Bug 1358564
| Summary: | Enforcing SELinux doesn't allow to create a RH repo | ||
|---|---|---|---|
| Product: | Red Hat Update Infrastructure for Cloud Providers | Reporter: | Irina Gulina <igulina> |
| Component: | Tools | Assignee: | RHUI Bug List <rhui-bugs> |
| Status: | CLOSED ERRATA | QA Contact: | Irina Gulina <igulina> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 3.0.0 | CC: | pcreech |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-03-01 22:12:24 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1296237, 1308349, 1344037, 1349361 | ||
Based on the output of semodule -l, it appears the rh-rhua selinux policy is not getting loaded on RHEL-6 environments. RHEL-6: RHEL-7: remotelogin 1.7.0 │remotelogin 1.8.0 rhcs 1.1.0 │rh-rhua 0.1.12.1 rhev 1.0 │rhcs 1.2.1 This is due to a requires issue for 'type_unreserved_port_t', which didn't get created for selinux till after RHEL-6 was released. on RHEL6 iso 20160727 The following products will be deployed: Beta RHEL RHUI Everything 7 Debug Proceed? (y/n) y >> semodule -l | grep rh rh-rhua 0.1.13.1 rhcs 1.1.0 rhev 1.0 rhgb 1.9.0 rhnsd 1.0.0 rhsmcertd 1.0.0 userhelper 1.5.0 >> getenforce Enforcing >> adding RH repo: Importing Beta RHEL RHUI Everything 7 Debug... Importing product repository Beta RHEL RHUI Everything 7 Debug (x86_64)... Failed to create the beta-rhel-rhui-everything-7-debug-x86_64 repository for the following reason: HTTP 500 [Errno 13] Permission denied: '/var/lib/pulp/importers'. >> less /var/log/httpd/pulp-https_access_ssl.log 10.86.173.111 - - [28/Jul/2016:07:27:14 -0400] "POST /pulp/api/v2/repositories/ HTTP/1.1" 500 2958 "-" "-" 10.86.173.111 - - [28/Jul/2016:07:28:00 -0400] "GET /pulp/api/v2/repo_groups/redhat/ HTTP/1.1" 404 385 "-" "-" 10.86.173.111 - - [28/Jul/2016:07:28:17 -0400] "GET /pulp/api/v2/repositories/ HTTP/1.1" 200 752 "-" "-" 10.86.173.111 - - [28/Jul/2016:07:28:17 -0400] "POST /pulp/api/v2/repositories/ HTTP/1.1" 500 2958 "-" "-" 10.86.173.111 - - [28/Jul/2016:07:45:51 -0400] "PUT /pulp/api/v2/users/admin/ HTTP/1.1" 200 160 "-" "-" 10.86.173.111 - - [28/Jul/2016:07:46:02 -0400] "POST /pulp/api/v2/actions/login/ HTTP/1.1" 200 1926 "-" "-" No error is displayed in ./.rhui/rhui.log --------------------------------------------------- with Permissive SELinux, evrth is ok: The following products will be deployed: Red Hat Enterprise Linux Update Infrastructure VSA RHEL 6.1 (RPMS) Red Hat Enterprise Linux Update Infrastructure VSA RHEL 6.1 (SRPMS) Red Hat Storage 2 VSA Beta (Debug RPMs) from RHUI Red Hat Storage 2 VSA Beta (RPMs) from RHUI Red Hat Storage 2 VSA Beta (Source RPMs) from RHUI Red Hat Storage 2.0 (RPMs) for RHUI Proceed? (y/n) y Importing Red Hat Enterprise Linux Update Infrastructure VSA RHEL 6.1 (RPMS)... Importing product repository Red Hat Enterprise Linux Update Infrastructure VSA RHEL 6.1 (RPMS) (x86_64)... Importing Red Hat Enterprise Linux Update Infrastructure VSA RHEL 6.1 (SRPMS)... Importing product repository Red Hat Enterprise Linux Update Infrastructure VSA RHEL 6.1 (SRPMS) (x86_64)... Importing Red Hat Storage 2 VSA Beta (Debug RPMs) from RHUI... Importing product repository Red Hat Storage 2 VSA Beta (Debug RPMs) from RHUI (x86_64)... Importing Red Hat Storage 2 VSA Beta (RPMs) from RHUI... Importing product repository Red Hat Storage 2 VSA Beta (RPMs) from RHUI (x86_64)... Importing Red Hat Storage 2 VSA Beta (Source RPMs) from RHUI... Importing product repository Red Hat Storage 2 VSA Beta (Source RPMs) from RHUI (x86_64)... Importing Red Hat Storage 2.0 (RPMs) for RHUI... Importing product repository Red Hat Storage 2.0 (RPMs) for RHUI (x86_64)... Content will not be downloaded to the newly imported repositories until the next sync is run. ------------------------------------------------------------------------------ rhui (repo) => l Custom Repositories protected_repo1 unprotected_repo1 Red Hat Repositories Red Hat Storage 2 VSA Beta (Debug RPMs) from RHUI (x86_64) Red Hat Storage 2 VSA Beta (RPMs) from RHUI (x86_64) Red Hat Storage 2 VSA Beta (Source RPMs) from RHUI (x86_64) Red Hat Storage 2.0 (RPMs) for RHUI (x86_64) Red Hat Enterprise Linux Update Infrastructure VSA RHEL 6.1 (RPMS) (x86_64) Red Hat Enterprise Linux Update Infrastructure VSA RHEL 6.1 (SRPMS) (x86_64) RH repo creation works fine on RHEL6 and RHEL7 ISOes 20160823, checked for NFS and Gluster
On RHEL6.8, Gluster:
Enter value (1-196) to toggle selection, 'c' to confirm selections, or '?' for more commands: 123-124
Select the product repositories to be deployed to the RHUI (only undeployed
products are displayed):
....
The following product repositories will be deployed:
RHUI RHEL 6 (resilientstorage debug)
RHUI RHEL 6 (resilientstorage debug) (6Server-i386) (Yum)
RHUI RHEL 6 (resilientstorage debug) (6Server-x86_64) (Yum)
Proceed? (y/n) y
Importing product repository RHUI RHEL 6 (resilientstorage debug) (6Server-i386)...
Importing product repository RHUI RHEL 6 (resilientstorage debug) (6Server-x86_64)...
Content will not be downloaded to the newly imported repositories
until the next sync is run.
------------------------------------------------------------------------------
rhui (repo) => l
Custom Repositories
protected_repo1
unprotected_repo1
Red Hat Repositories
RHUI RHEL 6 (resilientstorage debug) (6Server-i386)
RHUI RHEL 6 (resilientstorage debug) (6Server-x86_64)
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:0367 |
Description of problem: Enforcing SELinux doesn't allow to create a RH repo returning the permissions error. Version-Release number of selected component (if applicable): RHEL6 iso 20160791. It's not an issue on RHEL7 How reproducible: always Steps to Reproduce: 1. upload a cert 2. attempt to create a Red Hat repo 3. get the error Actual results: When SELinux is Permissive, evrth is OK: >> rhui (repo) => a Determining undeployed products... ... product list calculated Import Repositories: 1 - All in Certificate 2 - By Product 3 - By Repository Enter value (1-3) or 'b' to abort: 3 ..... Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) (Debug RPMs) from RHUI x 415: Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) (Debug RPMs) from RHUI (7Server-x86_64) (Yum) Enter value (1-415) to toggle selection, 'c' to confirm selections, or '?' for more commands: c The following product repositories will be deployed: Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) (Debug RPMs) from RHUI Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) (Debug RPMs) from RHUI (7Server-x86_64) (Yum) Proceed? (y/n) y Importing product repository Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) (Debug RPMs) from RHUI (7Server-x86_64)... Content will not be downloaded to the newly imported repositories until the next sync is run. ------------------------------------------------------------------------------ rhui (repo) => l Custom Repositories protected_repo selinux_repo unprotected_repo Red Hat Repositories Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) (Debug RPMs) from RHUI (7Server-x86_64) When SELinux is Enforcing: ..... Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) (Debug RPMs) from RHUI x 415: Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) (Debug RPMs) from RHUI (7Server-x86_64) (Yum) Enter value (1-415) to toggle selection, 'c' to confirm selections, or '?' for more commands: c The following product repositories will be deployed: Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) (Debug RPMs) from RHUI Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) (Debug RPMs) from RHUI (7Server-x86_64) (Yum) Proceed? (y/n) y Importing product repository Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) (Debug RPMs) from RHUI (7Server-x86_64)... Failed to create the rhel-rs-for-rhel-7-server-rhui-debug-rpms-7Server-x86_64 repository for the following reason: HTTP 500 [Errno 13] Permission denied: '/var/lib/pulp/importers/rhel-rs-for-rhel-7-server-rhui-debug-rpms-7Server-x86_64-yum_importer/pki/ca.crt'. 2016-07-20 13:05:43,467 - Unexpected error caught at the shell level Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/rhui/tools/shell.py", line 88, in safe_listen self.listen(clear=first_run) File "/usr/lib/python2.6/site-packages/rhui/tools/shell.py", line 122, in listen Shell.listen(self) File "/usr/lib/python2.6/site-packages/rhui/common/shell.py", line 186, in listen item.func(*args, **item.kwargs) File "/usr/lib/python2.6/site-packages/rhui/tools/screens/repo.py", line 650, in upload self.pulp.upload(repo_ids, rpm) File "/usr/lib/python2.6/site-packages/rhui/tools/pulp_api.py", line 850, in upload upload_id = self.upload_api.initialize_upload().response_body['upload_id'] File "/usr/lib/python2.6/site-packages/pulp/bindings/upload.py", line 14, in initialize_upload return self.server.POST(url) File "/usr/lib/python2.6/site-packages/pulp/bindings/server.py", line 100, in POST log_request_body=log_request_body, ignore_prefix=ignore_prefix) File "/usr/lib/python2.6/site-packages/pulp/bindings/server.py", line 166, in _request self._handle_exceptions(response_code, response_body) File "/usr/lib/python2.6/site-packages/pulp/bindings/server.py", line 204, in _handle_exceptions raise exceptions.PulpServerException(response_body) PulpServerException: RequestException: POST request on /pulp/api/v2/content/uploads/ failed with 500 - [Errno 13] Permission denied: '/var/lib/pulp/uploads/4c723950-a574-4ecd-a58e-62ad621a40f7' 2016-07-20 20:39:43,993 - Connecting to RHUA [rhua.eu-west-1.compute.internal]... 2016-07-20 20:39:43,997 - Successfully connected to [rhua.eu-west-1.compute.internal] Expected results: A RH repo can be created with Enforcing SELinux.