Bug 745149

Summary: configserver requires selinux in disable/permissive mode
Product: [Retired] CloudForms Cloud Engine Reporter: dgao
Component: aeolus-configserverAssignee: Greg Blomquist <gblomqui>
Status: CLOSED ERRATA QA Contact: dgao
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 1.0.0CC: akarol, deltacloud-maint, dgao, whayutin
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-05-15 20:50:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description dgao 2011-10-11 14:06:46 UTC 
config server will return "Service Temporarily Unavailable" when checking for https://CONFIG_SERVER_ADDR/version if selinux=Enforcing

When selinux=permissive/disable, it returns the version xml. 

Note: This is an rpm install.
Comment 2 Greg Blomquist 2011-11-14 16:45:04 UTC 
I have a patch for this bug.  But, it may introduce a timing issue with the aeolus-configserver-setup-httpd script (i.e., the underlying puppet modules may now have a dependency problem).  

I'll have to figure out how to resolve that, but I'm gonna post the patch for this to resolve this bug.

The work-around for the dependency bug in the setup script is to simply start httpd if it's not running after puppet finishes.

So:

#> aeolus-configserver-setup-httpd
blah blah
puppet
puppet complains that /sbin/service httpd graceful returned 1 instead of 0
puppet

#> service httpd start
Starting httpd:                [ OK ]
Comment 3 Greg Blomquist 2011-11-14 17:53:12 UTC 
Patch posted and pushed to audrey repo.

New RPM version (not yet built for conductor testing repo)

aeolus-configserver-0.4.0-4
aeolus-configserver-proxy-0.4.0-4

https://fedorahosted.org/pipermail/aeolus-devel/2011-November/006644.html
Comment 4 dgao 2011-11-15 23:18:42 UTC 
[root@configserver-qe-nightly httpd]# yum info aeolus-configserver
Installed Packages
Name        : aeolus-configserver
Arch        : noarch
Version     : 0.4.1
Release     : 1.fc15
Size        : 65 k
Repo        : installed
From repo   : aeolus-configserver
Summary     : The Aeolus Config Server
URL         : http://aeolusproject.org
License     : GPLv2+ and MIT and BSD
Description : The Aeolus Config Server, a service for storing and retrieving VM
            : configurations.

w/ selinux set to Enforcing, a 503 is returned when hitting https://{configserver}/version

w/ selinux set to Permissive, the file returns.
Comment 5 dgao 2011-11-17 23:45:43 UTC 
Running aeolus-configserver-setup-httpd w/ Enforcing selinux policy would add set the right sebool. This would enable configserver to run w/ selinux turned on. 

hitting https://{configserver}/version would also return the proper xml. 

Verified
Comment 6 wes hayutin 2011-11-28 01:17:32 UTC 
removing bugs from ce-sprint from the tracker.. you can find these bugs by querying the "qa whiteboard" for ce-sprint-60
Comment 8 errata-xmlrpc 2012-05-15 20:50:15 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2012-0585.html