Bug 2122199

Summary: After LEAPP upgrade katello_candlepin_port_t definition is missing
Product: Red Hat Satellite Reporter: Odilon Sousa <osousa>
Component: SELinuxAssignee: Lukas Zapletal <lzap>
Status: CLOSED ERRATA QA Contact: Lukas Pramuk <lpramuk>
Severity: high Docs Contact:
Priority: high    
Version: 6.11.0CC: ahumbe, egolov, ehelms, lzap, matthew.lesieur, pstodulk, vmojzis, zhunting
Target Milestone: 6.11.3Keywords: Triaged, Upgrades
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: foreman-selinux-3.1.2.1-2,katello-selinux-4.0.2-2 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2111074 Environment:
Last Closed: 2022-09-28 16:28:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Comment 4 Lukas Pramuk 2022-09-13 09:04:30 UTC 
VERIFIED.

@Satellite 6.11.3 Snap1
foreman-selinux-3.1.2.1-2.el8sat.noarch
katello-selinux-4.0.2-2.el8sat.noarch

by the reproducer described in comment#0:

1) LEAPP upgrade Satellite 6.11.3 using internal repos
# sed -i 's/_RHEL7/_RHEL8/g' /etc/yum.repos.d/satellite.repo
# leapp upgrade --reboot --enablerepo Sat6-CI_Red_Hat_Satellite_6_11_Composes_Satellite_6_11_RHEL8 --enablerepo Sat6-CI_Satellite_6_11_Composes_Satellite_Maintenance_6_11_RHEL8

2) Perform LEAPP post-upgrade tasks namely switch back to enforcing selinux
# setenforce 1

3) Check for Satellite health
# hammer ping
...
candlepin:        
    Status:          ok
    Server Response: Duration: 36ms
candlepin_auth:   
    Status:          ok
    Server Response: Duration: 40ms
...

4) Check for custom selinux port definitions
# semanage port -l | grep -e 2375 -e 2376 -e 19090 -e 23443
foreman_container_port_t       tcp      2376, 2375
katello_candlepin_port_t       tcp      23443
websm_port_t                   tcp      19090, 9090

>>> after LEAPP upgrade all custom selinux port definitions are present
Comment 9 errata-xmlrpc 2022-09-28 16:28:48 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Satellite 6.11.3 Async Bug Fix Update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:6743
Comment 10 Evgeni Golov 2023-03-08 08:29:56 UTC 
*** Bug 2106268 has been marked as a duplicate of this bug. ***