Bug 1659678
| Summary: | Grafana unable to fetch data after updating graphite-web to 1.x.x | ||
|---|---|---|---|
| Product: | [Red Hat Storage] Red Hat Gluster Storage | Reporter: | gowtham <gshanmug> |
| Component: | web-admin-tendrl-selinux | Assignee: | Timothy Asir <tjeyasin> |
| Status: | CLOSED ERRATA | QA Contact: | Daniel Horák <dahorak> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rhgs-3.4 | CC: | dahorak, mbukatov, nthomas, rcyriac, sankarshan, sds-qe-bugs |
| Target Milestone: | --- | Keywords: | ZStream |
| Target Release: | RHGS 3.4.z Batch Update 3 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | tendrl-selinux-1.5.4-3.el7rhgs | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-02-04 07:43:46 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1658702 | ||
It failed to show the graphical data due to denied access for the link files by the selinux.
The following are the selinux log:
type=AVC msg=audit(1544435268.923:7161): avc: denied { read } for pid=5701 comm="httpd" name="7167366d-26be-4bd5-9662-d6e6fc798480" dev="vda1" ino=923681 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:carbon_var_lib_t:s0 tclass=lnk_file permissive=0
Fix patch sent to upstream: https://github.com/Tendrl/tendrl-selinux/pull/11
This change is necessary because of BZ 1658702. It will be tested via regression testing for update and installation scenarios. Tested on both freshly installed (RHGS WA 3.4.3) and updated (from RHGS WA
3.4.2 to 3.4.3) cluster.
Monitoring data are available on the dashboards as expected.
No AVC denial message related to httpd is in audit.log
# cat /var/log/audit/audit.log | grep AVC | grep httpd
#
Versions of related packages:
carbon-selinux-1.5.4-3.el7rhgs.noarch
graphite-web-1.1.4-1.el7rhgs.noarch
python2-django-1.11.15-1.1.el7rhgs.noarch
python-cachetools-1.0.3-1.1.el7rhgs.noarch
python-carbon-1.1.4-1.el7rhgs.noarch
python-django-tagging-0.4.6-1.el7rhgs.noarch
python-scandir-1.3-1.el7rhgs.x86_64
python-whisper-1.1.4-1.el7rhgs.noarch
tendrl-ansible-1.6.3-11.el7rhgs.noarch
tendrl-api-1.6.3-8.el7rhgs.noarch
tendrl-api-httpd-1.6.3-8.el7rhgs.noarch
tendrl-commons-1.6.3-14.el7rhgs.noarch
tendrl-grafana-plugins-1.6.3-18.el7rhgs.noarch
tendrl-grafana-selinux-1.5.4-3.el7rhgs.noarch
tendrl-monitoring-integration-1.6.3-18.el7rhgs.noarch
tendrl-node-agent-1.6.3-13.el7rhgs.noarch
tendrl-notifier-1.6.3-4.el7rhgs.noarch
tendrl-selinux-1.5.4-3.el7rhgs.noarch
tendrl-ui-1.6.3-14.el7rhgs.noarch
>> VERIFIED
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:0265 |
Description of problem: After upgrading graphite-web 0.x.x to graphite 1.x.x no monitoring data populated in grafana dashboard. But if I switch SELinux to permissive mode then I can see all monitoring data in grafana dashboard. Version-Release number of selected component (if applicable): How reproducible: 100% with graphite-web 1.x.x Steps to Reproduce: 1. update packages to: graphite-web-1.1.4-1.el7rhgs.noarch.rpm python-cachetools-1.0.3-1.el7.noarch.rpm python-carbon-1.1.4-1.el7rhgs.noarch.rpm python-django-tagging-0.4.6-1.el7rhgs.noarch.rpm python-scandir-1.3-1.el7rhgs.x86_64.rpm python-whisper-1.1.4-1.el7rhgs.noarch.rpm python2-django-1.11.15-1.el7rhgs.noarch.rpm 2. run tendrl-upgrade script to initialize graphite-db 3. reboot the tendrl-server 4. Open grafana dashbaord, it won't show any monitoring data 5. type: setenforce 0 6. then all monitoring-data will present in grafana Actual results: Grafana dashboard not showing any data when SELinux is in enforcing Expected results: grafana should show data when SELinux is in enforcing Additional info: