Bug 1014909

Summary: Monitoring : Error closing /etc/NOCpulse.ini: Permission denied
Product: [Community] Spacewalk Reporter: William Brown <william>
Component: ServerAssignee: Michael Mráka <mmraka>
Status: CLOSED DUPLICATE QA Contact: Red Hat Satellite QA List <satqe-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 2.0CC: william
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-10-07 07:08:35 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1484117    
Attachments:
Description Flags
SELinux denials when restarting spacewalk none

Description William Brown 2013-10-03 05:47:13 UTC 
Description of problem:
Enabling monitoring scout throws errors when you attempt a restart of spacewalk.

This is on a freshly installed system of centos and spacewalk. Following https://fedorahosted.org/spacewalk/wiki/HowToInstall on a fully updated CentOS 6 installation. Using embedded postgresql.

After creating the admin, finish system configuration by enabling monitoring, and enabling monitoring scout. Then restart the spacewalk service as directed. Steps to enable monitoring that I followed are here: 

https://access.redhat.com/site/documentation/en-US/Red_Hat_Network_Satellite/5.4/html/Reference_Guide/chap-Reference_Guide-Monitoring.html

[root@spacewalk ~]# /usr/sbin/spacewalk-service restart
Shutting down spacewalk services...
Stopping RHN Taskomatic...
Stopped RHN Taskomatic.
Stopping cobbler daemon:                                   [  OK  ]
Stopping rhn-search...
Stopped rhn-search.
Stopping MonitoringScout ...  
[ OK ]
Stopping Monitoring ...  
[ OK ]
Shutting down osa-dispatcher:                              [  OK  ]
Stopping httpd:                                            [  OK  ]
Stopping tomcat6:                                          [  OK  ]
Terminating jabberd processes ...
Stopping s2s:                                              [  OK  ]
Stopping c2s:                                              [  OK  ]
Stopping sm:                                               [  OK  ]
Stopping router:                                           [  OK  ]
Stopping postgresql service:                               [  OK  ]
Done.
Starting spacewalk services...
Starting postgresql service:                               [  OK  ]
Initializing jabberd processes ...
Starting router:                                           [  OK  ]
Starting sm:                                               [  OK  ]
Starting c2s:                                              [  OK  ]
Starting s2s:                                              [  OK  ]
Starting tomcat6:                                          [  OK  ]
Waiting for tomcat to be ready ...
Starting httpd:                                            [  OK  ]
Starting osa-dispatcher:                                   [  OK  ]
Starting Monitoring ...  
Issuing rollback() due to DESTROY without explicit disconnect() of DBD::Pg::db handle dbname=rhnschema at /etc/rc.d/np.d/SysVStep.pm line 287.
2013-10-03 15:01:23 InstallSoftwareConfig: 	!! Error closing /etc/NOCpulse.ini: Permission denied at /usr/share/perl5/vendor_perl/NOCpulse/NOCpulseini.pm line 75.

	Starting InstallSoftwareConfig ...  [ FAIL ]
2013-10-03 15:01:23 InstallSoftwareConfig: WARNING: STARTED BUT *NOT* RUNNING
2013-10-03 15:01:23 InstallSoftwareConfig: ERRORS ENCOUNTERED DURING LAST ACTION:
2013-10-03 15:01:23 InstallSoftwareConfig: 	!! Error closing /etc/NOCpulse.ini: Permission denied at /usr/share/perl5/vendor_perl/NOCpulse/NOCpulseini.pm line 75.

2013-10-03 15:01:23 Monitoring: 	!! Monitoring configuration load failed
2013-10-03 15:01:23 Monitoring: 	!! Monitoring configuration not loaded - not starting MOC functions!
[ FAIL ]
2013-10-03 15:01:23 Monitoring: WARNING: STARTED BUT *NOT* RUNNING
2013-10-03 15:01:23 Monitoring: ERRORS ENCOUNTERED DURING LAST ACTION:
2013-10-03 15:01:23 Monitoring: 	!! Monitoring configuration load failed
2013-10-03 15:01:23 Monitoring: 	!! Monitoring configuration not loaded - not starting MOC functions!
Starting MonitoringScout ...  
Issuing rollback() due to DESTROY without explicit disconnect() of DBD::Pg::db handle dbname=rhnschema at /etc/rc.d/np.d/SysVStep.pm line 287.
2013-10-03 15:01:24 InstallSoftwareConfig: 	!! Error closing /etc/NOCpulse.ini: Permission denied at /usr/share/perl5/vendor_perl/NOCpulse/NOCpulseini.pm line 75.

	Starting InstallSoftwareConfig ...  [ FAIL ]
2013-10-03 15:01:24 InstallSoftwareConfig: WARNING: STARTED BUT *NOT* RUNNING
2013-10-03 15:01:24 InstallSoftwareConfig: ERRORS ENCOUNTERED DURING LAST ACTION:
2013-10-03 15:01:24 InstallSoftwareConfig: 	!! Error closing /etc/NOCpulse.ini: Permission denied at /usr/share/perl5/vendor_perl/NOCpulse/NOCpulseini.pm line 75.

2013-10-03 15:01:24 MonitoringScout: NOTE: Attempting to start scout without configuration refresh
	Starting NPBootstrap ...  [ OK ]
	Starting SputLite ...  2013-10-03 15:01:25 SputLite: 	!! ERROR FROM SHELL COMMAND: 
2013-10-03 15:01:25 SputLite: 	!! STDOUT: 
2013-10-03 15:01:25 SputLite: 	!! STDERR: 
2013-10-03 15:01:25 SputLite: 	!! EXIT: 3328
[ FAIL ]
2013-10-03 15:01:25 SputLite: WARNING: STARTED BUT *NOT* RUNNING
2013-10-03 15:01:25 SputLite: ERRORS ENCOUNTERED DURING LAST ACTION:
2013-10-03 15:01:25 SputLite: 	!! ERROR FROM SHELL COMMAND: 
2013-10-03 15:01:25 SputLite: 	!! STDOUT: 
2013-10-03 15:01:25 SputLite: 	!! STDERR: 
2013-10-03 15:01:25 SputLite: 	!! EXIT: 3328
	Starting Dequeuer ...  2013-10-03 15:01:27 Dequeuer: 	!! ERROR FROM SHELL COMMAND: 
2013-10-03 15:01:27 Dequeuer: 	!! STDOUT: 
2013-10-03 15:01:27 Dequeuer: 	!! STDERR: 
2013-10-03 15:01:27 Dequeuer: 	!! EXIT: 3328
[ FAIL ]
2013-10-03 15:01:27 Dequeuer: WARNING: STARTED BUT *NOT* RUNNING
2013-10-03 15:01:27 Dequeuer: ERRORS ENCOUNTERED DURING LAST ACTION:
2013-10-03 15:01:27 Dequeuer: 	!! ERROR FROM SHELL COMMAND: 
2013-10-03 15:01:27 Dequeuer: 	!! STDOUT: 
2013-10-03 15:01:27 Dequeuer: 	!! STDERR: 
2013-10-03 15:01:27 Dequeuer: 	!! EXIT: 3328
	Starting Dispatcher ...  2013-10-03 15:01:28 Dispatcher: 	!! ERROR FROM SHELL COMMAND: 
2013-10-03 15:01:28 Dispatcher: 	!! STDOUT: 
2013-10-03 15:01:28 Dispatcher: 	!! STDERR: 
2013-10-03 15:01:28 Dispatcher: 	!! EXIT: 3328
[ FAIL ]
2013-10-03 15:01:28 Dispatcher: WARNING: STARTED BUT *NOT* RUNNING
2013-10-03 15:01:28 Dispatcher: ERRORS ENCOUNTERED DURING LAST ACTION:
2013-10-03 15:01:28 Dispatcher: 	!! ERROR FROM SHELL COMMAND: 
2013-10-03 15:01:28 Dispatcher: 	!! STDOUT: 
2013-10-03 15:01:28 Dispatcher: 	!! STDERR: 
2013-10-03 15:01:28 Dispatcher: 	!! EXIT: 3328
2013-10-03 15:01:28 MonitoringScout: 	!! Monitoring configuration load failed
[ FAIL ]
2013-10-03 15:01:28 MonitoringScout: WARNING: STARTED BUT *NOT* RUNNING
2013-10-03 15:01:28 MonitoringScout: ERRORS ENCOUNTERED DURING LAST ACTION:
2013-10-03 15:01:28 MonitoringScout: 	!! Monitoring configuration load failed
Starting rhn-search...
Starting cobbler daemon:                                   [  OK  ]
Starting RHN Taskomatic...
Done.
[root@spacewalk ~]# ls -al /etc/NOCpulse.ini
-rw-r--r--. 1 root root 8153 Oct  3 15:00 /etc/NOCpulse.ini
[root@spacewalk ~]# ls -alZ /etc/NOCpulse.ini
-rw-r--r--. root root unconfined_u:object_r:etc_t:s0   /etc/NOCpulse.ini


How reproducible:

Always
Comment 1 Michael Mráka 2013-10-04 12:09:59 UTC 
Hello William,

do you have enabled SElinux on spacewalk server by chance?
Are there any AVC denials logged in /var/log/audit/aidit.log?

Monitoring feature in spacewalk is known not to work properly with SElinux set to Enforcing.

Regards,
Michael
Comment 2 William Brown 2013-10-04 23:42:16 UTC 
Created attachment 807990 [details]
SELinux denials when restarting spacewalk

Running setenforce 0, corrects this. Taking the denials above, and putting them through audit2allow also results in a working system. However, many of the contexts used in that are probably not creating great SELinux rules. 

I certainly think that proper SELinux rules should be created for the spacewalk monitoring system.
Comment 3 Michael Mráka 2013-10-07 07:08:35 UTC 
Hello William,

thank you for confirmation. We are already tracking Monitoring + SElinux issue in a different bug so I'm going to close this report and link it to the older one.

Regards,
Michael

*** This bug has been marked as a duplicate of bug 808082 ***
Comment 4 Eric Herget 2017-09-28 18:08:30 UTC 
This BZ closed some time during 2.5, 2.6 or 2.7.  Adding to 2.7 tracking bug.