Project

General

Custom queries

Profile

Actions
Copy link

Bug #7980

closed

NIghtly Katello install is failing

Added by Brad Buckingham over 10 years ago. Updated almost 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Installer
Target version:
Katello 2.1
Difficulty:
Triaged:
Yes
Bugzilla link:
1153943
Pull request:
https://github.com/Katello/katello.org/pull/63
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1153943
Description of problem:
NIghtly Foreman install is failing

Version-Release number of selected component (if applicable):
  1. rpm -qa | grep foreman
    foreman-vmware-1.7.0-0.develop.201410150839gitb948163.el7.noarch
    rubygem-hammer_cli_foreman-0.1.3-1.201410151235gitbc8c449.el7.noarch
    foreman-1.7.0-0.develop.201410150839gitb948163.el7.noarch
    foreman-gce-1.7.0-0.develop.201410150839gitb948163.el7.noarch
    ruby193-rubygem-foreman_bootdisk-4.0.0-1.el7.noarch
    foreman-postgresql-1.7.0-0.develop.201410150839gitb948163.el7.noarch
    ibm-x3650m4-02-vm-02.lab.eng.bos.redhat.com-foreman-proxy-1.0-1.noarch
    foreman-compute-1.7.0-0.develop.201410150839gitb948163.el7.noarch
    ruby193-rubygem-foreman_hooks-0.3.7-2.el7.noarch
    foreman-libvirt-1.7.0-0.develop.201410150839gitb948163.el7.noarch
    ruby193-rubygem-foreman_discovery-1.4.0-0.1.rc4.el7.noarch
    foreman-proxy-1.7.0-0.develop.201410101404git7961640.el7.noarch
    ibm-x3650m4-02-vm-02.lab.eng.bos.redhat.com-foreman-client-1.0-1.noarch
    ruby193-rubygem-foreman-tasks-0.6.9-1.el7.noarch
    foreman-selinux-1.7.0-0.develop.201409301113git2f345de.el7.noarch
    foreman-ovirt-1.7.0-0.develop.201410150839gitb948163.el7.noarch
    rubygem-hammer_cli_foreman_tasks-0.0.3-2.201409091410git163c264.git.0.988ca80.el7.noarch

How reproducible:
everytime

Steps to Reproduce:
1 ./setup.rb --skip-installer rhel7
2.katello-installer -d -v --foreman-admin-password=****
3.

Actual results:
katello-installer failed
attached the katello-installer log file

Expected results:
nightly install is successful

Additional info:

Files

foreman-debug-E8Ug8.tar.xz foreman-debug-E8Ug8.tar.xz 295 KB Anonymous, 10/23/2014 09:39 AM
Actions
Copy link
 #4

Updated by Anonymous over 10 years ago

It seems that dependencies for crane are missing (it looks like from Brad's comments these are in extras; I ended up pulling EPEL builds from Koji to work around that), but also that there are a couple a selinux denials that break the installer.

foreman-debug attached.

It looks like this is the associated AVC:
type=AVC msg=audit(1414070595.000:1666): avc: denied { name_bind } for pid=5113 comm="httpd" src=5000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:commplex_main_port_t:s0 tclass=tcp_socket

and the policy change required:
module customhttpd 1.0;

require {
type commplex_main_port_t;
type httpd_t;
class tcp_socket name_bind;
}

#============= httpd_t ==============
allow httpd_t commplex_main_port_t:tcp_socket name_bind;

I also had to set 'setsebool -P passenger_can_connect_all on' for:
type=AVC msg=audit(1414071753.847:1923): avc: denied { name_connect } for pid=5499 comm="ruby" dest=5671 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:amqp_port_t:s0 tclass=tcp_socket

which results in:
#!!!! This avc can be allowed using the boolean 'passenger_can_connect_all'
allow passenger_t amqp_port_t:tcp_socket name_connect;

After that I can actually connect to httpd.

Actions
Copy link
 #8

Updated by Brad Buckingham over 10 years ago

  • Status changed from Ready For Testing to Closed

Fix merged, closing.

Actions
Copy link

Also available in: Atom PDF