Project

General

Profile

Actions

Bug #7980

closed

NIghtly Katello install is failing

Added by Brad Buckingham about 10 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Installer
Target version:
Difficulty:
Triaged:
Yes
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1153943
Description of problem:
NIghtly Foreman install is failing

Version-Release number of selected component (if applicable):
  1. rpm -qa | grep foreman
    foreman-vmware-1.7.0-0.develop.201410150839gitb948163.el7.noarch
    rubygem-hammer_cli_foreman-0.1.3-1.201410151235gitbc8c449.el7.noarch
    foreman-1.7.0-0.develop.201410150839gitb948163.el7.noarch
    foreman-gce-1.7.0-0.develop.201410150839gitb948163.el7.noarch
    ruby193-rubygem-foreman_bootdisk-4.0.0-1.el7.noarch
    foreman-postgresql-1.7.0-0.develop.201410150839gitb948163.el7.noarch
    ibm-x3650m4-02-vm-02.lab.eng.bos.redhat.com-foreman-proxy-1.0-1.noarch
    foreman-compute-1.7.0-0.develop.201410150839gitb948163.el7.noarch
    ruby193-rubygem-foreman_hooks-0.3.7-2.el7.noarch
    foreman-libvirt-1.7.0-0.develop.201410150839gitb948163.el7.noarch
    ruby193-rubygem-foreman_discovery-1.4.0-0.1.rc4.el7.noarch
    foreman-proxy-1.7.0-0.develop.201410101404git7961640.el7.noarch
    ibm-x3650m4-02-vm-02.lab.eng.bos.redhat.com-foreman-client-1.0-1.noarch
    ruby193-rubygem-foreman-tasks-0.6.9-1.el7.noarch
    foreman-selinux-1.7.0-0.develop.201409301113git2f345de.el7.noarch
    foreman-ovirt-1.7.0-0.develop.201410150839gitb948163.el7.noarch
    rubygem-hammer_cli_foreman_tasks-0.0.3-2.201409091410git163c264.git.0.988ca80.el7.noarch

How reproducible:
everytime

Steps to Reproduce:
1 ./setup.rb --skip-installer rhel7
2.katello-installer -d -v --foreman-admin-password=****
3.

Actual results:
katello-installer failed
attached the katello-installer log file

Expected results:
nightly install is successful

Additional info:


Files

foreman-debug-E8Ug8.tar.xz foreman-debug-E8Ug8.tar.xz 295 KB Anonymous, 10/23/2014 09:39 AM
Actions #1

Updated by The Foreman Bot about 10 years ago

  • Status changed from New to Ready For Testing
  • Target version set to 58
  • Pull request https://github.com/Katello/katello.org/pull/63 added
  • Pull request deleted ()
Actions #2

Updated by Eric Helms about 10 years ago

  • Target version changed from 58 to 59
Actions #3

Updated by Eric Helms about 10 years ago

  • Translation missing: en.field_release set to 14
  • Triaged changed from No to Yes
Actions #4

Updated by Anonymous about 10 years ago

It seems that dependencies for crane are missing (it looks like from Brad's comments these are in extras; I ended up pulling EPEL builds from Koji to work around that), but also that there are a couple a selinux denials that break the installer.

foreman-debug attached.

It looks like this is the associated AVC:
type=AVC msg=audit(1414070595.000:1666): avc: denied { name_bind } for pid=5113 comm="httpd" src=5000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:commplex_main_port_t:s0 tclass=tcp_socket

and the policy change required:
module customhttpd 1.0;

require {
type commplex_main_port_t;
type httpd_t;
class tcp_socket name_bind;
}

#============= httpd_t ==============
allow httpd_t commplex_main_port_t:tcp_socket name_bind;

I also had to set 'setsebool -P passenger_can_connect_all on' for:
type=AVC msg=audit(1414071753.847:1923): avc: denied { name_connect } for pid=5499 comm="ruby" dest=5671 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:amqp_port_t:s0 tclass=tcp_socket

which results in:
#!!!! This avc can be allowed using the boolean 'passenger_can_connect_all'
allow passenger_t amqp_port_t:tcp_socket name_connect;

After that I can actually connect to httpd.

Actions #5

Updated by Eric Helms almost 10 years ago

  • Target version changed from 59 to 61
Actions #6

Updated by Eric Helms almost 10 years ago

  • Target version changed from 61 to 62
Actions #7

Updated by Eric Helms almost 10 years ago

  • Target version changed from 62 to 63
Actions #8

Updated by Brad Buckingham almost 10 years ago

  • Status changed from Ready For Testing to Closed

Fix merged, closing.

Actions

Also available in: Atom PDF