745149 – configserver requires selinux in disable/permissive mode

Bug 745149 - configserver requires selinux in disable/permissive mode

Summary: configserver requires selinux in disable/permissive mode

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	CloudForms Cloud Engine
Classification:	Retired
Component:	aeolus-configserver
Sub Component:
Version:	1.0.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Assignee:	Greg Blomquist
QA Contact:	dgao
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-10-11 14:06 UTC by dgao
Modified:	2012-05-15 20:50 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-05-15 20:50:15 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHEA-2012:0585	0	normal	SHIPPED_LIVE	new packages: aeolus-configserver	2012-05-15 22:31:37 UTC

Description dgao 2011-10-11 14:06:46 UTC

config server will return "Service Temporarily Unavailable" when checking for https://CONFIG_SERVER_ADDR/version if selinux=Enforcing

When selinux=permissive/disable, it returns the version xml. 

Note: This is an rpm install.

Comment 2 Greg Blomquist 2011-11-14 16:45:04 UTC

I have a patch for this bug.  But, it may introduce a timing issue with the aeolus-configserver-setup-httpd script (i.e., the underlying puppet modules may now have a dependency problem).  

I'll have to figure out how to resolve that, but I'm gonna post the patch for this to resolve this bug.

The work-around for the dependency bug in the setup script is to simply start httpd if it's not running after puppet finishes.

So:

#> aeolus-configserver-setup-httpd
blah blah
puppet
puppet complains that /sbin/service httpd graceful returned 1 instead of 0
puppet

#> service httpd start
Starting httpd:                [ OK ]

Comment 3 Greg Blomquist 2011-11-14 17:53:12 UTC

Patch posted and pushed to audrey repo.

New RPM version (not yet built for conductor testing repo)

aeolus-configserver-0.4.0-4
aeolus-configserver-proxy-0.4.0-4

https://fedorahosted.org/pipermail/aeolus-devel/2011-November/006644.html

Comment 4 dgao 2011-11-15 23:18:42 UTC

[root@configserver-qe-nightly httpd]# yum info aeolus-configserver
Installed Packages
Name        : aeolus-configserver
Arch        : noarch
Version     : 0.4.1
Release     : 1.fc15
Size        : 65 k
Repo        : installed
From repo   : aeolus-configserver
Summary     : The Aeolus Config Server
URL         : http://aeolusproject.org
License     : GPLv2+ and MIT and BSD
Description : The Aeolus Config Server, a service for storing and retrieving VM
            : configurations.

w/ selinux set to Enforcing, a 503 is returned when hitting https://{configserver}/version

w/ selinux set to Permissive, the file returns.

Comment 5 dgao 2011-11-17 23:45:43 UTC

Running aeolus-configserver-setup-httpd w/ Enforcing selinux policy would add set the right sebool. This would enable configserver to run w/ selinux turned on. 

hitting https://{configserver}/version would also return the proper xml. 

Verified

Comment 6 wes hayutin 2011-11-28 01:17:32 UTC

removing bugs from ce-sprint from the tracker.. you can find these bugs by querying the "qa whiteboard" for ce-sprint-60

Comment 8 errata-xmlrpc 2012-05-15 20:50:15 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2012-0585.html

Note You need to log in before you can comment on or make changes to this bug.