Red Hat Bugzilla – Bug 1009964
node-installer looks for missing foreman-selinux package, fails
Last modified: 2014-06-19 14:58:13 EDT
Description of problem:
Trying to configure a smart proxy using node-installer, we fail with missing package.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
note: may need to use workaround due to bug #1009958
1. node-install --parent-fqdn `hostname` --dns true --dns-forwarders "10.16.101.41" --dns-forwarders "10.11.5.19" --dns-interface virbr1 --dns-zone katellolabs.org --dhcp true --dhcp-interface virbr1 --pulp false --tftp true --puppet true --puppetca true --register-in-foreman true --oauth-consumer-secret "Cl4Infk8emwu7EN2bcUuO1ZtwWml3vt2" --verbose
2. view results
Failure. Seen in puppet logger:
[DEBUG 2013-09-19 11:13:01 puppet] Package[foreman-selinux](provider=yum): Ensuring => present
[DEBUG 2013-09-19 11:13:01 puppet] Executing '/usr/bin/yum -d 0 -e 0 -y install foreman-selinux'
[ERROR 2013-09-19 11:13:02 puppet] Execution of '/usr/bin/yum -d 0 -e 0 -y install foreman-selinux' returned 1: Error: Nothing to do
[ERROR 2013-09-19 11:13:02 puppet] /Stage[main]/Passenger::Install::Redhat/Package[foreman-selinux]/ensure: change from absent to present failed: Execution of '/usr/bin/yum -d 0 -e 0 -y install foreman-selinux' returned 1: Error: Nothing to do
[ WARN 2013-09-19 11:13:02 puppet] /Stage[main]/Passenger::Install::Redhat/Package[passenger]: Dependency Package[foreman-selinux] has failures: true
Apparently we shouldn't be looking for this package (yet).
I don't think this should be used in the node-installer, it isn't intended that we provide SELinux policy for the puppetmaster in foreman-selinux. Any issues there should be resolved through base OS selinux-policy which supports Puppet under Passenger.
We declined this patch upstream (https://github.com/theforeman/puppet-passenger/pull/16) but it was used in node-installer. foreman-selinux should be shipped for MDP3 where we use passenger, but not yet IMHO.
Ok: the conclusion for MDP2: the puppetmaster installation will need the system to run in permissive mode. In that case I will just remove the foreman-selinux package form ones installed.
Reverted the code that installed the foreman-proxy:
Should I cherry-pick the changes or we can rebase? I prefer the second option, as there is no code that not should get into MDP2
not relevant now with the new 'capsule-installer'