Bug 1191299
| Summary: | Satellite installation selinux misconfiguration | ||
|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Chris Roberts <chrobert> |
| Component: | SELinux | Assignee: | Lukas Zapletal <lzap> |
| Status: | CLOSED DUPLICATE | QA Contact: | Katello QA List <katello-qa-list> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | Nightly | CC: | ssekidde |
| Target Milestone: | Unspecified | ||
| Target Release: | Unused | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-02-16 09:28:13 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Since this issue was entered in Red Hat Bugzilla, the release flag has been set to ? to ensure that it is properly evaluated for this release. Hello, Satellite SELinux policy not yet support http(s) proxy via boolean. The workaround is to assign the port to the Satellite port type (3128, 3401, 4827, 8181 - depending on the port the customer use): semanage port -a -t foreman_proxy_port_t -p tcp 8181 We will be shipping Release Notes for Satellite 6.1 with this information. *** This bug has been marked as a duplicate of bug 1177377 *** |
Description of problem: After Satellite 6.0 installation, using katello-install script, pulp could not connect with cdn.redhat.com and there was no way to synchronize repositories. To correct this issue you need to set seboolean passenger_can_connect_all to on: # setsebool -P passenger_can_connect_all on Version-Release number of selected component (if applicable): Installed Packages candlepin-0.9.23.1-1.el7.noarch candlepin-common-1.0.1-1.el7.noarch candlepin-guice-3.0-2_redhat_1.el7.noarch candlepin-scl-1-5.el7.noarch candlepin-scl-quartz-2.1.5-6.el7.noarch candlepin-scl-rhino-1.7R3-3.el7.noarch candlepin-scl-runtime-1-5.el7.noarch candlepin-selinux-0.9.23.1-1.el7.noarch candlepin-tomcat-0.9.23.1-1.el7.noarch elasticsearch-0.90.10-6.el7sat.noarch katello-1.5.0-30.el7sat.noarch katello-certs-tools-1.5.6-1.el7sat.noarch katello-default-ca-1.0-1.noarch katello-installer-0.0.67-1.el7sat.noarch katello-server-ca-1.0-1.noarch pulp-admin-client-2.4.4-1.el7sat.noarch pulp-katello-0.3-4.el7sat.noarch pulp-nodes-common-2.4.4-1.el7sat.noarch pulp-nodes-parent-2.4.4-1.el7sat.noarch pulp-puppet-plugins-2.4.4-1.el7sat.noarch pulp-puppet-tools-2.4.4-1.el7sat.noarch pulp-rpm-admin-extensions-2.4.4-1.1.el7sat.noarch pulp-rpm-plugins-2.4.4-1.1.el7sat.noarch pulp-selinux-2.4.4-1.el7sat.noarch pulp-server-2.4.4-1.el7sat.noarch python-gofer-qpid-1.3.0-1.el7sat.noarch python-isodate-0.5.0-1.pulp.el7sat.noarch python-kombu-3.0.15-12.pulp.el7sat.noarch python-pulp-bindings-2.4.4-1.el7sat.noarch python-pulp-client-lib-2.4.4-1.el7sat.noarch python-pulp-common-2.4.4-1.el7sat.noarch python-pulp-puppet-common-2.4.4-1.el7sat.noarch python-pulp-rpm-common-2.4.4-1.1.el7sat.noarch python-qpid-0.22-15.el7.noarch python-qpid-qmf-0.22-37.el7.x86_64 qpid-cpp-client-0.22-42.el7.x86_64 qpid-cpp-server-0.22-42.el7.x86_64 qpid-cpp-server-linearstore-0.22-42.el7.x86_64 qpid-java-client-0.22-7.el7.noarch qpid-java-common-0.22-7.el7.noarch qpid-proton-c-0.7-2.el7.x86_64 qpid-qmf-0.22-37.el7.x86_64 qpid-tools-0.22-13.el7.noarch ruby193-rubygem-katello-1.5.0-93.el7sat.noarch rubygem-hammer_cli_katello-0.0.4-14.el7sat.noarch rubygem-smart_proxy_pulp-1.0.1-1.1.el7sat.noarch satellite1.released-el7.satellite.lab.eng.rdu2.redhat.com-qpid-broker-1.0-1.noarch satellite1.released-el7.satellite.lab.eng.rdu2.redhat.com-qpid-client-cert-1.0-1.noarch How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: pulp could not connect with cdn.redhat.com and there was no way to synchronize repositories. Expected results: Be able to sync repos and katello set this when doing the installer script Additional info: To correct this issue you need to set seboolean passenger_can_connect_all to on: # setsebool -P passenger_can_connect_all on