Actions
Bug #14789
closed
puppetlabs-apache 1.9.0 adds phusionpassenger yum repo
Difficulty:
Triaged:
Description
See https://github.com/puppetlabs/puppetlabs-apache/commit/9996cb23
The result:
mmoll@ice:/tmp/sosreport-foreman-el7.example.com-20160422074236/etc/yum.repos.d$ cat passenger.repo [passenger] name=passenger baseurl=https://oss-binaries.phusionpassenger.com/yum/passenger/el/$releasever/$basearch enabled=1 gpgcheck=0 repo_gpgcheck=1 gpgkey=https://packagecloud.io/gpg.key sslcacert=/etc/pki/tls/certs/ca-bundle.crt sslverify=1
I guess it is a problem to have this repo, even if no packages are pulled from it(?), as for sites that have thier own mirrored repos and no internet access, the repo update will fail.
Updated by Anonymous over 8 years ago
- Related to Feature #14788: Ubuntu/xenial tracker issue added
Updated by Dominic Cleal over 8 years ago
It might not be our preferred setup, but with the exception of some SELinux issues, the packages should be installed from this repo and work OK.
Updated by Dominic Cleal over 8 years ago
- Translation missing: en.field_release set to 136
A downside of these packages is that they're not compatible with EL6 when SELinux is enforcing - they actually fail to install:
Execution of '/usr/bin/yum -d 0 -e 0 -y install mod_passenger' returned 1: Error in PREIN scriptlet in rpm package passenger-5.0.27-8.el6.x86_64 %pre(passenger-5.0.27-8.el6.x86_64) scriptlet failed, exit status 1 install: %pre scriptlet failed (2), skipping passenger-5.0.27-8.el6 /Stage[main]/Apache::Mod::Passenger/Apache::Mod[passenger]/Package[mod_passenger]/ensure: change from absent to present failed: Execution of '/usr/bin/yum -d 0 -e 0 -y install mod_passenger' returned 1: Error in PREIN scriptlet in rpm package passenger-5.0.27-8.el6.x86_ 64 %pre(passenger-5.0.27-8.el6.x86_64) scriptlet failed, exit status 1 install: %pre scriptlet failed (2), skipping passenger-5.0.27-8.el6
# rpm -ivh passenger-5.0.27-8.el6.x86_64.rpm Preparing... ########################################### [100%] !!!! PASSENGER CANNOT BE INSTALLED: KERNEL TOO OLD !!!! You are currently running kernel 2.6.32-358.el6.x86_64, with SELinux policy version 24. However, Passenger's SELinux policy requires kernel >= 2.6.39, with support for policy version >= 25. There are two ways to solve this problem: Alternative 1: upgrade your kernel to at least 2.6.39, then reinstall Passenger. -OR- Alternative 2: disable SELinux. Edit /etc/selinux/config, set SELINUX=disabled, reboot, then reinstall Passenger. error: %pre(passenger-5.0.27-8.el6.x86_64) scriptlet failed, exit status 1 error: install: %pre scriptlet failed (2), skipping passenger-5.0.27-8.el6
Updated by Dominic Cleal over 8 years ago
- Related to Feature #14945: Add support for configuring Hiera added
Updated by Dominic Cleal over 8 years ago
- Status changed from New to Assigned
- Assignee set to Dominic Cleal
Updated by Lukas Zapletal over 8 years ago
For the record, I believe these are denials caused by this:
llow httpd_t foreman_enc_t:file { ioctl execute read open getattr execute_no_trans };
allow httpd_t foreman_log_t:file { write open };
allow httpd_t foreman_var_run_t:dir { write rmdir read remove_name create add_name };
allow httpd_t foreman_var_run_t:file { rename setattr read create write ioctl unlink open append };
allow httpd_t puppet_etc_t:dir read;
allow httpd_t puppet_log_t:dir { write add_name };
allow httpd_t puppet_log_t:file { write create open };
allow httpd_t puppet_var_lib_t:dir { write rmdir relabelto relabelfrom remove_name create add_name };
allow httpd_t puppet_var_lib_t:file { rename write setattr relabelfrom relabelto create };
allow httpd_t self:capability sys_ptrace;
#!!!! This avc can be allowed using the boolean 'httpd_run_stickshift'
allow httpd_t self:capability { fowner fsetid };
allow httpd_t self:capability2 block_suspend;
#!!!! This avc can be allowed using the boolean 'nis_enabled'
allow httpd_t unreserved_port_t:udp_socket name_bind;
*******************************************************************
type=AVC msg=audit(1462976395.638:1831): avc: denied { write } for pid=24541 comm="diagnostic_con*" name="cache" dev="tmpfs" ino=118682 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:foreman_var_run_t:s0 tclass=dir
type=AVC msg=audit(1462976395.655:1832): avc: denied { block_suspend } for pid=1914 comm="PassengerAgent" capability=36 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=capability2
type=AVC msg=audit(1462976400.005:1833): avc: denied { sys_ptrace } for pid=1903 comm="PassengerAgent" capability=19 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=capability
type=AVC msg=audit(1462974941.898:1711): avc: denied { create } for pid=24900 comm="ruby" name="centos7-bats.example.com-push-facts.yaml" scontext
=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:puppet_var_lib_t:s0 tclass=file
type=AVC msg=audit(1462974941.898:1711): avc: denied { write } for pid=24900 comm="ruby" path="/var/lib/puppet/yaml/foreman/centos7-bats.example.c
om-push-facts.yaml" dev="vda3" ino=532212 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:puppet_var_lib_t:s0 tclass=file
type=AVC msg=audit(1462974942.124:1712): avc: denied { setattr } for pid=24723 comm="ruby" name="centos7-bats.example.com.yaml20160511-24718-m7oeo
1" dev="vda3" ino=403081 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:puppet_var_lib_t:s0 tclass=file
Updated by Dominic Cleal over 8 years ago
- Related to deleted (Feature #14945: Add support for configuring Hiera)
Updated by Dominic Cleal over 8 years ago
- Blocked by Feature #14945: Add support for configuring Hiera added
Updated by The Foreman Bot over 8 years ago
- Status changed from Assigned to Ready For Testing
- Pull request https://github.com/theforeman/foreman-installer/pull/185 added
Updated by The Foreman Bot over 8 years ago
- Pull request https://github.com/theforeman/foreman-packaging/pull/1166 added
Updated by Dominic Cleal over 8 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset e5dce673886caee6bebfc0ad91e19d43bbabb737.
Updated by Stephen Benjamin over 8 years ago
- Related to Bug #15393: katello install failing due to passenger error added
Actions