Bug #14928
closed
Katello-installer fails to install and configure katello/foreman/puppet on centos7.2
Description
Hello,
I'm having issues getting katello installed on a CentOS 7.2 server with selinux enabled. I get the following errors from the execution of:
katello-installer --capsule-bmc="true" --capsule-dhcp="true" --capsule-dhcp-gateway="10.4.15.1" --capsule-dhcp-interface="enp4s0" --capsule-dhcp-range="10.4.15.240 10.4.15.254" --capsule-dns-interface="enp5s0" --foreman-selinux="true"
Could not start Service[httpd]: Execution of '/usr/share/katello-installer/modules/service_wait/bin/service-wait start httpd' returned 1: Redirecting to /bin/systemctl start httpd.service
/Stage[main]/Apache::Service/Service[httpd]/ensure: change from stopped to running failed: Could not start Service[httpd]: Execution of '/usr/share/katello-installer/modules/service_wait/bin/service-wait start httpd' returned 1: Redirecting to /bin/systemctl start httpd.service
/Stage[main]/Foreman::Database/Foreman::Rake[db:seed]/Exec[foreman-rake-db:seed]: Failed to call refresh: /usr/sbin/foreman-rake db:seed returned 1 instead of one of [0]
/Stage[main]/Foreman::Database/Foreman::Rake[db:seed]/Exec[foreman-rake-db:seed]: /usr/sbin/foreman-rake db:seed returned 1 instead of one of [0]
Installing Done [100%] [..................................]
Something went wrong! Check the log for ERROR-level output
The full log is at /var/log/katello-installer/katello-installer.logI see that port 5000, which seems to be the culperit here, is enabled via complex_main_port_t.
[root@il-foreman1 ~]# semanage port -l | grep 5000
commplex_main_port_t tcp 5000
commplex_main_port_t udp 5000
If I setenforce 0 on this server it will install and apache will start up on port 5000.
It really isn't our desire to run this server with selinux disabled or in permissive mode. I've seen reports of this issue with CentOS 6.x and RHEL 6.x but not with 7.
Updated by Eric Helms over 8 years ago
- Status changed from New to Need more information
What version of Katello are you seeing this on?
Updated by Edward Clay over 8 years ago
Eric Helms wrote:
What version of Katello are you seeing this on?
2.4.1-1
katello-2.4.1-1.el7.noarch
Updated by Eric Helms over 8 years ago
- Category set to SElinux
- Translation missing: en.field_release set to 150
Updated by Justin Sherrill over 8 years ago
- Translation missing: en.field_release changed from 150 to 144
Updated by Eric Helms over 8 years ago
- Translation missing: en.field_release deleted (
144)
Updated by Justin Sherrill over 8 years ago
Would you be able to upload a foreman-debug from just after an install?
We define the selinux policy for this port here: https://github.com/Katello/katello-selinux/blob/475c04c66fbe01bbfba1ab4a9056f95d838dc517/katello.te#L87-L92
Also curious if you still see the issue on katello 3.0. We've not seen this issue before and test with selinux turned on all the time.
Updated by Justin Sherrill over 8 years ago
- Status changed from Need more information to Closed
- Translation missing: en.field_release set to 166
Closing this, please reopen if you are still seeing this issue. Thanks!