| Summary: | Image Factory fails with non-descriptive errors if SELinux be enabled | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Retired] CloudForms Cloud Engine | Reporter: | Joe Vlcek <jvlcek> | ||||
| Component: | aeolus-conductor | Assignee: | Ian McLeod <imcleod> | ||||
| Status: | CLOSED ERRATA | QA Contact: | wes hayutin <whayutin> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 1.0.0 | CC: | akarol, dajohnso, deltacloud-maint, meyering, ssachdev | ||||
| Target Milestone: | alpha | Keywords: | Reopened | ||||
| Target Release: | --- | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2012-05-15 21:41:44 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Attachments: |
|
||||||
|
Description
Joe Vlcek
2011-05-20 19:41:51 UTC
correct.. fyi.. selinux has not yet been supported in factory and conductor. Can you please update the version of factory and conductor (if you are using it) to the bug.. Thanks I'm using the latest development version of Image Factory from the developers, Ian McLeod's, working gate but I don't think that is relevant. The point I am attempting to make is that Image Factory needs to support SELinux. I believe SE Linux policies need to be developed for Image Factory. Sorry if that wasn't clear. Thanks, Joe Thanks, Joe. Good to see this on the radar. Can someone attach the associated AVC (from /var/log/audit/audit.log)? moving bugs to cloud engine project can you provide the required selinux failure from /var/log/audit/audit.log This originally happened as a result of Oz attempting to run "ssh-keygen" from within the factory daemon context. Chris has since re-worked Oz to create the key pair during RPM install, rather than at runtime. So, this bug is probably no longer relevant. k.. we'll revisit selinux once dev decides to build policies for CE and components.. closing this bug.. Created attachment 505673 [details]
The log file produced by Image Factory
This issues still exists. Although it is manifesting itself as a different error message in the Image Factory log file. I have confirmed that Image Factory still fails with SELinux in enforcing mode. /var/log/audit/audit.log is empty I have attached the Image Factory log file. making sure all the bugs are at the right version for future queries Believe this to be addressed here: https://github.com/aeolusproject/imagefactory/commit/c2bebbb81d859354df941f4d995d3cdede675344 This change is available in our 0.7.0 RPM release here: http://repos.fedorapeople.org/repos/aeolus/imagefactory/0.7.0/ Image Factory starts successfully with SELinux in enforcing mode. Building image is successful. imagefactory log : 2011-10-24 02:34:25,300 INFO imgfac.builders.BaseBuilder.Fedora_rhevm_Builder pid(4081) Message: Creating cloud-info file indicating target (rhevm) 2011-10-24 02:34:25,341 INFO imgfac.builders.BaseBuilder.Fedora_rhevm_Builder pid(4081) Message: Updating rc.local with Audrey conditional 2011-10-24 02:34:27,167 DEBUG imgfac.builders.BaseBuilder.Fedora_rhevm_Builder pid(4081) Message: Removed HWADDR from image's /etc/sysconfig/network-scripts/ifcfg-eth0 2011-10-24 02:34:27,681 DEBUG imgfac.builders.BaseBuilder.Fedora_rhevm_Builder pid(4081) Message: Storing Fedora image at http://localhost:9090/... 2011-10-24 02:34:28,159 INFO imgfac.ImageWarehouse.ImageWarehouse pid(4081) Message: Creating a bucket returned status 401. 2011-10-24 02:34:28,166 DEBUG imgfac.ImageWarehouse.ImageWarehouse pid(4081) Message: Setting metadata ({'object_type': 'template', 'uuid': '86df8ae0-deef-4523-9397-1661590d2212'}) for http://localhost:9090/templates/86df8ae0-deef-4523-9397-1661590d2212 2011-10-24 02:34:28,171 INFO imgfac.ImageWarehouse.ImageWarehouse pid(4081) Message: Creating a bucket returned status 401. 2011-10-24 02:34:28,205 DEBUG imgfac.ImageWarehouse.ImageWarehouse pid(4081) Message: Setting metadata ({'object_type': 'icicle', 'uuid': '17c1d9f1-c014-4578-83f9-2a9ca6e58931'}) for http://localhost:9090/icicles/17c1d9f1-c014-4578-83f9-2a9ca6e58931 2011-10-24 02:34:28,215 INFO imgfac.ImageWarehouse.ImageWarehouse pid(4081) Message: Creating a bucket returned status 401. 2011-10-24 02:34:28,275 DEBUG imgfac.ImageWarehouse.ImageWarehouse pid(4081) Message: 0kB of 10485760kB 2011-10-24 02:34:28,275 DEBUG imgfac.ImageWarehouse.ImageWarehouse pid(4081) Message: Setting metadata ({'icicle': '17c1d9f1-c014-4578-83f9-2a9ca6e58931', 'uuid': '89f84eb4-23ad-4a3a-b804-608c175250f0', 'template': '86df8ae0-deef-4523-9397-1661590d2212', 'target_parameters': '<?xml version="1.0"?>\n<domain type="kvm">\n <name>Fedora 15-89f84eb4-23ad-4a3a-b804-608c175250f0</name>\n <memory>1048576</memory>\n <currentMemory>1048576</currentMemory>\n <uuid>4b677299-59ec-421e-9c94-11178451a052</uuid>\n <clock offset="utc"/>\n <vcpu>1</vcpu>\n <features>\n <acpi/>\n <apic/>\n <pae/>\n </features>\n <os>\n <type>hvm</type>\n <boot dev="hd"/>\n </os>\n <on_poweroff>destroy</on_poweroff>\n <on_reboot>destroy</on_reboot>\n <on_crash>destroy</on_crash>\n <devices>\n <console device="pty"/>\n <graphics port="-1" type="vnc"/>\n <interface type="bridge">\n <source bridge="virbr0"/>\n <mac address="52:54:00:4f:49:a2"/>\n <model type="virtio"/>\n </interface>\n <input bus="ps2" type="mouse"/>\n <console type="pty">\n <target port="0"/>\n </console>\n <serial type="tcp">\n <source mode="bind" host="127.0.0.1" service="21172"/>\n <protocol type="raw"/>\n <target port="1"/>\n </serial>\n <disk device="disk" type="file">\n <target dev="vda" bus="virtio"/>\n <source file="/var/lib/imagefactory/images/rhevm-image-89f84eb4-23ad-4a3a-b804-608c175250f0.dsk"/>\n </disk>\n </devices>\n</domain>\n', 'object_type': 'target_image', 'target': 'rhevm', 'build': '52421814-2cd1-4618-81a0-f110b998e582'}) for http://localhost:9090/target_images/89f84eb4-23ad-4a3a-b804-608c175250f0 2011-10-24 02:34:28,285 DEBUG imgfac.builders.BaseBuilder.Fedora_rhevm_Builder pid(4081) Message: Image warehouse storage complete 2011-10-24 02:34:28,285 DEBUG imgfac.BuildJob.BuildAdaptor pid(4081) Message: Raising event with agent handler (<ImageFactoryAgent(Thread-1, initial)>), changed percent complete from 50 to 100 2011-10-24 02:34:28,339 DEBUG imgfac.ImageWarehouse.ImageWarehouse pid(4081) Message: Getting metadata (['latest_unpushed']) from http://localhost:9090/images/1b4ea683-1e4c-486a-86e9-64697fcbe082 2011-10-24 02:34:28,341 DEBUG imgfac.ImageWarehouse.ImageWarehouse pid(4081) Message: Getting metadata (['latest_build']) from http://localhost:9090/images/1b4ea683-1e4c-486a-86e9-64697fcbe082 2011-10-24 02:34:28,343 DEBUG imgfac.ImageWarehouse.ImageWarehouse pid(4081) Message: Setting metadata ({'latest_unpushed': '52421814-2cd1-4618-81a0-f110b998e582'}) for http://localhost:9090/images/1b4ea683-1e4c-486a-86e9-64697fcbe082 2011-10-24 02:34:28,344 DEBUG imgfac.BuildJob.BuildAdaptor pid(4081) Message: Raising event with agent handler (<ImageFactoryAgent(Thread-1, initial)>), changed status from BUILDING to COMPLETED [root@dell-pe1950-01 templates]# rpm -qa | egrep 'imagefactory|selinux-policy' selinux-policy-targeted-3.7.19-93.el6.noarch imagefactory-0.7.0-1.el6.noarch selinux-policy-3.7.19-93.el6.noarch imagefactory-jeosconf-ec2-rhel-0.1.0-1.el6.noarch imagefactory-jeosconf-ec2-fedora-0.1.0-1.el6.noarch rubygem-imagefactory-console-0.5.0-4.20110824113238gitd9debef.el6.noarch Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2012-0583.html |