Project

General

Profile

Actions

Bug #14789

closed

puppetlabs-apache 1.9.0 adds phusionpassenger yum repo

Added by Anonymous over 8 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
External modules
Target version:
Fixed in Releases:
Found in Releases:

Description

See https://github.com/puppetlabs/puppetlabs-apache/commit/9996cb23

The result:

mmoll@ice:/tmp/sosreport-foreman-el7.example.com-20160422074236/etc/yum.repos.d$ cat passenger.repo 
[passenger]
name=passenger
baseurl=https://oss-binaries.phusionpassenger.com/yum/passenger/el/$releasever/$basearch
enabled=1
gpgcheck=0
repo_gpgcheck=1
gpgkey=https://packagecloud.io/gpg.key
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
sslverify=1

I guess it is a problem to have this repo, even if no packages are pulled from it(?), as for sites that have thier own mirrored repos and no internet access, the repo update will fail.


Related issues 3 (0 open3 closed)

Related to Packaging - Feature #14788: Ubuntu/xenial tracker issueClosed04/22/2016Actions
Related to Katello - Bug #15393: katello install failing due to passenger errorClosedStephen Benjamin06/13/2016Actions
Blocked by Kafo - Feature #14945: Add support for configuring HieraClosedDominic Cleal05/06/2016Actions
Actions #1

Updated by Anonymous over 8 years ago

Actions #2

Updated by Dominic Cleal over 8 years ago

It might not be our preferred setup, but with the exception of some SELinux issues, the packages should be installed from this repo and work OK.

Actions #3

Updated by Dominic Cleal over 8 years ago

  • Translation missing: en.field_release set to 136

A downside of these packages is that they're not compatible with EL6 when SELinux is enforcing - they actually fail to install:

 Execution of '/usr/bin/yum -d 0 -e 0 -y install mod_passenger' returned 1: Error in PREIN scriptlet in rpm package passenger-5.0.27-8.el6.x86_64
 %pre(passenger-5.0.27-8.el6.x86_64) scriptlet failed, exit status 1
   install: %pre scriptlet failed (2), skipping passenger-5.0.27-8.el6
 /Stage[main]/Apache::Mod::Passenger/Apache::Mod[passenger]/Package[mod_passenger]/ensure: change from absent to present failed: Execution of '/usr/bin/yum -d 0 -e 0 -y install mod_passenger' returned 1: Error in PREIN scriptlet in rpm package passenger-5.0.27-8.el6.x86_
64
 %pre(passenger-5.0.27-8.el6.x86_64) scriptlet failed, exit status 1
   install: %pre scriptlet failed (2), skipping passenger-5.0.27-8.el6
# rpm -ivh passenger-5.0.27-8.el6.x86_64.rpm
Preparing...                ########################################### [100%]

   !!!! PASSENGER CANNOT BE INSTALLED: KERNEL TOO OLD !!!!

   You are currently running kernel 2.6.32-358.el6.x86_64, with SELinux policy
   version 24. However, Passenger's SELinux policy requires kernel >= 2.6.39,
   with support for policy version >= 25.

   There are two ways to solve this problem:

   Alternative 1: upgrade your kernel to at least 2.6.39, then reinstall
   Passenger.

   -OR-

   Alternative 2: disable SELinux.
   Edit /etc/selinux/config, set SELINUX=disabled, reboot, then
   reinstall Passenger.

error: %pre(passenger-5.0.27-8.el6.x86_64) scriptlet failed, exit status 1
error:   install: %pre scriptlet failed (2), skipping passenger-5.0.27-8.el6
Actions #4

Updated by Dominic Cleal over 8 years ago

Actions #5

Updated by Dominic Cleal over 8 years ago

  • Status changed from New to Assigned
  • Assignee set to Dominic Cleal
Actions #6

Updated by Lukas Zapletal over 8 years ago

For the record, I believe these are denials caused by this:

llow httpd_t foreman_enc_t:file { ioctl execute read open getattr execute_no_trans };
allow httpd_t foreman_log_t:file { write open };
allow httpd_t foreman_var_run_t:dir { write rmdir read remove_name create add_name };
allow httpd_t foreman_var_run_t:file { rename setattr read create write ioctl unlink open append };
allow httpd_t puppet_etc_t:dir read;
allow httpd_t puppet_log_t:dir { write add_name };
allow httpd_t puppet_log_t:file { write create open };
allow httpd_t puppet_var_lib_t:dir { write rmdir relabelto relabelfrom remove_name create add_name };
allow httpd_t puppet_var_lib_t:file { rename write setattr relabelfrom relabelto create };
allow httpd_t self:capability sys_ptrace;

#!!!! This avc can be allowed using the boolean 'httpd_run_stickshift'
allow httpd_t self:capability { fowner fsetid };
allow httpd_t self:capability2 block_suspend;

#!!!! This avc can be allowed using the boolean 'nis_enabled'
allow httpd_t unreserved_port_t:udp_socket name_bind;

*******************************************************************

type=AVC msg=audit(1462976395.638:1831): avc:  denied  { write } for  pid=24541 comm="diagnostic_con*" name="cache" dev="tmpfs" ino=118682 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:foreman_var_run_t:s0 tclass=dir
type=AVC msg=audit(1462976395.655:1832): avc:  denied  { block_suspend } for  pid=1914 comm="PassengerAgent" capability=36  scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=capability2
type=AVC msg=audit(1462976400.005:1833): avc:  denied  { sys_ptrace } for  pid=1903 comm="PassengerAgent" capability=19  scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=capability

type=AVC msg=audit(1462974941.898:1711): avc:  denied  { create } for  pid=24900 comm="ruby" name="centos7-bats.example.com-push-facts.yaml" scontext
=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:puppet_var_lib_t:s0 tclass=file
type=AVC msg=audit(1462974941.898:1711): avc:  denied  { write } for  pid=24900 comm="ruby" path="/var/lib/puppet/yaml/foreman/centos7-bats.example.c
om-push-facts.yaml" dev="vda3" ino=532212 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:puppet_var_lib_t:s0 tclass=file
type=AVC msg=audit(1462974942.124:1712): avc:  denied  { setattr } for  pid=24723 comm="ruby" name="centos7-bats.example.com.yaml20160511-24718-m7oeo
1" dev="vda3" ino=403081 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:puppet_var_lib_t:s0 tclass=file
Actions #7

Updated by Dominic Cleal over 8 years ago

  • Related to deleted (Feature #14945: Add support for configuring Hiera)
Actions #8

Updated by Dominic Cleal over 8 years ago

Actions #9

Updated by The Foreman Bot over 8 years ago

  • Status changed from Assigned to Ready For Testing
  • Pull request https://github.com/theforeman/foreman-installer/pull/185 added
Actions #10

Updated by The Foreman Bot over 8 years ago

  • Pull request https://github.com/theforeman/foreman-packaging/pull/1166 added
Actions #11

Updated by Dominic Cleal over 8 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions #12

Updated by Stephen Benjamin over 8 years ago

  • Related to Bug #15393: katello install failing due to passenger error added
Actions

Also available in: Atom PDF