Bug #7980
closed
NIghtly Katello install is failing
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1153943
Description of problem:
NIghtly Foreman install is failing
- rpm -qa | grep foreman
foreman-vmware-1.7.0-0.develop.201410150839gitb948163.el7.noarch
rubygem-hammer_cli_foreman-0.1.3-1.201410151235gitbc8c449.el7.noarch
foreman-1.7.0-0.develop.201410150839gitb948163.el7.noarch
foreman-gce-1.7.0-0.develop.201410150839gitb948163.el7.noarch
ruby193-rubygem-foreman_bootdisk-4.0.0-1.el7.noarch
foreman-postgresql-1.7.0-0.develop.201410150839gitb948163.el7.noarch
ibm-x3650m4-02-vm-02.lab.eng.bos.redhat.com-foreman-proxy-1.0-1.noarch
foreman-compute-1.7.0-0.develop.201410150839gitb948163.el7.noarch
ruby193-rubygem-foreman_hooks-0.3.7-2.el7.noarch
foreman-libvirt-1.7.0-0.develop.201410150839gitb948163.el7.noarch
ruby193-rubygem-foreman_discovery-1.4.0-0.1.rc4.el7.noarch
foreman-proxy-1.7.0-0.develop.201410101404git7961640.el7.noarch
ibm-x3650m4-02-vm-02.lab.eng.bos.redhat.com-foreman-client-1.0-1.noarch
ruby193-rubygem-foreman-tasks-0.6.9-1.el7.noarch
foreman-selinux-1.7.0-0.develop.201409301113git2f345de.el7.noarch
foreman-ovirt-1.7.0-0.develop.201410150839gitb948163.el7.noarch
rubygem-hammer_cli_foreman_tasks-0.0.3-2.201409091410git163c264.git.0.988ca80.el7.noarch
How reproducible:
everytime
Steps to Reproduce:
1 ./setup.rb --skip-installer rhel7
2.katello-installer -d -v --foreman-admin-password=****
3.
Actual results:
katello-installer failed
attached the katello-installer log file
Expected results:
nightly install is successful
Additional info:
Files
Updated by The Foreman Bot over 9 years ago
- Status changed from New to Ready For Testing
- Target version set to 58
- Pull request https://github.com/Katello/katello.org/pull/63 added
- Pull request deleted (
)
Updated by Eric Helms over 9 years ago
- translation missing: en.field_release set to 14
- Triaged changed from No to Yes
Updated by Anonymous over 9 years ago
It seems that dependencies for crane are missing (it looks like from Brad's comments these are in extras; I ended up pulling EPEL builds from Koji to work around that), but also that there are a couple a selinux denials that break the installer.
foreman-debug attached.
It looks like this is the associated AVC:
type=AVC msg=audit(1414070595.000:1666): avc: denied { name_bind } for pid=5113 comm="httpd" src=5000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:commplex_main_port_t:s0 tclass=tcp_socket
and the policy change required:
module customhttpd 1.0;
require {
type commplex_main_port_t;
type httpd_t;
class tcp_socket name_bind;
}
#============= httpd_t ==============
allow httpd_t commplex_main_port_t:tcp_socket name_bind;
I also had to set 'setsebool -P passenger_can_connect_all on' for:
type=AVC msg=audit(1414071753.847:1923): avc: denied { name_connect } for pid=5499 comm="ruby" dest=5671 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:amqp_port_t:s0 tclass=tcp_socket
which results in:
#!!!! This avc can be allowed using the boolean 'passenger_can_connect_all'
allow passenger_t amqp_port_t:tcp_socket name_connect;
After that I can actually connect to httpd.
Updated by Brad Buckingham over 9 years ago
- Status changed from Ready For Testing to Closed
Fix merged, closing.