Hide Forgot
Description of problem: When publishing CV on puppet4 Satellite it fails with PLP0034: The distributor Default_Organization-Library-RHEL_7_2_Server_x86_64 indicated a failed response when publishing repository Default_Organization-Library-RHEL_7_2_Server_x86_64 In task detail we have Actions::Pulp::Repository::DistributorPublish failed to create destination directory: [Errno 13] Permission denied: '/etc/puppetlabs/code/environments/KT_Default_Organization_Library_RHEL_7_2_Server_x86_64_2/' It is caused by SELinux. Puppet4 has environments in different location and we have to adjust Selinux policy to cope with it. Version-Release number of selected component (if applicable): 6.3.0 snap3 (with manually pre-installed puppet4) How reproducible: always Steps to Reproduce: 1. Have satellite running on puppet4 2. Create CV with repos and Publish it. Actual results: Selinux policy prevents publish task to succeed Expected results: Publish task successfully finishes Additional info: workaround is to set selinux perms manually # semanage fcontext -a -t puppet_etc_t '/etc/puppetlabs(/.*)?' # restorecon -rv /etc/puppetlabs
Satellite doesnt use puppet-selinux and relies on rhel policy. And the required selinux policy change was added for RHEL7.3: # bkrsh semanage fcontext -l | grep puppet_etc_t /etc/puppet(/.*)? all files system_u:object_r:puppet_etc_t:s0 /etc/puppetlabs(/.*)? all files system_u:object_r:puppet_etc_t:s0 <<< this was added >>> /etc/puppetlabs/ has set puppet_etc_t type
RHEL7.3 policy was fixed by BZ #1369938
RHEL6.8 policy will be fixed by BZ #1386181 (cloned) Or it could be RHEL6.9 policy - it depends on Satellite6.3 GA
Tentatively closing as RHEL provides this policy in all Satellite supported versions. Please reopen and set a needinfo on me or lzap if it needs anything else done on our side.