Bug 855351 - aeolus-configure fails to complete on base RHEL 6.2
aeolus-configure fails to complete on base RHEL 6.2
Status: CLOSED ERRATA
Product: CloudForms Cloud Engine
Classification: Red Hat
Component: aeolus-configure (Show other bugs)
1.1.0
x86_64 Linux
unspecified Severity high
: rc
: ---
Assigned To: John Eckersberg
Giulio Fidente
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-09-07 09:46 EDT by Brett Thurber
Modified: 2012-12-04 10:18 EST (History)
4 users (show)

See Also:
Fixed In Version: aeolus-configure-2.8.6-1.el6cf
Doc Type: Bug Fix
Doc Text:
aeolus-configure previously set SELinux Boolean values with exec setsebool, which led to timeouts. This fix replaces the exec with Puppet's selboolean type method. This provides a successful setting of SELinux Boolean values without timeouts.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-12-04 10:18:42 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
/var/log/* (140.29 KB, application/x-compressed-tar)
2012-09-07 09:46 EDT, Brett Thurber
no flags Details
stdout from install and configure (73.58 KB, application/octet-stream)
2012-09-07 09:52 EDT, Brett Thurber
no flags Details

  None (edit)
Description Brett Thurber 2012-09-07 09:46:29 EDT
Created attachment 610720 [details]
/var/log/*

Description of problem:
aeolus-configure fails to complete with base RHEL 6.2 install.

Version-Release number of selected component (if applicable):
CF - 1.0.1
RHEL - 6.2

How reproducible:
Every time

Steps to Reproduce:
1.  Install RHEL 6.2
2.  Install aeolus-all
3.  Run aeolous-configure
  
Actual results:
aeolus-configure fails to complete.

Expected results:
aeolus-configure completes without error.

Additional info:
RHEL 6.3 works fine however is not officially supported.  There is no clear way to confine a RHEL 6.2 system to particular updates to support CF 1.0.1.
Comment 1 Brett Thurber 2012-09-07 09:52:04 EDT
Created attachment 610723 [details]
stdout from install and configure
Comment 3 John Eckersberg 2012-09-07 13:03:28 EDT
aeolus-configure enables the selinux boolean httpd_can_network_connect, since it uses httpd+mod_proxy as a frontend for the aeolus-conductor daemon.

aeolus-configure currently does this by using the Exec type with the setsebool command directly.  The Exec type has a default timeout of 300 seconds.  I have seen instances where the setsebool command can take longer than 300 seconds[1], and that seems to be the case in this instance.  From the provided stdout log:

err: /Stage[main]/Apache/Exec[permit-http-networking]/returns: change from notrun to 0 failed: Command exceeded timeout at /usr/share/aeolus-configure/modules/apache/manifests/init.pp:32

A 6.3 erratum probably addresses the root cause of setsebool being slow, which is why this would work on 6.3 but not on 6.2.

In any case, we really shouldn't be using Exec to call setsebool; puppet has a Selboolean type that is better suited.  Also, the Selboolean provider doesn't time out, so if this behavior is encountered then configure should still work properly, albeit slowly.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=811656 is a Fedora bug, but I suspect it might be applicable in this case as well.
Comment 5 Steve Reichard 2012-09-07 13:50:02 EDT
FYI,

We ahve only seen this when we install CF on 6.2GA that has teh update repo available.   If we do a yum update before the install of CF, it works.  The issue being the update brings the system to 6.2 and it is not cler if this is supported.

Earlier installs (pre-6.3), I always did the yum update and did not see this issue.

spr
Comment 6 Steve Reichard 2012-09-10 08:53:21 EDT
typos in comment 5,

Try again -


We have only seen this when we install CF on 6.2GA that has the update repo available. If we do a yum update before the install of CF, it works, and we dont' see the problem. The issue being that the update brings the system to 6.3 and it is not clear if this is supported.

Earlier installs (pre-6.3), I always did the yum update and did not see this issue.
Comment 7 John Eckersberg 2012-09-10 13:49:28 EDT
on 1.1 as commit 9ec8679
Comment 9 Giulio Fidente 2012-09-18 17:18:04 EDT
works for me as aeolus-configure-2.8.6-1.el6cf

[root@qeblade22 ~]# rpm -qa | grep aeolus-configure
aeolus-configure-2.8.6-1.el6cf.noarch
[root@qeblade22 ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 6.2 (Santiago)
[root@qeblade22 ~]#
Comment 11 errata-xmlrpc 2012-12-04 10:18:42 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2012-1516.html

Note You need to log in before you can comment on or make changes to this bug.