Bug 1659678 - Grafana unable to fetch data after updating graphite-web to 1.x.x
Summary: Grafana unable to fetch data after updating graphite-web to 1.x.x
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Gluster Storage
Classification: Red Hat
Component: web-admin-tendrl-selinux
Version: rhgs-3.4
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: RHGS 3.4.z Batch Update 3
Assignee: Timothy Asir
QA Contact: Daniel Horák
URL:
Whiteboard:
Keywords: ZStream
Depends On:
Blocks: 1658702
TreeView+ depends on / blocked
 
Reported: 2018-12-15 03:29 UTC by gowtham
Modified: 2019-02-04 07:44 UTC (History)
6 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2019-02-04 07:43:46 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:0265 None None None 2019-02-04 07:44 UTC

Description gowtham 2018-12-15 03:29:40 UTC
Description of problem:
After upgrading graphite-web 0.x.x to graphite 1.x.x no monitoring data populated in grafana dashboard. But if I switch SELinux to permissive mode then I can see all monitoring data in grafana dashboard.
 

Version-Release number of selected component (if applicable):


How reproducible:
100% with graphite-web 1.x.x

Steps to Reproduce:
1. update packages to:
     graphite-web-1.1.4-1.el7rhgs.noarch.rpm
     python-cachetools-1.0.3-1.el7.noarch.rpm
     python-carbon-1.1.4-1.el7rhgs.noarch.rpm
     python-django-tagging-0.4.6-1.el7rhgs.noarch.rpm
     python-scandir-1.3-1.el7rhgs.x86_64.rpm
     python-whisper-1.1.4-1.el7rhgs.noarch.rpm
     python2-django-1.11.15-1.el7rhgs.noarch.rpm
2. run tendrl-upgrade script to initialize graphite-db
3. reboot the tendrl-server
4. Open grafana dashbaord, it won't show any monitoring data
5. type: setenforce 0
6. then all monitoring-data will present in grafana

Actual results:
Grafana dashboard not showing any data when SELinux is in enforcing 

Expected results:
grafana should show data when SELinux is in enforcing 

Additional info:

Comment 2 Timothy Asir 2018-12-17 05:11:55 UTC
It failed to show the graphical data due to denied access for the link files by the selinux.
The following are the selinux log:

type=AVC msg=audit(1544435268.923:7161): avc:  denied  { read } for  pid=5701 comm="httpd" name="7167366d-26be-4bd5-9662-d6e6fc798480" dev="vda1" ino=923681 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:carbon_var_lib_t:s0 tclass=lnk_file permissive=0

Fix patch sent to upstream: https://github.com/Tendrl/tendrl-selinux/pull/11

Comment 3 Martin Bukatovic 2018-12-17 12:29:45 UTC
This change is necessary because of BZ 1658702. It will be tested via regression testing for update and installation scenarios.

Comment 6 Daniel Horák 2019-01-11 13:57:00 UTC
Tested on both freshly installed (RHGS WA 3.4.3) and updated (from RHGS WA
3.4.2 to 3.4.3) cluster.

Monitoring data are available on the dashboards as expected.

No AVC denial message related to httpd is in audit.log

# cat  /var/log/audit/audit.log | grep AVC | grep httpd 
# 

Versions of related packages:
  carbon-selinux-1.5.4-3.el7rhgs.noarch
  graphite-web-1.1.4-1.el7rhgs.noarch
  python2-django-1.11.15-1.1.el7rhgs.noarch
  python-cachetools-1.0.3-1.1.el7rhgs.noarch
  python-carbon-1.1.4-1.el7rhgs.noarch
  python-django-tagging-0.4.6-1.el7rhgs.noarch
  python-scandir-1.3-1.el7rhgs.x86_64
  python-whisper-1.1.4-1.el7rhgs.noarch
  tendrl-ansible-1.6.3-11.el7rhgs.noarch
  tendrl-api-1.6.3-8.el7rhgs.noarch
  tendrl-api-httpd-1.6.3-8.el7rhgs.noarch
  tendrl-commons-1.6.3-14.el7rhgs.noarch
  tendrl-grafana-plugins-1.6.3-18.el7rhgs.noarch
  tendrl-grafana-selinux-1.5.4-3.el7rhgs.noarch
  tendrl-monitoring-integration-1.6.3-18.el7rhgs.noarch
  tendrl-node-agent-1.6.3-13.el7rhgs.noarch
  tendrl-notifier-1.6.3-4.el7rhgs.noarch
  tendrl-selinux-1.5.4-3.el7rhgs.noarch
  tendrl-ui-1.6.3-14.el7rhgs.noarch

>> VERIFIED

Comment 8 errata-xmlrpc 2019-02-04 07:43:46 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:0265


Note You need to log in before you can comment on or make changes to this bug.