Description of problem: when trying to install RHOS 13, undercloud installation fails. Version-Release number of selected component (if applicable): 2018-01-03.2 (current latest) How reproducible: try installing undercloud Steps to Reproduce: 1. 2. 3. Actual results: 2018-01-09 07:35:42,632 INFO: find: '/home/.ssh/': No such file or directory 2018-01-09 07:35:42,633 INFO: + selinux_wrong_permission= 2018-01-09 07:35:42,634 INFO: [2018-01-09 07:35:42,633] (os-refresh-config) [ERROR] during post-configure phase. [Command '['dib-run-parts', '/usr/libexec/os-refresh-config/post-configure.d']' returned non-zero exit status 1] 2018-01-09 07:35:42,634 INFO: 2018-01-09 07:35:42,634 INFO: [2018-01-09 07:35:42,633] (os-refresh-config) [ERROR] Aborting... 2018-01-09 07:35:42,640 DEBUG: An exception occurred Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/instack_undercloud/undercloud.py", line 1875, in install _run_orc(instack_env) File "/usr/lib/python2.7/site-packages/instack_undercloud/undercloud.py", line 1391, in _run_orc _run_live_command(args, instack_env, 'os-refresh-config') File "/usr/lib/python2.7/site-packages/instack_undercloud/undercloud.py", line 606, in _run_live_command raise RuntimeError('%s failed. See log for details.' % name) RuntimeError: os-refresh-config failed. See log for details. 2018-01-09 07:35:42,641 ERROR: ############################################################################# Undercloud install failed. Reason: os-refresh-config failed. See log for details. See the previous output for details about what went wrong. The full install log can be found at /home/stack/.instack/install-undercloud.log. ############################################################################# Expected results: Undercloud installs successfully Additional info: [root@undercloud-0 audit]# sealert -a audit.log 100% done found 1 alerts in audit.log -------------------------------------------------------------------------------- SELinux is preventing /usr/lib64/erlang/erts-7.3.1.4/bin/inet_gethost from read access on the file unix. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that inet_gethost should be allowed read access on the unix file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'inet_gethost' --raw | audit2allow -M my-inetgethost # semodule -i my-inetgethost.pp Additional Information: Source Context system_u:system_r:rabbitmq_t:s0 Target Context system_u:object_r:proc_net_t:s0 Target Objects unix [ file ] Source inet_gethost Source Path /usr/lib64/erlang/erts-7.3.1.4/bin/inet_gethost Port <Unknown> Host <Unknown> Source RPM Packages erlang-erts-18.3.4.7-1.el7ost.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-166.el7_4.7.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name undercloud-0.redhat.local Platform Linux undercloud-0.redhat.local 3.10.0-693.11.6.el7.x86_64 #1 SMP Thu Dec 28 14:23:39 EST 2017 x86_64 x86_64 Alert Count 2 First Seen 2018-01-09 07:26:30 EST Last Seen 2018-01-09 07:26:32 EST Local ID 834df1a6-4978-4987-ae91-57e399ddd7bb Raw Audit Messages type=AVC msg=audit(1515500792.651:615): avc: denied { read } for pid=13941 comm="inet_gethost" name="unix" dev="proc" ino=4026532003 scontext=system_u:system_r:rabbitmq_t:s0 tcontext=system_u:object_r:proc_net_t:s0 tclass=file type=SYSCALL msg=audit(1515500792.651:615): arch=x86_64 syscall=access success=no exit=EACCES a0=7ffef354f880 a1=4 a2=7ffef354f88e a3=3 items=0 ppid=13940 pid=13941 auid=4294967295 uid=996 gid=993 euid=996 suid=996 fsuid=996 egid=993 sgid=993 fsgid=993 tty=(none) ses=4294967295 comm=inet_gethost exe=/usr/lib64/erlang/erts-7.3.1.4/bin/inet_gethost subj=system_u:system_r:rabbitmq_t:s0 key=(null) Hash: inet_gethost,rabbitmq_t,proc_net_t,file,read setting selinux to permissive allows to pass this stage.
Latest puddle (2018-02-07.4) installs undercloud successfully.
No doc text required.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2018:2086