Bug 1217828

Summary: qpid-dispatch-0.4-4 runs under non-root account and has no access to PKI files
Product: Red Hat Satellite Reporter: Mike McCune <mmccune>
Component: katello-agentAssignee: Eric Helms <ehelms>
Status: CLOSED CURRENTRELEASE QA Contact: sthirugn <sthirugn>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 6.1.0CC: jyejare, sthirugn
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
URL: http://projects.theforeman.org/issues/10350
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-08-12 14:00:37 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1129393, 1208678    

Description Mike McCune 2015-05-01 19:43:29 UTC 
Previous versions of qpid-dispatch ran as root and could read the files in:

/etc/pki/katello/certs/*

the latest version now runs with the user qpidd and can no longer read the files necessary.

We either need to change the user qpid-dispatch runs under or adjust permissions to allow reading of these files by that user.
Comment 1 Mike McCune 2015-05-01 19:44:14 UTC 
The net result of qpid-dispatch fails to run and is totally non-functional.
Comment 3 Mike McCune 2015-05-01 20:40:15 UTC 
WORKAROUND:

# chgrp qdrouterd /etc/pki/katello/qpid_router*
# systemctl qdrouterd restart
Comment 4 Mike McCune 2015-05-01 20:46:51 UTC 
WORKAROUND CORRECTED:

# chgrp qdrouterd /etc/pki/katello/qpid_router*
# systemctl restart qdrouterd
Comment 5 Mike McCune 2015-05-01 20:55:47 UTC 
Created redmine issue http://projects.theforeman.org/issues/10350 from this bug
Comment 6 sthirugn@redhat.com 2015-05-01 20:56:49 UTC 
(In reply to Mike McCune from comment #4)
> WORKAROUND CORRECTED:
> 
> # chgrp qdrouterd /etc/pki/katello/qpid_router*
> # systemctl restart qdrouterd

Tested with workaround and it worked fine.
Comment 7 Bryan Kearney 2015-05-04 18:06:34 UTC 
Moving to POST since upstream bug http://projects.theforeman.org/issues/10350 has been closed
-------------
Eric Helms
Applied in changeset commit:katello-installer|9cd16f03f79fa1f26bc155d6dd94ad321f73a191.
Comment 9 Jitendra Yejare 2015-05-06 13:56:22 UTC 
*** Bug 1218988 has been marked as a duplicate of this bug. ***
Comment 10 sthirugn@redhat.com 2015-05-11 17:14:22 UTC 
Verified.

Sat 6.1 GA Snap 3 Compose 2.

Verification steps:
1. Register a content host to Satellite. Monitor /var/log/messages for any qpid errors (or any related errors) - PASS
2. Install an errata on the content host via satellite web UI - PASS
Comment 11 Bryan Kearney 2015-08-11 13:26:01 UTC 
This bug is slated to be released with Satellite 6.1.
Comment 12 Bryan Kearney 2015-08-12 14:00:37 UTC 
This bug was fixed in version 6.1.1 of Satellite which was released on 12 August, 2015.