config server will return "Service Temporarily Unavailable" when checking for https://CONFIG_SERVER_ADDR/version if selinux=Enforcing When selinux=permissive/disable, it returns the version xml. Note: This is an rpm install.
I have a patch for this bug. But, it may introduce a timing issue with the aeolus-configserver-setup-httpd script (i.e., the underlying puppet modules may now have a dependency problem). I'll have to figure out how to resolve that, but I'm gonna post the patch for this to resolve this bug. The work-around for the dependency bug in the setup script is to simply start httpd if it's not running after puppet finishes. So: #> aeolus-configserver-setup-httpd blah blah puppet puppet complains that /sbin/service httpd graceful returned 1 instead of 0 puppet #> service httpd start Starting httpd: [ OK ]
Patch posted and pushed to audrey repo. New RPM version (not yet built for conductor testing repo) aeolus-configserver-0.4.0-4 aeolus-configserver-proxy-0.4.0-4 https://fedorahosted.org/pipermail/aeolus-devel/2011-November/006644.html
[root@configserver-qe-nightly httpd]# yum info aeolus-configserver Installed Packages Name : aeolus-configserver Arch : noarch Version : 0.4.1 Release : 1.fc15 Size : 65 k Repo : installed From repo : aeolus-configserver Summary : The Aeolus Config Server URL : http://aeolusproject.org License : GPLv2+ and MIT and BSD Description : The Aeolus Config Server, a service for storing and retrieving VM : configurations. w/ selinux set to Enforcing, a 503 is returned when hitting https://{configserver}/version w/ selinux set to Permissive, the file returns.
Running aeolus-configserver-setup-httpd w/ Enforcing selinux policy would add set the right sebool. This would enable configserver to run w/ selinux turned on. hitting https://{configserver}/version would also return the proper xml. Verified
removing bugs from ce-sprint from the tracker.. you can find these bugs by querying the "qa whiteboard" for ce-sprint-60
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2012-0585.html