session to exit closing state  # noqa no-handler
+  command: loginctl show-user -P State {{ __podman_linger_user | quote }}
+  register: __user_state
+  changed_when: false
+  until: __user_state.stdout != "closing"
+  when: __cancel_linger is changed
+  ignore_errors: true
+
+# see https://github.com/systemd/systemd/issues/26744#issuecomment-2261509208
+- name: Handle user stuck in closing state
+  when:
+    - __cancel_linger is changed
+    - __user_state is failed
+  block:
+    - name: Stop logind
+      service:
+        name: systemd-logind
+        state: stopped
+
+    - name: Wait for user session to exit closing state
+      command: loginctl show-user -P State {{ __podman_linger_user | quote }}
+      changed_when: false
+      register: __user_state
+      until: __user_state.stderr is match(__pat) or
+        __user_state.stdout != "closing"
+      failed_when:
+        - not __user_state.stderr is match(__pat)
+        - __user_state.stdout == "closing"
+      vars:
+        __pat: "Failed to get user: User ID .* is not logged in or lingering"
+
+    - name: Restart logind
+      service:
+        name: systemd-logind
+        state: started
-- 
2.46.0
System Roles update for 1.23.0-3 Resolves: RHEL-58465 - package rhel-system-roles.noarch does not provide docs for ansible-doc [rhel-8.10.z] Resolves: RHEL-58494 ad_integration - fix: Sets domain name lower case in realmd.conf section header [rhel-8.10.z] Resolves: RHEL-58917 bootloader - bootloader role tests do not work on ostree [rhel-8.10.z] Resolves: RHEL-45711 bootloader - fix: Set user.cfg path to /boot/grub2/ on EL 9 UEFI [rhel-8] Resolves: RHEL-58515 cockpit - cockpit install all wildcard match does not work in newer el9 [rhel-8.10.z] Resolves: RHEL-58485 logging - RFE - system-roles - logging: Add truncate options for local file inputs [rhel-8.10.z] Resolves: RHEL-58481 logging - redhat.rhel_system_roles.logging role fails to process logging_outputs: of type: "custom" [rhel-8.10.z] Resolves: RHEL-58477 logging - [RFE] Add the umask settings or enable a variable in linux-system-roles.logging [rhel-8.10.z] Resolves: RHEL-37550 logging - Setup imuxsock using rhel-system-roles.logging causing an error EL8 Resolves: RHEL-58519 nbde_client - feat: Allow initrd configuration to be skipped [rhel-8.10.z] Resolves: RHEL-58525 podman - fix: proper cleanup for networks; ensure cleanup of resources [rhel-8.10.z] Resolves: RHEL-58511 podman - fix: grab name of network to remove from quadlet file [rhel-8.10.z] Resolves: RHEL-58507 podman - Create podman secret when skip_existing=True and it does not exist [rhel-8.10.z] Resolves: RHEL-58503 podman - fix: do not use become for changing hostdir ownership, and expose subuid/subgid info [rhel-8.10.z] Resolves: RHEL-58498 podman - fix: use correct user for cancel linger file name [rhel-8.10.z] Resolves: RHEL-58460 podman - redhat.rhel_system_roles.podman fails to configure and run containers with podman rootless using different username and groupname. [rhel-8.10.z] Resolves: RHEL-58473 sshd - second SSHD service broken [rhel-8.10.z] Resolves: RHEL-58469 storage - rhel-system-role.storage is not idempotent [rhel-8.10.z] Resolves: RHEL-58489 timesync - System Roles: No module documentation [rhel-8.10.z] (cherry picked from commit 350d523452546e35bb0805af9ad9cc74712899d7) 2024-09-05 20:56:25 +00:00			`From 7473a31e3a0201131e42281bce9bbf9c88ac04ca Mon Sep 17 00:00:00 2001`
			`From: Rich Megginson <rmeggins@redhat.com>`
			`Date: Wed, 31 Jul 2024 18:52:57 -0600`
			`Subject: [PATCH 112/115] fix: Ensure user linger is closed on EL10`

			`Cause: There is an issue with loginctl on EL10 - doing cancel-linger`
			`will leave the user session in the closing state.`

			`Consequence: User sessions accumulate, and the test user cannot`
			`be removed.`

			`Fix: As suggested in the systemd issue, the fix is to shutdown and`
			`restart systemd-logind in this situation.`

			`Result: User cancel-linger works as expected.`

			`Signed-off-by: Rich Megginson <rmeggins@redhat.com>`
			`(cherry picked from commit 0ceea96a12bf0b462ca62d012d86cdcbd4f20eaa)`
			`---`
			`tasks/cancel_linger.yml \| 37 +++++++++++++++++++++++++++++++++++++`
			`1 file changed, 37 insertions(+)`

			`diff --git a/tasks/cancel_linger.yml b/tasks/cancel_linger.yml`
			`index f233fc4..00d38c2 100644`
			`--- a/tasks/cancel_linger.yml`
			`+++ b/tasks/cancel_linger.yml`
			`@@ -58,5 +58,42 @@`
			`list \| length == 0`
			`- __podman_linger_secrets.stdout == ""`
			`changed_when: true`
			`+ register: __cancel_linger`
			`args:`
			`removes: /var/lib/systemd/linger/{{ __podman_linger_user }}`
			`+`
			`+- name: Wait for user session to exit closing state # noqa no-handler`
			`+ command: loginctl show-user -P State {{ __podman_linger_user \| quote }}`
			`+ register: __user_state`
			`+ changed_when: false`
			`+ until: __user_state.stdout != "closing"`
			`+ when: __cancel_linger is changed`
			`+ ignore_errors: true`
			`+`
			`+# see https://github.com/systemd/systemd/issues/26744#issuecomment-2261509208`
			`+- name: Handle user stuck in closing state`
			`+ when:`
			`+ - __cancel_linger is changed`
			`+ - __user_state is failed`
			`+ block:`
			`+ - name: Stop logind`
			`+ service:`
			`+ name: systemd-logind`
			`+ state: stopped`
			`+`
			`+ - name: Wait for user session to exit closing state`
			`+ command: loginctl show-user -P State {{ __podman_linger_user \| quote }}`
			`+ changed_when: false`
			`+ register: __user_state`
			`+ until: __user_state.stderr is match(__pat) or`
			`+ __user_state.stdout != "closing"`
			`+ failed_when:`
			`+ - not __user_state.stderr is match(__pat)`
			`+ - __user_state.stdout == "closing"`
			`+ vars:`
			`+ __pat: "Failed to get user: User ID .* is not logged in or lingering"`
			`+`
			`+ - name: Restart logind`
			`+ service:`
			`+ name: systemd-logind`
			`+ state: started`
			`--`
			`2.46.0`