Bug 1190059
| Summary: | Navigating 'All containers' menu after creating a internal docker compute resource with unix:///var/run/docker.sock raises: 500 ISE | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Sachin Ghai <sghai> | ||||||
| Component: | WebUI | Assignee: | Daniel Lobato Garcia <dlobatog> | ||||||
| WebUI sub component: | Katello | QA Contact: | Og Maciel <omaciel> | ||||||
| Status: | CLOSED CURRENTRELEASE | Docs Contact: | |||||||
| Severity: | high | ||||||||
| Priority: | high | CC: | bbuckingham, daviddavis, erezende, jaudet, omaciel, paji, sghai, sthirugn | ||||||
| Version: | Unspecified | Keywords: | Triaged | ||||||
| Target Milestone: | Unspecified | ||||||||
| Target Release: | Unused | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| URL: | http://projects.theforeman.org/issues/9275 | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | |||||||||
| : | 1192614 (view as bug list) | Environment: | |||||||
| Last Closed: | 2015-08-12 13:59:34 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 1190289 | ||||||||
| Attachments: |
|
||||||||
|
Description
Sachin Ghai
2015-02-06 08:34:47 UTC
I can also trigger this error by doing the following:
1. Create a compute resource with the following attributes:
name: some-compute-resource
provider: Docker
url: https://localhost:4243
2. Navigate to Containers > All Containers
Here's the stack trace I get:
String does not start with the prefix 'encrypted-', so ForemanDocker::Docker some-compute-resource was not decrypted
Rendered /opt/rh/ruby193/root/usr/share/gems/gems/foreman_docker-1.0.1/app/views/containers/_list.html.erb (71.5ms)
Rendered /opt/rh/ruby193/root/usr/share/gems/gems/foreman_docker-1.0.1/app/views/containers/index.html.erb within layouts/application (646.0ms)
Operation FAILED: Permission denied - connect(2) (Errno::EACCES)
Rendered common/500.html.erb within layouts/application (241.4ms)
Rendered layouts/base.html.erb (1.7ms)
Completed 500 Internal Server Error in 1287ms (Views: 273.7ms | ActiveRecord: 1.2ms)
Created redmine issue http://projects.theforeman.org/issues/9275 from this bug Need info - 1) Was docker running - service docker status OR "docker images" actually showing up ok and not showing errors on the host 2) What was in your /etc/sysconfig/docker OPTIONS=--selinux-enabled -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock ??? 3) Its probably a documentation thing, but you need that -H tcp://0.0.0.0:2375 if you want to use https://localhost:4243 Correction you need that "-H tcp://0.0.0.0:4243" if you want to use https://localhost:4243 Curious about the setup. Are you running docker on the same machine as the satellite. If so you probably need to add docker group to foreman user if you want to use -H unix:///var/run/docker.sock. Alternatively you can add OPTIONS=--selinux-enabled -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock in /etc/sysconfig/docker and create a compute resource with https://localhost:2375 (In reply to Partha Aji from comment #7) > If so you probably need to add docker group to foreman user if > you want to use -H unix:///var/run/docker.sock. IIRC, this is the problem I had. We use automation-tools to setup docker on every Satellite installation. In [1] you can find the complete task which setups Docker. The relevant part is that we add the following options to the daemon `--selinux-enabled=true --host tcp://0.0.0.0:2375 --host unix:///var/run/docker.sock`. But we don't add docker group to foreman user. I think Satellite could be smart enough to check if it can connect to a unix:///var/run/docker.sock socket and provide better feedback if it can't. When I tested, test connection does not say anything when I use the unix socket path. [1] https://github.com/SatelliteQE/automation-tools/blob/master/automation_tools/__init__.py#L226-L280 +1 to better errors. The whole compute resource stuff is hard to use because of bad error/success reporting when setting up and editing a compute resource. Should be fixed when -> https://github.com/theforeman/foreman-docker/pull/83 gets merged Moving to POST since upstream bug http://projects.theforeman.org/issues/9275 has been closed Should be fixed with https://github.com/theforeman/foreman-docker/pull/85 .. You will see an error message now saying "cant connect" but wont result in an ISE. Created attachment 1006870 [details]
No longer getting a 500 and error page.
The fix is: even though you can create a docker-based compute resource with incorrect URL value, Satellite will no longer ISE. Instead, the user will see an error message next to the compute resource.
Verified by QE (see comment #15 above) using Satellite-6.1.0-RHEL-7-20150324.0 build. This bug is slated to be released with Satellite 6.1. This bug was fixed in version 6.1.1 of Satellite which was released on 12 August, 2015. |