Hide Forgot
Description of problem: Add a rule in Pulp's SELinux policy to label 5674 Recommended: semanage port -a -t amqp_port_t -p tcp 5674
committed to pulp master e179da00b6371dea063c61ac35f0e409f0084bc0
build: 0.267
qpidd (which is what needs port 5674) is not configured to be running over SSL by default with Pulp. It is left as an exercise to the end user to setup qpidd over SSL, and write your own SELinux policy so that it will actually work. That being said, I think writing out a test plan and documenting that would be a significant effort that doesn't really need to block v1 at this point. We have a plan to document this process better on the wiki and draw attention to it so that users will know how to do it. For now, a simple verification that the port got labelled correctly will be sufficient. You can run: # semanage port -l | grep amqp amqp_port_t tcp 5674, 5671, 5672 amqp_port_t udp 5674, 5671, 5672 The output should show that 5674 has been labelled amqp_port_t as it does above. Note: You may need to install the policycoreutils-python package which provides semanage.
looks like 5674 is missing on my rhel6 pulp box [root@katello-test ~]# semanage port -l | grep amqp amqp_port_t tcp 5671, 5672 amqp_port_t udp 5671, 5672 [root@katello-test ~]# rpm -qa |grep pulp m2crypto-0.21.1.pulp-7.el6.x86_64 python-oauth2-1.5.170-2.pulp.el6.noarch pulp-common-0.0.267-2.el6.noarch mod_wsgi-3.3-3.pulp.el6.x86_64 pulp-client-lib-0.0.267-2.el6.noarch pulp-selinux-server-0.0.267-1.el6.noarch pulp-0.0.267-2.el6.noarch pulp-admin-0.0.267-2.el6.noarch
Can you try updating pulp-selinux-server and see if that fixes it? pulp-selinux-server-0.0.267-2 is available in the v1 repos, I'm not sure why you don't already have it.
verified updating pulp-linux-server fixed the issue [root@katello-test ~]# yum update pulp-selinux-server Loaded plugins: rhnplugin This system is not registered with RHN. RHN Satellite or RHN Classic support will be disabled. Setting up Update Process Resolving Dependencies --> Running transaction check ---> Package pulp-selinux-server.noarch 0:0.0.267-1.el6 will be updated ---> Package pulp-selinux-server.noarch 0:0.0.267-2.el6 will be an update --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Updating: pulp-selinux-server noarch 0.0.267-2.el6 pulp-v1-testing 38 k Transaction Summary ================================================================================ Upgrade 1 Package(s) Total download size: 38 k Is this ok [y/N]: y Downloading Packages: pulp-selinux-server-0.0.267-2.el6.noarch.rpm | 38 kB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Updating : pulp-selinux-server-0.0.267-2.el6.noarch 1/2 Enabling port 5674 for qpidd Cleanup : pulp-selinux-server-0.0.267-1.el6.noarch 2/2 Updated: pulp-selinux-server.noarch 0:0.0.267-2.el6 Complete! [root@katello-test ~]# [root@katello-test ~]# semanage port -l | grep amqp amqp_port_t tcp 5674, 5671, 5672 amqp_port_t udp 5674, 5671, 5672 [root@katello-test ~]#
Pulp v1.0 is released Closed Current Release.
Pulp v1.0 is released.