Bug 855351
Summary: | aeolus-configure fails to complete on base RHEL 6.2 | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Retired] CloudForms Cloud Engine | Reporter: | Brett Thurber <bthurber> | ||||||
Component: | aeolus-configure | Assignee: | John Eckersberg <jeckersb> | ||||||
Status: | CLOSED ERRATA | QA Contact: | Giulio Fidente <gfidente> | ||||||
Severity: | high | Docs Contact: | |||||||
Priority: | unspecified | ||||||||
Version: | 1.1.0 | CC: | dajohnso, dmacpher, gfidente, sreichar | ||||||
Target Milestone: | rc | ||||||||
Target Release: | --- | ||||||||
Hardware: | x86_64 | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | aeolus-configure-2.8.6-1.el6cf | Doc Type: | Bug Fix | ||||||
Doc Text: |
aeolus-configure previously set SELinux Boolean values with exec setsebool, which led to timeouts. This fix replaces the exec with Puppet's selboolean type method. This provides a successful setting of SELinux Boolean values without timeouts.
|
Story Points: | --- | ||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2012-12-04 15:18:42 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Created attachment 610723 [details]
stdout from install and configure
aeolus-configure enables the selinux boolean httpd_can_network_connect, since it uses httpd+mod_proxy as a frontend for the aeolus-conductor daemon. aeolus-configure currently does this by using the Exec type with the setsebool command directly. The Exec type has a default timeout of 300 seconds. I have seen instances where the setsebool command can take longer than 300 seconds[1], and that seems to be the case in this instance. From the provided stdout log: err: /Stage[main]/Apache/Exec[permit-http-networking]/returns: change from notrun to 0 failed: Command exceeded timeout at /usr/share/aeolus-configure/modules/apache/manifests/init.pp:32 A 6.3 erratum probably addresses the root cause of setsebool being slow, which is why this would work on 6.3 but not on 6.2. In any case, we really shouldn't be using Exec to call setsebool; puppet has a Selboolean type that is better suited. Also, the Selboolean provider doesn't time out, so if this behavior is encountered then configure should still work properly, albeit slowly. [1] https://bugzilla.redhat.com/show_bug.cgi?id=811656 is a Fedora bug, but I suspect it might be applicable in this case as well. FYI, We ahve only seen this when we install CF on 6.2GA that has teh update repo available. If we do a yum update before the install of CF, it works. The issue being the update brings the system to 6.2 and it is not cler if this is supported. Earlier installs (pre-6.3), I always did the yum update and did not see this issue. spr typos in comment 5, Try again - We have only seen this when we install CF on 6.2GA that has the update repo available. If we do a yum update before the install of CF, it works, and we dont' see the problem. The issue being that the update brings the system to 6.3 and it is not clear if this is supported. Earlier installs (pre-6.3), I always did the yum update and did not see this issue. on 1.1 as commit 9ec8679 works for me as aeolus-configure-2.8.6-1.el6cf [root@qeblade22 ~]# rpm -qa | grep aeolus-configure aeolus-configure-2.8.6-1.el6cf.noarch [root@qeblade22 ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.2 (Santiago) [root@qeblade22 ~]# Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2012-1516.html |
Created attachment 610720 [details] /var/log/* Description of problem: aeolus-configure fails to complete with base RHEL 6.2 install. Version-Release number of selected component (if applicable): CF - 1.0.1 RHEL - 6.2 How reproducible: Every time Steps to Reproduce: 1. Install RHEL 6.2 2. Install aeolus-all 3. Run aeolous-configure Actual results: aeolus-configure fails to complete. Expected results: aeolus-configure completes without error. Additional info: RHEL 6.3 works fine however is not officially supported. There is no clear way to confine a RHEL 6.2 system to particular updates to support CF 1.0.1.