removing master patch as stable/queens patch is landed
When deploying OSP13 2018-03-29.1, I get a deployment failure at Step1: "Notice: /Stage[main]/Tripleo::Certmonger::Ca::Crl/Exec[tripleo-ca-crl-process-command]: Dependency File[tripleo-ca-crl] has failures: true", Which apparently is due to a SELinux denial: [root@compute-1 ~]# /usr/bin/getcert list -i libvirt-vnc-server-cert Number of certificates and requests being tracked: 4. Request ID 'libvirt-vnc-server-cert': status: NEED_CA_CERT_SAVE_PERMS stuck: yes key pair storage: type=FILE,location='/etc/pki/libvirt-vnc/server-key.pem' certificate: type=FILE,location='/etc/pki/libvirt-vnc/server-cert.pem' CA: IPA issuer: subject: expires: unknown pre-save command: post-save command: "systemctl reload libvirtd" track: yes auto-renew: yes [root@compute-1 ~]# grep -i denied /var/log/audit/audit.log type=AVC msg=audit(1522743223.463:133): avc: denied { create } for pid=15813 comm="certmonger" name="vnc.crt" scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2018:2086