Bug 790005

committed to pulp master e179da00b6371dea063c61ac35f0e409f0084bc0

build: 0.267

qpidd (which is what needs port 5674) is not configured to be running over SSL by default with Pulp.  It is left as an exercise to the end user to setup qpidd over SSL, and write your own SELinux policy so that it will actually work.

That being said, I think writing out a test plan and documenting that would be a significant effort that doesn't really need to block v1 at this point.  We have a plan to document this process better on the wiki and draw attention to it so that users will know how to do it.

For now, a simple verification that the port got labelled correctly will be sufficient.

You can run:
# semanage port -l | grep amqp
amqp_port_t                    tcp      5674, 5671, 5672
amqp_port_t                    udp      5674, 5671, 5672

The output should show that 5674 has been labelled amqp_port_t as it does above.

Note: You may need to install the policycoreutils-python package which provides semanage.

looks like 5674 is missing on my rhel6 pulp box

[root@katello-test ~]#  semanage port -l | grep amqp
amqp_port_t                    tcp      5671, 5672
amqp_port_t                    udp      5671, 5672
[root@katello-test ~]# rpm -qa |grep pulp
m2crypto-0.21.1.pulp-7.el6.x86_64
python-oauth2-1.5.170-2.pulp.el6.noarch
pulp-common-0.0.267-2.el6.noarch
mod_wsgi-3.3-3.pulp.el6.x86_64
pulp-client-lib-0.0.267-2.el6.noarch
pulp-selinux-server-0.0.267-1.el6.noarch
pulp-0.0.267-2.el6.noarch
pulp-admin-0.0.267-2.el6.noarch

Can you try updating pulp-selinux-server and see if that fixes it?  pulp-selinux-server-0.0.267-2 is available in the v1 repos, I'm not sure why you don't already have it.

verified

updating pulp-linux-server fixed the issue


[root@katello-test ~]# yum update pulp-selinux-server
Loaded plugins: rhnplugin
This system is not registered with RHN.
RHN Satellite or RHN Classic support will be disabled.
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package pulp-selinux-server.noarch 0:0.0.267-1.el6 will be updated
---> Package pulp-selinux-server.noarch 0:0.0.267-2.el6 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package                 Arch       Version           Repository           Size
================================================================================
Updating:
 pulp-selinux-server     noarch     0.0.267-2.el6     pulp-v1-testing      38 k

Transaction Summary
================================================================================
Upgrade       1 Package(s)

Total download size: 38 k
Is this ok [y/N]: y
Downloading Packages:
pulp-selinux-server-0.0.267-2.el6.noarch.rpm             |  38 kB     00:00     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating   : pulp-selinux-server-0.0.267-2.el6.noarch                     1/2 

Enabling port 5674 for qpidd
  Cleanup    : pulp-selinux-server-0.0.267-1.el6.noarch                     2/2 

Updated:
  pulp-selinux-server.noarch 0:0.0.267-2.el6                                    

Complete!
[root@katello-test ~]# 
[root@katello-test ~]#  semanage port -l | grep amqp
amqp_port_t                    tcp      5674, 5671, 5672
amqp_port_t                    udp      5674, 5671, 5672
[root@katello-test ~]#

Pulp v1.0 is released
Closed Current Release.

Pulp v1.0 is released.