Hide Forgot
Description of problem: After doing https://bugzilla.redhat.com/show_bug.cgi?id=1039010#c2 I got now this: Job for openshift-broker.service failed. See 'systemctl status openshift-broker.service' and 'journalctl -xn' for details. [root@localhost /]# systemctl status openshift-broker.service openshift-broker.service - The OpenShift Origin Broker Loaded: loaded (/usr/lib/systemd/system/openshift-broker.service; disabled) Active: failed (Result: exit-code) since piÄ… 2013-12-06 12:07:11 CET; 1s ago Process: 3662 ExecStart=/usr/sbin/httpd $OPTIONS -k start (code=exited, status=1/FAILURE) gru 06 12:07:11 localhost.localdomain systemd[1]: Starting The OpenShift Origin Broker... gru 06 12:07:11 localhost.localdomain httpd[3662]: WARNING: The 'PassengerUseGlobalQueue' option is obsolete: global queueing is now always turned on. Please remove this option from your configuration file. gru 06 12:07:11 localhost.localdomain httpd[3662]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message gru 06 12:07:11 localhost.localdomain httpd[3662]: (13)Permission denied: AH02291: Cannot access directory '/var/log/openshift/broker/httpd/' for main error log gru 06 12:07:11 localhost.localdomain httpd[3662]: AH00014: Configuration check failed gru 06 12:07:11 localhost.localdomain systemd[1]: openshift-broker.service: control process exited, code=exited status=1 gru 06 12:07:11 localhost.localdomain systemd[1]: Failed to start The OpenShift Origin Broker. gru 06 12:07:11 localhost.localdomain systemd[1]: Unit openshift-broker.service entered failed state. Version-Release number of selected component (if applicable): openshift-origin-broker-1.10.2.1-1.fc20.noarch How reproducible: Always
$ ls -hall /var/log/openshift/broker/httpd/ total 8,0K drwxr-x---. 2 apache apache 4,0K 08-06 22:58 . drwxr-x---. 3 apache apache 4,0K 12-06 11:09 ..
(In reply to Marek Goldmann from comment #1) > $ ls -hall /var/log/openshift/broker/httpd/ > total 8,0K > drwxr-x---. 2 apache apache 4,0K 08-06 22:58 . > drwxr-x---. 3 apache apache 4,0K 12-06 11:09 .. Hi there, I had the same problem, so I changes the security level, now it looks like this: $ namei -m /var/log/openshift/broker/httpd/ f: /var/log/openshift/broker/httpd/ dr-xr-xr-x / drwxr-xr-x var drwxr-xr-x log drwxr-xr-x openshift drwxr-x--- broker drwxr-x--- httpd More than that, I found out in the journal entries, that there is something not quite right with SELinux policies: ***** Plugin catchall (100. confidence) suggests ************************** If you believe that httpd should be allowed search access on the directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # # semodule -i mypol.pp Doing exactly that: $ grep httpd /var/log/audit/audit.log | audit2allow -M mypol $ semodule -i mypol.pp solved all my problems. Cheers, A.
The openshift origin broker is retired and no longer supported on Fedora 20+. Because of that, this bug won't be fixed. It is suggested to migrate your openshift project to RHEL/Scientific Linux/CentOS.