Waiting for conversion

Unitron_Group · February 23, 2024, 4:28pm

Hi,
in xibo 4.07(docker version) if I add to a layout a playlist with jpg images and want to publish the layout, I get the waiting for conversion error.

regards,
Manole

pitoco02 · February 24, 2024, 5:16pm

May your CMS tasks are not running properly.

Go to: https://yourcms.com/task/view

Check all tasks, but take a look in the Image Processing task:

Tell us what you get after this.

Unitron_Group · February 26, 2024, 9:18am

is active but can’t see if is properly running.
if I upload the pictures directly on the layout is working properly but if I put it in a playlist I get the pending error.
in version 3.3.9 is working ok, only from version 4.x not anymore.

Unitron_Group · February 26, 2024, 10:19pm

something wrong with cron in the version 4 container.

Unitron_Group · February 27, 2024, 11:42am

As a workaround commenting the module pam_loginuid.so inside /etc/pam.d/cron and restart cron helps
I use podman

podman exec -ti CONTAINER ID bash

sed -i '/session required pam_loginuid.so/c\#session required pam_loginuid.so' /etc/pam.d/cron

this works also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762157

change pam_loginuid.so from required to optional in the /etc/pam.d/cron configuration

eldarium · February 28, 2024, 1:35pm

THANK ! YOU !
Was struggling on that for weeks (exact same symptoms and same OK versions, also using Podman)
Ping @natasha to see if that can be fixed in future releases.

Unitron_Group · February 28, 2024, 1:48pm

I added --cap-add AUDIT_CONTROL to docker-compose.yml and for me is working

reference:

github.com/containers/podman

Cannot ssh to container for operation permitted on /proc/self/loginuid

opened 04:32AM - 26 Jan 22 UTC

closed 06:54PM - 09 Feb 22 UTC

vikas-goel

kind/bug locked - please file new issue/PR

/kind bug Regression **Description** I have a container with SSH runnin…g inside. I have added AUDIT_WRITE capability to the container. After updating podman to mainline, unable to SSH to the container. **Steps to reproduce the issue:** 1. Add "AUDIT_WRITE" to the default_capabilities list in /usr/share/containers/containers.conf file 2. Put SELinux in Permissive mode 3. Start a container with public IP address and run sshd inside 4. Login to the container using the public IP address **Describe the results you received:** SSH connection breaks as soon after credentials is verified and PAM tries to open session. /var/log/secure log ``` Jan 25 20:12:17 myhost sshd[278]: Accepted password for myuser from 1x.yy.aa.bb port 51250 ssh2 Jan 25 20:12:17 myhost sshd[278]: pam_loginuid(sshd:session): Error writing /proc/self/loginuid: Operation not permitted Jan 25 20:12:17 myhost sshd[278]: pam_loginuid(sshd:session): set_loginuid failed Jan 25 20:12:17 myhost sshd[278]: pam_unix(sshd:session): session opened for user myuser by (uid=0) Jan 25 20:12:17 myhost sshd[278]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session Jan 25 20:12:17 myhost sshd[280]: Received disconnect 1x.yy.aa.bb port 51250:11: disconnected by user Jan 25 20:12:17 myhost sshd[280]: Disconnected from 1x.yy.aa.bb port 51250 ``` SSH server logs when run in debug mode ``` debug1: userauth-request for user myuser service ssh-connection method password [preauth] debug1: attempt 1 failures 0 [preauth] debug1: PAM: password authentication accepted for myuser debug1: do_pam_account: called Accepted password for appadmin from 1x.yy.aa.bb port 51228 ssh2 debug1: monitor_child_preauth: myuser has been authenticated by privileged process debug1: monitor_read_log: child log fd closed debug1: temporarily_use_uid: 1000/100 (e=0/0) debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism debug1: restore_uid: 0/0 debug1: SELinux support disabled debug1: PAM: establishing credentials PAM: pam_open_session(): Cannot make/remove an entry for the specified session User child is on pid 311 debug1: PAM: establishing credentials debug1: permanently_set_uid: 1000/100 debug1: rekey after 4294967296 blocks debug1: rekey after 4294967296 blocks debug1: ssh_packet_set_postauth: called debug1: Entering interactive session for SSH2. debug1: server_init_dispatch debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384 debug1: input_session_request debug1: channel 0: new [server-session] debug1: session_new: session 0 debug1: session_open: channel 0 debug1: session_open: session 0: link with channel 0 debug1: server_input_channel_open: confirm session debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0 debug1: server_input_channel_req: channel 0 request pty-req reply 1 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req pty-req debug1: Allocating pty. debug1: session_new: session 0 debug1: SELinux support disabled debug1: session_pty_req: session 0 alloc /dev/pts/2 debug1: server_input_channel_req: channel 0 request env reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req env debug1: server_input_channel_req: channel 0 request shell reply 1 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req shell Starting session: shell on pts/2 for myuser from 1x.yy.aa.bb port 51228 id 0 debug1: Setting controlling tty using TIOCSCTTY. debug1: Received SIGCHLD. debug1: session_by_pid: pid 312 debug1: session_exit_message: session 0 channel 0 pid 312 debug1: session_exit_message: release channel 0 debug1: session_by_tty: session 0 tty /dev/pts/2 debug1: session_pty_cleanup: session 0 release /dev/pts/2 Received disconnect from 1x.yy.aa.bb port 51228:11: disconnected by user Disconnected from 1x.yy.aa.bb port 51228 debug1: do_cleanup debug1: do_cleanup debug1: PAM: cleanup debug1: PAM: deleting credentials ``` **Describe the results you expected:** SSH connection should work. **Additional information you deem important (e.g. issue happens only occasionally):** Always **Output of `podman version`:** ``` Client: Podman Engine Version: 4.0.0-dev API Version: 4.0.0-dev Go Version: go1.17.5 Git Commit: be722e59eca6cf4b8f9249825e044930d6534f74 Built: Mon Jan 24 12:57:44 2022 OS/Arch: linux/amd64 ``` **Output of `podman info --debug`:** ``` host: arch: amd64 buildahVersion: 1.24.0-dev cgroupControllers: - cpuset - cpu - cpuacct - blkio - memory - devices - freezer - net_cls - perf_event - net_prio - hugetlb - pids - rdma cgroupManager: systemd cgroupVersion: v1 conmon: package: conmon-2.0.29-1.module+el8.5.0+12582+56d94c81.x86_64 path: /usr/bin/conmon version: 'conmon version 2.0.29, commit: 0f5bee61b18d4581668e5bf18b910cda3cff5081' cpus: 8 distribution: distribution: '"rhel"' version: "8.5" eventLogger: file hostname: myhost idMappings: gidmap: null uidmap: null kernel: 4.18.0-348.12.2.el8_5.x86_64 linkmode: dynamic logDriver: journald memFree: 14842597376 memTotal: 33511686144 networkBackend: cni ociRuntime: name: runc package: runc-1.0.2-1.module+el8.5.0+12582+56d94c81.x86_64 path: /usr/bin/runc version: |- runc version 1.0.2 spec: 1.0.2-dev go: go1.16.7 libseccomp: 2.5.2 os: linux remoteSocket: path: /run/podman/podman.sock security: apparmorEnabled: false capabilities: CAP_AUDIT_WRITE,CAP_NET_RAW,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT rootless: false seccompEnabled: true seccompProfilePath: /usr/share/containers/seccomp.json selinuxEnabled: true serviceIsRemote: false slirp4netns: executable: /usr/bin/slirp4netns package: slirp4netns-1.1.8-1.module+el8.5.0+12582+56d94c81.x86_64 version: |- slirp4netns version 1.1.8 commit: d361001f495417b880f20329121e3aa431a8f90f libslirp: 4.4.0 SLIRP_CONFIG_VERSION_MAX: 3 libseccomp: 2.5.2 swapFree: 20002631680 swapTotal: 20002631680 uptime: 152h 25m 6s (Approximately 6.33 days) plugins: log: - k8s-file - none - passthrough - journald network: - bridge - macvlan - ipvlan volume: - local - filevol registries: search: - registry.fedoraproject.org - registry.access.redhat.com - registry.centos.org - docker.io store: configFile: /etc/containers/storage.conf containerStore: number: 4 paused: 0 running: 2 stopped: 2 graphDriverName: overlay graphOptions: overlay.mountopt: nodev,metacopy=on graphRoot: /var/lib/containers/storage graphStatus: Backing Filesystem: xfs Native Overlay Diff: "false" Supports d_type: "true" Using metacopy: "true" imageCopyTmpDir: /var/tmp imageStore: number: 5 runRoot: /run/containers/storage volumePath: /var/lib/containers/storage/volumes version: APIVersion: 4.0.0-dev Built: 1643057864 BuiltTime: Mon Jan 24 12:57:44 2022 GitCommit: be722e59eca6cf4b8f9249825e044930d6534f74 GoVersion: go1.17.5 OsArch: linux/amd64 Version: 4.0.0-dev ``` **Package info (e.g. output of `rpm -q podman` or `apt list podman`):** ``` Local podman build from mainline ``` **Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/main/troubleshooting.md)** Yes **Additional environment details (AWS, VirtualBox, physical, etc.):** RHEL 8.5 VM

eldarium · February 28, 2024, 2:39pm

So, that only concerns Podman users and not Docker ones, from what I understood ?

Unitron_Group · February 28, 2024, 3:12pm

I think so.
just tested and if I start podman-compose through systemd service is also working without modifications.