Bug 1659678
Summary: | Grafana unable to fetch data after updating graphite-web to 1.x.x | ||
---|---|---|---|
Product: | [Red Hat Storage] Red Hat Gluster Storage | Reporter: | gowtham <gshanmug> |
Component: | web-admin-tendrl-selinux | Assignee: | Timothy Asir <tjeyasin> |
Status: | CLOSED ERRATA | QA Contact: | Daniel Horák <dahorak> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | rhgs-3.4 | CC: | dahorak, mbukatov, nthomas, rcyriac, sankarshan, sds-qe-bugs |
Target Milestone: | --- | Keywords: | ZStream |
Target Release: | RHGS 3.4.z Batch Update 3 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | tendrl-selinux-1.5.4-3.el7rhgs | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-02-04 07:43:46 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1658702 |
Description
gowtham
2018-12-15 03:29:40 UTC
It failed to show the graphical data due to denied access for the link files by the selinux. The following are the selinux log: type=AVC msg=audit(1544435268.923:7161): avc: denied { read } for pid=5701 comm="httpd" name="7167366d-26be-4bd5-9662-d6e6fc798480" dev="vda1" ino=923681 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:carbon_var_lib_t:s0 tclass=lnk_file permissive=0 Fix patch sent to upstream: https://github.com/Tendrl/tendrl-selinux/pull/11 This change is necessary because of BZ 1658702. It will be tested via regression testing for update and installation scenarios. Tested on both freshly installed (RHGS WA 3.4.3) and updated (from RHGS WA
3.4.2 to 3.4.3) cluster.
Monitoring data are available on the dashboards as expected.
No AVC denial message related to httpd is in audit.log
# cat /var/log/audit/audit.log | grep AVC | grep httpd
#
Versions of related packages:
carbon-selinux-1.5.4-3.el7rhgs.noarch
graphite-web-1.1.4-1.el7rhgs.noarch
python2-django-1.11.15-1.1.el7rhgs.noarch
python-cachetools-1.0.3-1.1.el7rhgs.noarch
python-carbon-1.1.4-1.el7rhgs.noarch
python-django-tagging-0.4.6-1.el7rhgs.noarch
python-scandir-1.3-1.el7rhgs.x86_64
python-whisper-1.1.4-1.el7rhgs.noarch
tendrl-ansible-1.6.3-11.el7rhgs.noarch
tendrl-api-1.6.3-8.el7rhgs.noarch
tendrl-api-httpd-1.6.3-8.el7rhgs.noarch
tendrl-commons-1.6.3-14.el7rhgs.noarch
tendrl-grafana-plugins-1.6.3-18.el7rhgs.noarch
tendrl-grafana-selinux-1.5.4-3.el7rhgs.noarch
tendrl-monitoring-integration-1.6.3-18.el7rhgs.noarch
tendrl-node-agent-1.6.3-13.el7rhgs.noarch
tendrl-notifier-1.6.3-4.el7rhgs.noarch
tendrl-selinux-1.5.4-3.el7rhgs.noarch
tendrl-ui-1.6.3-14.el7rhgs.noarch
>> VERIFIED
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:0265 |