Bug 1182760
Summary: | pulp-celery optional puppet SELinux policy doesn't have enough permissions for symlinks | ||
---|---|---|---|
Product: | [Retired] Pulp | Reporter: | Dennis Kliban <dkliban> |
Component: | z_other | Assignee: | Dennis Kliban <dkliban> |
Status: | CLOSED UPSTREAM | QA Contact: | pulp-qe-list |
Severity: | medium | Docs Contact: | |
Priority: | high | ||
Version: | Master | CC: | skarmark |
Target Milestone: | --- | Keywords: | Triaged |
Target Release: | 2.6.1 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-02-28 23:19:29 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Dennis Kliban
2015-01-15 20:26:38 UTC
The steps to reproduce this are the following: 1. Download the example puppet module that contains a symlink wget https://repos.fedorapeople.org/repos/pulp/pulp/demo_repos/puppet_symlink/examplecorp-mymodule-0.1.0.tar.gz 2. Create directory to publish to sudo mkdir -p /etc/puppet/myforges/fakeforge sudo chown -R apache:apache /etc/puppet/myforges 3. Create repo pulp-admin puppet repo create --repo-id=fakeforge 4. Upload the example module pulp-admin puppet repo uploads upload --file examplecorp-mymodule-0.1.0.tar.gz --repo-id fakeforge 5. Run the following script: from pulp.common import pic pic.connect() pic.POST('/v2/repositories/fakeforge/distributors/', {'distributor_type_id':'puppet_install_distributor', 'distributor_id':'puppet_tmp_install_distributor', 'auto_publish': False, 'distributor_config': {'install_path':'/etc/puppet/myforges/fakeforge'}}) pic.connect() pic.POST('/pulp/api/v2/repositories/fakeforge/actions/publish/', {'id': "puppet_tmp_install_distributor"}) 6. Run the above script again. The second time you run this script it fails cause it can't remove a symlink due to an SELinux permission problem. I have also updated documentation for configuring pulp_puppet https://github.com/pulp/pulp_puppet/pull/163/ Updated the PR to be against 2.6-dev https://github.com/pulp/pulp/pull/1648 https://github.com/pulp/pulp_puppet/pull/164/ Moved to https://pulp.plan.io/issues/663 |