Description of problem: Enforcing SELinux doesn't allow to create a RH repo returning the permissions error. Version-Release number of selected component (if applicable): RHEL6 iso 20160791. It's not an issue on RHEL7 How reproducible: always Steps to Reproduce: 1. upload a cert 2. attempt to create a Red Hat repo 3. get the error Actual results: When SELinux is Permissive, evrth is OK: >> rhui (repo) => a Determining undeployed products... ... product list calculated Import Repositories: 1 - All in Certificate 2 - By Product 3 - By Repository Enter value (1-3) or 'b' to abort: 3 ..... Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) (Debug RPMs) from RHUI x 415: Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) (Debug RPMs) from RHUI (7Server-x86_64) (Yum) Enter value (1-415) to toggle selection, 'c' to confirm selections, or '?' for more commands: c The following product repositories will be deployed: Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) (Debug RPMs) from RHUI Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) (Debug RPMs) from RHUI (7Server-x86_64) (Yum) Proceed? (y/n) y Importing product repository Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) (Debug RPMs) from RHUI (7Server-x86_64)... Content will not be downloaded to the newly imported repositories until the next sync is run. ------------------------------------------------------------------------------ rhui (repo) => l Custom Repositories protected_repo selinux_repo unprotected_repo Red Hat Repositories Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) (Debug RPMs) from RHUI (7Server-x86_64) When SELinux is Enforcing: ..... Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) (Debug RPMs) from RHUI x 415: Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) (Debug RPMs) from RHUI (7Server-x86_64) (Yum) Enter value (1-415) to toggle selection, 'c' to confirm selections, or '?' for more commands: c The following product repositories will be deployed: Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) (Debug RPMs) from RHUI Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) (Debug RPMs) from RHUI (7Server-x86_64) (Yum) Proceed? (y/n) y Importing product repository Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) (Debug RPMs) from RHUI (7Server-x86_64)... Failed to create the rhel-rs-for-rhel-7-server-rhui-debug-rpms-7Server-x86_64 repository for the following reason: HTTP 500 [Errno 13] Permission denied: '/var/lib/pulp/importers/rhel-rs-for-rhel-7-server-rhui-debug-rpms-7Server-x86_64-yum_importer/pki/ca.crt'. 2016-07-20 13:05:43,467 - Unexpected error caught at the shell level Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/rhui/tools/shell.py", line 88, in safe_listen self.listen(clear=first_run) File "/usr/lib/python2.6/site-packages/rhui/tools/shell.py", line 122, in listen Shell.listen(self) File "/usr/lib/python2.6/site-packages/rhui/common/shell.py", line 186, in listen item.func(*args, **item.kwargs) File "/usr/lib/python2.6/site-packages/rhui/tools/screens/repo.py", line 650, in upload self.pulp.upload(repo_ids, rpm) File "/usr/lib/python2.6/site-packages/rhui/tools/pulp_api.py", line 850, in upload upload_id = self.upload_api.initialize_upload().response_body['upload_id'] File "/usr/lib/python2.6/site-packages/pulp/bindings/upload.py", line 14, in initialize_upload return self.server.POST(url) File "/usr/lib/python2.6/site-packages/pulp/bindings/server.py", line 100, in POST log_request_body=log_request_body, ignore_prefix=ignore_prefix) File "/usr/lib/python2.6/site-packages/pulp/bindings/server.py", line 166, in _request self._handle_exceptions(response_code, response_body) File "/usr/lib/python2.6/site-packages/pulp/bindings/server.py", line 204, in _handle_exceptions raise exceptions.PulpServerException(response_body) PulpServerException: RequestException: POST request on /pulp/api/v2/content/uploads/ failed with 500 - [Errno 13] Permission denied: '/var/lib/pulp/uploads/4c723950-a574-4ecd-a58e-62ad621a40f7' 2016-07-20 20:39:43,993 - Connecting to RHUA [rhua.eu-west-1.compute.internal]... 2016-07-20 20:39:43,997 - Successfully connected to [rhua.eu-west-1.compute.internal] Expected results: A RH repo can be created with Enforcing SELinux.
Based on the output of semodule -l, it appears the rh-rhua selinux policy is not getting loaded on RHEL-6 environments. RHEL-6: RHEL-7: remotelogin 1.7.0 │remotelogin 1.8.0 rhcs 1.1.0 │rh-rhua 0.1.12.1 rhev 1.0 │rhcs 1.2.1 This is due to a requires issue for 'type_unreserved_port_t', which didn't get created for selinux till after RHEL-6 was released.
on RHEL6 iso 20160727 The following products will be deployed: Beta RHEL RHUI Everything 7 Debug Proceed? (y/n) y >> semodule -l | grep rh rh-rhua 0.1.13.1 rhcs 1.1.0 rhev 1.0 rhgb 1.9.0 rhnsd 1.0.0 rhsmcertd 1.0.0 userhelper 1.5.0 >> getenforce Enforcing >> adding RH repo: Importing Beta RHEL RHUI Everything 7 Debug... Importing product repository Beta RHEL RHUI Everything 7 Debug (x86_64)... Failed to create the beta-rhel-rhui-everything-7-debug-x86_64 repository for the following reason: HTTP 500 [Errno 13] Permission denied: '/var/lib/pulp/importers'. >> less /var/log/httpd/pulp-https_access_ssl.log 10.86.173.111 - - [28/Jul/2016:07:27:14 -0400] "POST /pulp/api/v2/repositories/ HTTP/1.1" 500 2958 "-" "-" 10.86.173.111 - - [28/Jul/2016:07:28:00 -0400] "GET /pulp/api/v2/repo_groups/redhat/ HTTP/1.1" 404 385 "-" "-" 10.86.173.111 - - [28/Jul/2016:07:28:17 -0400] "GET /pulp/api/v2/repositories/ HTTP/1.1" 200 752 "-" "-" 10.86.173.111 - - [28/Jul/2016:07:28:17 -0400] "POST /pulp/api/v2/repositories/ HTTP/1.1" 500 2958 "-" "-" 10.86.173.111 - - [28/Jul/2016:07:45:51 -0400] "PUT /pulp/api/v2/users/admin/ HTTP/1.1" 200 160 "-" "-" 10.86.173.111 - - [28/Jul/2016:07:46:02 -0400] "POST /pulp/api/v2/actions/login/ HTTP/1.1" 200 1926 "-" "-" No error is displayed in ./.rhui/rhui.log --------------------------------------------------- with Permissive SELinux, evrth is ok: The following products will be deployed: Red Hat Enterprise Linux Update Infrastructure VSA RHEL 6.1 (RPMS) Red Hat Enterprise Linux Update Infrastructure VSA RHEL 6.1 (SRPMS) Red Hat Storage 2 VSA Beta (Debug RPMs) from RHUI Red Hat Storage 2 VSA Beta (RPMs) from RHUI Red Hat Storage 2 VSA Beta (Source RPMs) from RHUI Red Hat Storage 2.0 (RPMs) for RHUI Proceed? (y/n) y Importing Red Hat Enterprise Linux Update Infrastructure VSA RHEL 6.1 (RPMS)... Importing product repository Red Hat Enterprise Linux Update Infrastructure VSA RHEL 6.1 (RPMS) (x86_64)... Importing Red Hat Enterprise Linux Update Infrastructure VSA RHEL 6.1 (SRPMS)... Importing product repository Red Hat Enterprise Linux Update Infrastructure VSA RHEL 6.1 (SRPMS) (x86_64)... Importing Red Hat Storage 2 VSA Beta (Debug RPMs) from RHUI... Importing product repository Red Hat Storage 2 VSA Beta (Debug RPMs) from RHUI (x86_64)... Importing Red Hat Storage 2 VSA Beta (RPMs) from RHUI... Importing product repository Red Hat Storage 2 VSA Beta (RPMs) from RHUI (x86_64)... Importing Red Hat Storage 2 VSA Beta (Source RPMs) from RHUI... Importing product repository Red Hat Storage 2 VSA Beta (Source RPMs) from RHUI (x86_64)... Importing Red Hat Storage 2.0 (RPMs) for RHUI... Importing product repository Red Hat Storage 2.0 (RPMs) for RHUI (x86_64)... Content will not be downloaded to the newly imported repositories until the next sync is run. ------------------------------------------------------------------------------ rhui (repo) => l Custom Repositories protected_repo1 unprotected_repo1 Red Hat Repositories Red Hat Storage 2 VSA Beta (Debug RPMs) from RHUI (x86_64) Red Hat Storage 2 VSA Beta (RPMs) from RHUI (x86_64) Red Hat Storage 2 VSA Beta (Source RPMs) from RHUI (x86_64) Red Hat Storage 2.0 (RPMs) for RHUI (x86_64) Red Hat Enterprise Linux Update Infrastructure VSA RHEL 6.1 (RPMS) (x86_64) Red Hat Enterprise Linux Update Infrastructure VSA RHEL 6.1 (SRPMS) (x86_64)
RH repo creation works fine on RHEL6 and RHEL7 ISOes 20160823, checked for NFS and Gluster On RHEL6.8, Gluster: Enter value (1-196) to toggle selection, 'c' to confirm selections, or '?' for more commands: 123-124 Select the product repositories to be deployed to the RHUI (only undeployed products are displayed): .... The following product repositories will be deployed: RHUI RHEL 6 (resilientstorage debug) RHUI RHEL 6 (resilientstorage debug) (6Server-i386) (Yum) RHUI RHEL 6 (resilientstorage debug) (6Server-x86_64) (Yum) Proceed? (y/n) y Importing product repository RHUI RHEL 6 (resilientstorage debug) (6Server-i386)... Importing product repository RHUI RHEL 6 (resilientstorage debug) (6Server-x86_64)... Content will not be downloaded to the newly imported repositories until the next sync is run. ------------------------------------------------------------------------------ rhui (repo) => l Custom Repositories protected_repo1 unprotected_repo1 Red Hat Repositories RHUI RHEL 6 (resilientstorage debug) (6Server-i386) RHUI RHEL 6 (resilientstorage debug) (6Server-x86_64)
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:0367