Description of problem: When I try to start Pulp's Qpid broker with allowed SSL connections it can't connect to the port. Defalt port for the QPIDD SSL communication is 5674. As recommended by sealert semanage port -a -t amqp_port_t -p tcp 5674 did the trick. Version-Release number of selected component (if applicable): katello-0.1.230 How reproducible: Allways Steps to Reproduce: # add qpid-broker private key file to the nss db openssl rand -base64 24 > /etc/katello/pk12_password-file openssl pkcs12 -in /etc/pki/tls/certs/qpid-broker.crt -inkey /etc/pki/tls/private/qpid-broker.key -export -out broker.pfx -password "file:/etc/katello/pk12_password-file" pk12util -i broker.pfx -d /etc/pki/katello/nssdb/ -w /etc/katello/pk12_password-file -k /etc/katello/nss_db_password-file # install the missing qpid ssl packages yum install -y qpid-cpp-client-ssl qpid-cpp-server-store qpid-cpp-server-ssl # fix the QPID configuration cat >> /etc/qpidd.conf <<EOF require-encryption=yes ssl-require-client-authentication=yes ssl-port=5674 ssl-cert-db=/etc/pki/katello/nssdb ssl-cert-password-file=/etc/katello/nss_db_password-file ssl-cert-name=broker EOF # Make sure /etc/pki/katello/nssdb and its content and /etc/katello/nss_db_password-file is readable by qpidd user otherwise qpidd won't start #restart qpidd service qpidd restart lsof -i -P |grep qpidd Actual results: qpidd 20522 qpidd 11u IPv4 1606688 0t0 TCP *:5672 (LISTEN) Additional info: You can get the expected results by turning selinux permissive or running semanage port -a -t amqp_port_t -p tcp 5674 Expected results: qpidd 20522 qpidd 11u IPv4 1606688 0t0 TCP *:5672 (LISTEN) qpidd 20522 qpidd 14u IPv4 1606689 0t0 TCP *:5674 (LISTEN)
Until the policy is delivered in Pulp, we will add semanage call into our installer.
No its not done yet, those are just links to the RHUI tree.
This bug was solved and pushed. Was also fixing this issue. https://bugzilla.redhat.com/show_bug.cgi?id=761314
QA Verified. qpidd 1747 qpidd 10u IPv4 13449 0t0 TCP *:5672 (LISTEN) qpidd 1747 qpidd 13u IPv4 13450 0t0 TCP *:5674 (LISTEN) qpidd 1747 qpidd 15u IPv4 13651 0t0 TCP deploy12.rdu.redhat.com:5674->deploy12.rdu.redhat.com:46447 (ESTABLISHED)
rather - [root@deploy12 ~]# lsof -i -P |grep qpidd qpidd 7350 qpidd 10u IPv4 35272 0t0 TCP *:5672 (LISTEN) qpidd 7350 qpidd 13u IPv4 35273 0t0 TCP *:5674 (LISTEN)