Description of problem: Satellite-5.3.0-RHEL5-re20090403.2-i386-embedded-oracle.iso Monitoring, scout config push never completes if SELinux is enforcing. The *very* odd thing is that nothing is logged to the audit.log, so I guess it may *not* be a denial problem. This is an odd bug and I am not quite sure what exactly is going on. recreate: Turn SELinux to permissive: setup monitoring: Server: 1. Login as Sat admin 2. Enable Monitoring, under Admin -> Spacewalk/RHN Configuration, check Enable Monitoring, click Update 3. Enable Monitoring Scout, under Admin -> Spacewalk/RHN Configuration -> Monitoring, check Enable Monitoring Scout, click Update Config 4. Restart Spacewalk/RHN Satellite 5. Make sure /etc/init.d/Monitoring is started 6. From the server, su - nocpulse, scp the .ssh/nocpulse-identity.pub root@client:/tmp 7. This same key can also be found at Monitoring -> Scout Config Push -> RHN Monitoring Satellite Client: 5. Register a client, enable monitoring on the client 6. Alter system channel membership to include RHN Network Tools 7. Install rhnmd package on client and do service rhnmd start. 8. On the client, su - nocpulse, cat /tmp/nocpulse-identity.pub >> /opt/nocpulse/.ssh/authorized_keys 8.1 (SAT 5.3 CHANGE) On the client, su - nocpulse, cat /tmp/nocpulse-identity.pub >> /var/lib/nocpulse/.ssh/authorized_keys 9. restart the rhnmd, /etc/init.d/rhnmd restart 10. Go into the webui and push the scout config. should work successfully. Now: Turn SELinux back on to enforcing 11. push the scout config again. Results: The scout config push never completes AND Nothing is logged to audit.log very odd... Expected Results: Either the scout config push works, OR we get a denial or message in audit.log
Jan, can you please investigate this issue? I know that some events are not logged to audit.log, can you elaborate it?
If there is nothing in audit.log, it's unlikely to be SELinux related.
I just tried Scout push with spacewalk-monitoring-selinux-0.6.2-1 which fixes a couple of true SELinux bugs, and the push proceeds just fine, adding new probe, and the probe then starts to show the current state. Please advise if you want the bugzilla back for general investigation or monitoring oddity, or if I should just move it ON_QA.
OK. Please can you tried it again with new ISO? Jan - you can move it on ON_QA once new ISO will rolled out.
Moving ON_QA, with the latest ISO Satellite-5.3.0-RHEL?-re20090414.0.
NICE!!!! monitoring is working.. verified :)
this is failing in 5/29 build..
Created attachment 346243 [details] audit.log
This should have been fixed by my commit 249f66e71268a8f05ee376c989a51d1cdc719bce in https://bugzilla.redhat.com/show_bug.cgi?id=498611#c4
compose 20090612 moving ON_QA
verified 6/12.1 1 - 1 of 1 (0 selected) Config Status Scout Name Last Request Completed Ok RHN Satellite Monitoring Scout 2009-06-15 04:14:19 PM EDT 2009-06-15 04:15:18 PM EDT
Verified in stage -> RELEASE_PENDING
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-1434.html