Bug 1024113

Summary: httpd ajp proxy fails after engine-backup --mode=restore
Product: Red Hat Enterprise Virtualization Manager Reporter: Yedidyah Bar David <didi>
Component: ovirt-engine-setupAssignee: Yedidyah Bar David <didi>
Status: CLOSED NOTABUG QA Contact: Jiri Belka <jbelka>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 3.3.0CC: acathrow, bazulay, dfediuck, iheim, oschreib, Rhev-m-bugs, sbonazzo, yeylon
Target Milestone: ---   
Target Release: 3.3.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: integration
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-11-12 14:48:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Yedidyah Bar David 2013-10-28 21:22:01 UTC 
Description of problem:

engine-backup --mode=restore does not let httpd access the network in selinux,
as does engine-setup. This means that on a system where engine-setup was never
ran, httpd fails to connect to the engine.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Install a new system, install rhevm
2. copy some backup file from another system
3. restore it with engine-backup --mode=restore
4. start the engine, restart apache
5. Connect with a web browser to the web admin

Actual results:

apache fails, with this in the error log:

[Mon Oct 28 23:10:06 2013] [error] (13)Permission denied: proxy: AJP: attempt to connect to 127.0.0.1:8702 (127.0.0.1) failed
[Mon Oct 28 23:10:06 2013] [error] ap_proxy_connect_backend disabling worker for (127.0.0.1)
[Mon Oct 28 23:10:06 2013] [error] proxy: AJP: failed to make connection to backend: 127.0.0.1


Expected results:

apache should succeed

Additional info:

To fix, I ran:

semanage boolean --modify --on httpd_can_network_connect
Comment 1 Yedidyah Bar David 2013-11-12 14:39:34 UTC 
We decided to "solve" this by requiring the user to run 'engine-setup' (which will do an upgrade) after restore.
Comment 2 Yedidyah Bar David 2013-11-12 14:48:47 UTC 
See http://www.ovirt.org/Migrate_to_Hosted_Engine for an example on how to do that.