Bug 855351

Summary: aeolus-configure fails to complete on base RHEL 6.2
Product: [Retired] CloudForms Cloud Engine Reporter: Brett Thurber <bthurber>
Component: aeolus-configureAssignee: John Eckersberg <jeckersb>
Status: CLOSED ERRATA QA Contact: Giulio Fidente <gfidente>
Severity: high Docs Contact:
Priority: unspecified    
Version: 1.1.0CC: dajohnso, dmacpher, gfidente, sreichar
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: aeolus-configure-2.8.6-1.el6cf Doc Type: Bug Fix
Doc Text:
aeolus-configure previously set SELinux Boolean values with exec setsebool, which led to timeouts. This fix replaces the exec with Puppet's selboolean type method. This provides a successful setting of SELinux Boolean values without timeouts.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2012-12-04 15:18:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
/var/log/*
none
stdout from install and configure none

Description Brett Thurber 2012-09-07 13:46:29 UTC 
Created attachment 610720 [details]
/var/log/*

Description of problem:
aeolus-configure fails to complete with base RHEL 6.2 install.

Version-Release number of selected component (if applicable):
CF - 1.0.1
RHEL - 6.2

How reproducible:
Every time

Steps to Reproduce:
1.  Install RHEL 6.2
2.  Install aeolus-all
3.  Run aeolous-configure
  
Actual results:
aeolus-configure fails to complete.

Expected results:
aeolus-configure completes without error.

Additional info:
RHEL 6.3 works fine however is not officially supported.  There is no clear way to confine a RHEL 6.2 system to particular updates to support CF 1.0.1.
Comment 1 Brett Thurber 2012-09-07 13:52:04 UTC 
Created attachment 610723 [details]
stdout from install and configure
Comment 3 John Eckersberg 2012-09-07 17:03:28 UTC 
aeolus-configure enables the selinux boolean httpd_can_network_connect, since it uses httpd+mod_proxy as a frontend for the aeolus-conductor daemon.

aeolus-configure currently does this by using the Exec type with the setsebool command directly.  The Exec type has a default timeout of 300 seconds.  I have seen instances where the setsebool command can take longer than 300 seconds[1], and that seems to be the case in this instance.  From the provided stdout log:

err: /Stage[main]/Apache/Exec[permit-http-networking]/returns: change from notrun to 0 failed: Command exceeded timeout at /usr/share/aeolus-configure/modules/apache/manifests/init.pp:32

A 6.3 erratum probably addresses the root cause of setsebool being slow, which is why this would work on 6.3 but not on 6.2.

In any case, we really shouldn't be using Exec to call setsebool; puppet has a Selboolean type that is better suited.  Also, the Selboolean provider doesn't time out, so if this behavior is encountered then configure should still work properly, albeit slowly.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=811656 is a Fedora bug, but I suspect it might be applicable in this case as well.
Comment 4 John Eckersberg 2012-09-07 17:26:49 UTC 
https://github.com/aeolusproject/aeolus-configure/pull/9
Comment 5 Steve Reichard 2012-09-07 17:50:02 UTC 
FYI,

We ahve only seen this when we install CF on 6.2GA that has teh update repo available.   If we do a yum update before the install of CF, it works.  The issue being the update brings the system to 6.2 and it is not cler if this is supported.

Earlier installs (pre-6.3), I always did the yum update and did not see this issue.

spr
Comment 6 Steve Reichard 2012-09-10 12:53:21 UTC 
typos in comment 5,

Try again -


We have only seen this when we install CF on 6.2GA that has the update repo available. If we do a yum update before the install of CF, it works, and we dont' see the problem. The issue being that the update brings the system to 6.3 and it is not clear if this is supported.

Earlier installs (pre-6.3), I always did the yum update and did not see this issue.
Comment 7 John Eckersberg 2012-09-10 17:49:28 UTC 
on 1.1 as commit 9ec8679
Comment 9 Giulio Fidente 2012-09-18 21:18:04 UTC 
works for me as aeolus-configure-2.8.6-1.el6cf

[root@qeblade22 ~]# rpm -qa | grep aeolus-configure
aeolus-configure-2.8.6-1.el6cf.noarch
[root@qeblade22 ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 6.2 (Santiago)
[root@qeblade22 ~]#
Comment 11 errata-xmlrpc 2012-12-04 15:18:42 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2012-1516.html