Bug #7980
closedNIghtly Katello install is failing
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1153943
Description of problem:
NIghtly Foreman install is failing
- rpm -qa | grep foreman
foreman-vmware-1.7.0-0.develop.201410150839gitb948163.el7.noarch
rubygem-hammer_cli_foreman-0.1.3-1.201410151235gitbc8c449.el7.noarch
foreman-1.7.0-0.develop.201410150839gitb948163.el7.noarch
foreman-gce-1.7.0-0.develop.201410150839gitb948163.el7.noarch
ruby193-rubygem-foreman_bootdisk-4.0.0-1.el7.noarch
foreman-postgresql-1.7.0-0.develop.201410150839gitb948163.el7.noarch
ibm-x3650m4-02-vm-02.lab.eng.bos.redhat.com-foreman-proxy-1.0-1.noarch
foreman-compute-1.7.0-0.develop.201410150839gitb948163.el7.noarch
ruby193-rubygem-foreman_hooks-0.3.7-2.el7.noarch
foreman-libvirt-1.7.0-0.develop.201410150839gitb948163.el7.noarch
ruby193-rubygem-foreman_discovery-1.4.0-0.1.rc4.el7.noarch
foreman-proxy-1.7.0-0.develop.201410101404git7961640.el7.noarch
ibm-x3650m4-02-vm-02.lab.eng.bos.redhat.com-foreman-client-1.0-1.noarch
ruby193-rubygem-foreman-tasks-0.6.9-1.el7.noarch
foreman-selinux-1.7.0-0.develop.201409301113git2f345de.el7.noarch
foreman-ovirt-1.7.0-0.develop.201410150839gitb948163.el7.noarch
rubygem-hammer_cli_foreman_tasks-0.0.3-2.201409091410git163c264.git.0.988ca80.el7.noarch
How reproducible:
everytime
Steps to Reproduce:
1 ./setup.rb --skip-installer rhel7
2.katello-installer -d -v --foreman-admin-password=****
3.
Actual results:
katello-installer failed
attached the katello-installer log file
Expected results:
nightly install is successful
Additional info:
Files
Updated by The Foreman Bot about 10 years ago
- Status changed from New to Ready For Testing
- Target version set to 58
- Pull request https://github.com/Katello/katello.org/pull/63 added
- Pull request deleted (
)
Updated by Eric Helms about 10 years ago
- Translation missing: en.field_release set to 14
- Triaged changed from No to Yes
Updated by Anonymous about 10 years ago
It seems that dependencies for crane are missing (it looks like from Brad's comments these are in extras; I ended up pulling EPEL builds from Koji to work around that), but also that there are a couple a selinux denials that break the installer.
foreman-debug attached.
It looks like this is the associated AVC:
type=AVC msg=audit(1414070595.000:1666): avc: denied { name_bind } for pid=5113 comm="httpd" src=5000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:commplex_main_port_t:s0 tclass=tcp_socket
and the policy change required:
module customhttpd 1.0;
require {
type commplex_main_port_t;
type httpd_t;
class tcp_socket name_bind;
}
#============= httpd_t ==============
allow httpd_t commplex_main_port_t:tcp_socket name_bind;
I also had to set 'setsebool -P passenger_can_connect_all on' for:
type=AVC msg=audit(1414071753.847:1923): avc: denied { name_connect } for pid=5499 comm="ruby" dest=5671 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:amqp_port_t:s0 tclass=tcp_socket
which results in:
#!!!! This avc can be allowed using the boolean 'passenger_can_connect_all'
allow passenger_t amqp_port_t:tcp_socket name_connect;
After that I can actually connect to httpd.
Updated by Brad Buckingham almost 10 years ago
- Status changed from Ready For Testing to Closed
Fix merged, closing.