Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1149006

Summary: rubygem-staypuft: rhel-osp-installer exists with error: Could not start Service[dhcpd]: Execution of '/sbin/service dhcpd start' returned 1: Starting dhcpd: [FAILED] /Stage[main]/Dhcp/Service[dhcpd]/ensure: change from stopped to running failed: Could n
Product: Red Hat OpenStack Reporter: Alexander Chuzhoy <sasha>
Component: rubygem-staypuftAssignee: Mike Burns <mburns>
Status: CLOSED WORKSFORME QA Contact: Omri Hochman <ohochman>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 5.0 (RHEL 7)CC: lzap, mburns, mgrepl, rhallise, sclewis, yeylon
Target Milestone: z2   
Target Release: Installer   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-10-03 21:31:29 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
rhel-osp-installer.log
none
messages none

Description Alexander Chuzhoy 2014-10-02 21:55:31 UTC 
rubygem-staypuft: rhel-osp-installer exists with error:  Could not start Service[dhcpd]: Execution of '/sbin/service dhcpd start' returned 1: Starting dhcpd: [FAILED]  /Stage[main]/Dhcp/Service[dhcpd]/ensure: change from stopped to running failed: Could n

Environment:
rhel-osp-installer-0.4.1-2.el6ost.noarch
ruby193-rubygem-foreman_openstack_simplify-0.0.6-8.el6ost.noarch
openstack-puppet-modules-2014.1-21.8.el6ost.noarch
openstack-foreman-installer-2.0.28-1.el6ost.noarch


Steps to reproduce:
1. Install rhel-osp-installer
2. Run rhel-osp-installer.

Result:

 Could not start Service[dhcpd]: Execution of '/sbin/service dhcpd start' returned 1: Starting dhcpd: [FAILED]
 /Stage[main]/Dhcp/Service[dhcpd]/ensure: change from stopped to running failed: Could not start Service[dhcpd]: Execution of '/sbin/service dhcpd start' returned 1: Starting dhcpd: [FAILED]
Installing             Done                                               [100%] [.................................................................................................................................]
Not running provisioning configuration since installation encountered errors, exit code was 6
  Something went wrong! Check the log for ERROR-level output
  The full log is at /var/log/rhel-osp-installer/rhel-osp-installer.log

Expected result:
The rhel-osp-installer should complete with no errors.
Comment 1 Alexander Chuzhoy 2014-10-02 21:57:18 UTC 
Created attachment 943581 [details]
rhel-osp-installer.log
Comment 2 Alexander Chuzhoy 2014-10-02 21:57:37 UTC 
Created attachment 943582 [details]
messages
Comment 3 Alexander Chuzhoy 2014-10-02 22:53:19 UTC 
running sealert gets the following:


SELinux is preventing /usr/bin/chcon from relabelto access on the file /var/lib/dhcpd/dhcpd.leases.

*****  Plugin catchall (100. confidence) suggests  ***************************

If you believe that chcon should be allowed relabelto access on the dhcpd.leases file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep chcon /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp


running:
 grep chcon /var/log/audit/audit.log | audit2allow -M mypol
 semodule -i mypol.pp

Doesn't help.

running:
cat /var/log/audit/audit.log | audit2allow -M mypol2
semodule -i mypol2.pp
fixes it.
Comment 4 Lukas Zapletal 2014-10-03 12:53:28 UTC 
Alex, I need to see the denial. Can you paste:

# ausearch -m AVC

But the file /var/lib/dhcpd belongs to the dhcp (core) policy, I don't think this is Foreman policy issue. Let's see from the denial.
Comment 5 Alexander Chuzhoy 2014-10-03 13:21:29 UTC 
[root@staypuft ~]# ausearch -m AVC                                  
----                                                                
time->Thu Oct  2 17:51:28 2014                                      
type=SYSCALL msg=audit(1412286688.859:236): arch=c000003e syscall=93 success=no exit=-1 a0=6 a1=b1 a2=b1 a3=0 items=0 ppid=4108 pid=4109 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=6 comm="dhcpd" exe="/usr/sbin/dhcpd" subj=unconfined_u:system_r:dhcpd_t:s0 key=(null)                                                                                                                              
type=AVC msg=audit(1412286688.859:236): avc:  denied  { chown } for  pid=4109 comm="dhcpd" capability=0  scontext=unconfined_u:system_r:dhcpd_t:s0 tcontext=unconfined_u:system_r:dhcpd_t:s0 tclass=capability       
----                                                                                                                                                                                                                 
time->Thu Oct  2 18:07:02 2014                                                                                                                                                                                       
type=SYSCALL msg=audit(1412287622.569:360): arch=c000003e syscall=93 success=no exit=-1 a0=6 a1=b1 a2=b1 a3=0 items=0 ppid=5872 pid=5873 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=8 comm="dhcpd" exe="/usr/sbin/dhcpd" subj=unconfined_u:system_r:dhcpd_t:s0 key=(null)                                                                                                                                
type=AVC msg=audit(1412287622.569:360): avc:  denied  { chown } for  pid=5873 comm="dhcpd" capability=0  scontext=unconfined_u:system_r:dhcpd_t:s0 tcontext=unconfined_u:system_r:dhcpd_t:s0 tclass=capability       
----                                                                                                                                                                                                                 
time->Thu Oct  2 18:08:16 2014                                                                                                                                                                                       
type=SYSCALL msg=audit(1412287696.437:361): arch=c000003e syscall=93 success=no exit=-1 a0=6 a1=b1 a2=b1 a3=0 items=0 ppid=5930 pid=5931 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=8 comm="dhcpd" exe="/usr/sbin/dhcpd" subj=unconfined_u:system_r:dhcpd_t:s0 key=(null)                                                                                                                                
type=AVC msg=audit(1412287696.437:361): avc:  denied  { chown } for  pid=5931 comm="dhcpd" capability=0  scontext=unconfined_u:system_r:dhcpd_t:s0 tcontext=unconfined_u:system_r:dhcpd_t:s0 tclass=capability       
----                                                                                                                                                                                                                 
time->Thu Oct  2 18:08:56 2014                                                                                                                                                                                       
type=SYSCALL msg=audit(1412287736.521:362): arch=c000003e syscall=93 success=no exit=-1 a0=6 a1=b1 a2=b1 a3=0 items=0 ppid=5971 pid=5972 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=8 comm="dhcpd" exe="/usr/sbin/dhcpd" subj=unconfined_u:system_r:dhcpd_t:s0 key=(null)                                                                                                                                
type=AVC msg=audit(1412287736.521:362): avc:  denied  { chown } for  pid=5972 comm="dhcpd" capability=0  scontext=unconfined_u:system_r:dhcpd_t:s0 tcontext=unconfined_u:system_r:dhcpd_t:s0 tclass=capability       
----                                                                                                                                                                                                                 
time->Thu Oct  2 18:09:24 2014                                                                                                                                                                                       
type=SYSCALL msg=audit(1412287764.322:363): arch=c000003e syscall=93 success=no exit=-1 a0=6 a1=b1 a2=b1 a3=0 items=0 ppid=5998 pid=5999 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=8 comm="dhcpd" exe="/usr/sbin/dhcpd" subj=unconfined_u:system_r:dhcpd_t:s0 key=(null)                                                                                                                                
type=AVC msg=audit(1412287764.322:363): avc:  denied  { chown } for  pid=5999 comm="dhcpd" capability=0  scontext=unconfined_u:system_r:dhcpd_t:s0 tcontext=unconfined_u:system_r:dhcpd_t:s0 tclass=capability       
----                                                                                                                                                                                                                 
time->Thu Oct  2 18:09:44 2014                                                                                                                                                                                       
type=SYSCALL msg=audit(1412287784.797:364): arch=c000003e syscall=93 success=no exit=-1 a0=6 a1=b1 a2=b1 a3=0 items=0 ppid=6024 pid=6025 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=8 comm="dhcpd" exe="/usr/sbin/dhcpd" subj=unconfined_u:system_r:dhcpd_t:s0 key=(null)                                                                                                                                
type=AVC msg=audit(1412287784.797:364): avc:  denied  { chown } for  pid=6025 comm="dhcpd" capability=0  scontext=unconfined_u:system_r:dhcpd_t:s0 tcontext=unconfined_u:system_r:dhcpd_t:s0 tclass=capability       
----                                                                                                                                                                                                                 
time->Thu Oct  2 18:09:47 2014                                                                                                                                                                                       
type=SYSCALL msg=audit(1412287787.358:365): arch=c000003e syscall=93 success=no exit=-1 a0=6 a1=b1 a2=b1 a3=0 items=0 ppid=6042 pid=6043 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=8 comm="dhcpd" exe="/usr/sbin/dhcpd" subj=unconfined_u:system_r:dhcpd_t:s0 key=(null)                                                                                                                                
type=AVC msg=audit(1412287787.358:365): avc:  denied  { chown } for  pid=6043 comm="dhcpd" capability=0  scontext=unconfined_u:system_r:dhcpd_t:s0 tcontext=unconfined_u:system_r:dhcpd_t:s0 tclass=capability       
----                                                                                                                                                                                                                 
time->Thu Oct  2 18:15:19 2014                                                                                                                                                                                       
type=SYSCALL msg=audit(1412288119.702:372): arch=c000003e syscall=93 success=no exit=-1 a0=6 a1=b1 a2=b1 a3=0 items=0 ppid=6292 pid=6293 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=8 comm="dhcpd" exe="/usr/sbin/dhcpd" subj=unconfined_u:system_r:dhcpd_t:s0 key=(null)                                                                                                                                
type=AVC msg=audit(1412288119.702:372): avc:  denied  { chown } for  pid=6293 comm="dhcpd" capability=0  scontext=unconfined_u:system_r:dhcpd_t:s0 tcontext=unconfined_u:system_r:dhcpd_t:s0 tclass=capability       
----                                                                                                                                                                                                                 
time->Thu Oct  2 18:17:29 2014                                                                                                                                                                                       
type=SYSCALL msg=audit(1412288249.987:374): arch=c000003e syscall=93 success=no exit=-1 a0=6 a1=b1 a2=b1 a3=0 items=0 ppid=6384 pid=6385 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=8 comm="dhcpd" exe="/usr/sbin/dhcpd" subj=unconfined_u:system_r:dhcpd_t:s0 key=(null)                                                                                                                                
type=AVC msg=audit(1412288249.987:374): avc:  denied  { chown } for  pid=6385 comm="dhcpd" capability=0  scontext=unconfined_u:system_r:dhcpd_t:s0 tcontext=unconfined_u:system_r:dhcpd_t:s0 tclass=capability       
----                                                                                                                                                                                                                 
time->Thu Oct  2 18:20:55 2014                                                                                                                                                                                       
type=SYSCALL msg=audit(1412288455.277:382): arch=c000003e syscall=93 success=no exit=-1 a0=6 a1=b1 a2=b1 a3=0 items=0 ppid=6509 pid=6510 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=8 comm="dhcpd" exe="/usr/sbin/dhcpd" subj=unconfined_u:system_r:dhcpd_t:s0 key=(null)                                                                                                                                
type=AVC msg=audit(1412288455.277:382): avc:  denied  { chown } for  pid=6510 comm="dhcpd" capability=0  scontext=unconfined_u:system_r:dhcpd_t:s0 tcontext=unconfined_u:system_r:dhcpd_t:s0 tclass=capability       
----
time->Thu Oct  2 18:24:01 2014
type=SYSCALL msg=audit(1412288641.072:383): arch=c000003e syscall=188 success=no exit=-13 a0=214f0e0 a1=7fa68a8c82fd a2=2150630 a3=21 items=0 ppid=5388 pid=6870 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=8 comm="chcon" exe="/usr/bin/chcon" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1412288641.072:383): avc:  denied  { relabelto } for  pid=6870 comm="chcon" name="dhcpd.leases" dev=dm-0 ino=281111 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:dhcpd_t:s0 tclass=file
----
time->Thu Oct  2 18:46:02 2014
type=SYSCALL msg=audit(1412289962.197:402): arch=c000003e syscall=93 success=no exit=-1 a0=6 a1=b1 a2=b1 a3=0 items=0 ppid=11084 pid=11085 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=8 comm="dhcpd" exe="/usr/sbin/dhcpd" subj=unconfined_u:system_r:dhcpd_t:s0 key=(null)
type=AVC msg=audit(1412289962.197:402): avc:  denied  { chown } for  pid=11085 comm="dhcpd" capability=0  scontext=unconfined_u:system_r:dhcpd_t:s0 tcontext=unconfined_u:system_r:dhcpd_t:s0 tclass=capability
----
time->Thu Oct  2 18:47:33 2014
type=SYSCALL msg=audit(1412290053.735:404): arch=c000003e syscall=93 success=no exit=-1 a0=6 a1=b1 a2=b1 a3=0 items=0 ppid=11180 pid=11181 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=8 comm="dhcpd" exe="/usr/sbin/dhcpd" subj=unconfined_u:system_r:dhcpd_t:s0 key=(null)
type=AVC msg=audit(1412290053.735:404): avc:  denied  { chown } for  pid=11181 comm="dhcpd" capability=0  scontext=unconfined_u:system_r:dhcpd_t:s0 tcontext=unconfined_u:system_r:dhcpd_t:s0 tclass=capability
----
time->Thu Oct  2 18:49:13 2014
type=SYSCALL msg=audit(1412290153.491:406): arch=c000003e syscall=93 success=no exit=-1 a0=6 a1=b1 a2=b1 a3=0 items=0 ppid=11349 pid=11350 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=8 comm="dhcpd" exe="/usr/sbin/dhcpd" subj=unconfined_u:system_r:dhcpd_t:s0 key=(null)
type=AVC msg=audit(1412290153.491:406): avc:  denied  { chown } for  pid=11350 comm="dhcpd" capability=0  scontext=unconfined_u:system_r:dhcpd_t:s0 tcontext=unconfined_u:system_r:dhcpd_t:s0 tclass=capability
----
time->Thu Oct  2 18:49:16 2014
type=SYSCALL msg=audit(1412290156.133:407): arch=c000003e syscall=93 success=no exit=-1 a0=6 a1=b1 a2=b1 a3=0 items=0 ppid=11368 pid=11369 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=8 comm="dhcpd" exe="/usr/sbin/dhcpd" subj=unconfined_u:system_r:dhcpd_t:s0 key=(null)
type=AVC msg=audit(1412290156.133:407): avc:  denied  { chown } for  pid=11369 comm="dhcpd" capability=0  scontext=unconfined_u:system_r:dhcpd_t:s0 tcontext=unconfined_u:system_r:dhcpd_t:s0 tclass=capability
Comment 6 Alexander Chuzhoy 2014-10-03 21:28:25 UTC 
Running "yum update -y" prior to install rhel-osp-installer seems to fix the issue.
Comment 7 Mike Burns 2014-10-03 21:31:29 UTC 
It appears some selinux package was out of date.  This works with everything on the latest versions.
Comment 8 Lukas Zapletal 2014-10-06 10:09:18 UTC 
Great, there is one known package to have some bugs in 7.0 gold (qpidd), now we see dhcpd (I suppose) on RHEL 7.0 gold too.