Bug 1541481
Summary: | [RFE] krb5 support for remote execution job invocations failing on selinux enabled machines. | ||
---|---|---|---|
Product: | Red Hat Satellite | Reporter: | Bryan Kearney <bkearney> |
Component: | Remote Execution | Assignee: | Lukas Zapletal <lzap> |
Status: | CLOSED ERRATA | QA Contact: | Peter Ondrejka <pondrejk> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 6.3.0 | CC: | ahumbe, aperotti, aruzicka, bbuckingham, bkearney, dlobatog, ealcaniz, ehelms, fgarciad, inecas, jcallaha, lzap, mawerner, mmccune, molasaga, pcreech, pondrejk, riehecky, satellite6-bugs, sauchter, spetrosi, vanhoof, zhunting |
Target Milestone: | 6.7.0 | Keywords: | FieldEngineering, FutureFeature, PrioBumpGSS, PrioBumpPM |
Target Release: | Unused | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Known Issue | |
Doc Text: |
If you have SELinux enabled, using Kerberos (KRB) keys instead of RSA keys can cause remote execution jobs to fail.
|
Story Points: | --- |
Clone Of: | 1386266 | Environment: | |
Last Closed: | 2020-04-14 13:22:23 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Comment 1
Mike McCune
2018-03-09 17:01:54 UTC
No, the requested MR was to "make the options for it show up in the installer". This BZ is now about "when I use the options, installer fails on SELinux enabled machines". Workaround A: semanage permissive passenger_t Workaround B: echo -n "module passenger-execmem 1.0;\nallow passenger_t self:process execmem;\n" > passenger-execmem.pp semodule -i passenger-execmem.pp A patch will add this into Satellite 6.7 policy (https://bugzilla.redhat.com/show_bug.cgi?id=1541481 / https://projects.theforeman.org/issues/26951). Upstream bug assigned to lzap Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/26951 has been resolved. Verified on Satellite 6.7 snap 10, installation with --foreman-proxy-plugin-remote-execution-ssh-ssh-kerberos-auth on machine in enforcing SELinux mode succeeds as expected. Also notified docs (via the feedback button) that the first step in https://access.redhat.com/documentation/en-us/red_hat_satellite/6.6/html/managing_hosts/chap-managing_hosts-running_remote_jobs_on_hosts#setting_up_kerberos_authentication_for_remote_execution is no longer needed. (autogenerated bz https://bugzilla.redhat.com/show_bug.cgi?id=1798056) Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:1454 |