Project

General

Profile

Bug #14928

Katello-installer fails to install and configure katello/foreman/puppet on centos7.2

Added by Edward Clay about 6 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
High
Assignee:
-
Category:
SElinux
Target version:
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Hello,

I'm having issues getting katello installed on a CentOS 7.2 server with selinux enabled. I get the following errors from the execution of:

katello-installer --capsule-bmc="true" --capsule-dhcp="true" --capsule-dhcp-gateway="10.4.15.1" --capsule-dhcp-interface="enp4s0" --capsule-dhcp-range="10.4.15.240 10.4.15.254" --capsule-dns-interface="enp5s0" --foreman-selinux="true"

Could not start Service[httpd]: Execution of '/usr/share/katello-installer/modules/service_wait/bin/service-wait start httpd' returned 1: Redirecting to /bin/systemctl start  httpd.service
/Stage[main]/Apache::Service/Service[httpd]/ensure: change from stopped to running failed: Could not start Service[httpd]: Execution of '/usr/share/katello-installer/modules/service_wait/bin/service-wait start httpd' returned 1: Redirecting to /bin/systemctl start httpd.service
/Stage[main]/Foreman::Database/Foreman::Rake[db:seed]/Exec[foreman-rake-db:seed]: Failed to call refresh: /usr/sbin/foreman-rake db:seed returned 1 instead of one of [0]
/Stage[main]/Foreman::Database/Foreman::Rake[db:seed]/Exec[foreman-rake-db:seed]: /usr/sbin/foreman-rake db:seed returned 1 instead of one of [0]
Installing Done [100%] [..................................]
Something went wrong! Check the log for ERROR-level output
The full log is at /var/log/katello-installer/katello-installer.log

I see that port 5000, which seems to be the culperit here, is enabled via complex_main_port_t.

[root@il-foreman1 ~]# semanage port -l | grep 5000

commplex_main_port_t tcp 5000
commplex_main_port_t udp 5000

If I setenforce 0 on this server it will install and apache will start up on port 5000.

It really isn't our desire to run this server with selinux disabled or in permissive mode. I've seen reports of this issue with CentOS 6.x and RHEL 6.x but not with 7.

History

#1 Updated by Eric Helms about 6 years ago

  • Status changed from New to Need more information

What version of Katello are you seeing this on?

#2 Updated by Edward Clay about 6 years ago

Eric Helms wrote:

What version of Katello are you seeing this on?

2.4.1-1

katello-2.4.1-1.el7.noarch

#3 Updated by Eric Helms about 6 years ago

  • Category set to SElinux
  • Legacy Backlogs Release (now unused) set to 150

#4 Updated by Justin Sherrill almost 6 years ago

  • Legacy Backlogs Release (now unused) changed from 150 to 144

#5 Updated by Eric Helms almost 6 years ago

  • Legacy Backlogs Release (now unused) deleted (144)

#6 Updated by Justin Sherrill almost 6 years ago

Would you be able to upload a foreman-debug from just after an install?

We define the selinux policy for this port here: https://github.com/Katello/katello-selinux/blob/475c04c66fbe01bbfba1ab4a9056f95d838dc517/katello.te#L87-L92

Also curious if you still see the issue on katello 3.0. We've not seen this issue before and test with selinux turned on all the time.

#7 Updated by Justin Sherrill almost 6 years ago

  • Status changed from Need more information to Closed
  • Legacy Backlogs Release (now unused) set to 166

Closing this, please reopen if you are still seeing this issue. Thanks!

Also available in: Atom PDF