[Pulp-list] [E] Re: Receiving error when trying to publish any rpm repo.

Mcnabb, Dustin dustin.mcnabb at verizon.com
Wed Nov 9 20:28:26 UTC 2016 

Brian –


Thanks for your response. You are right that I don’t seem to have the selinux-policy-devel package. Although I do have a number of seemingly related packages, but I don’t need nor intend to use selinux on this particular test server.  I tried getenforce again with the same result. I also provided the instructions from 2326 that I followed below. Another interesting aspect of this issue: I rebooted the box to ensure that selinux was in fact disabled, which it was, but I noticed that my first publish attempt is actually partially successful. All subsequent attempts fail immediately. This also happens by just restarting the pulp services. You don't have to reboot. In discussing this with Sean Meyers it seems I have a variant of https://pulp.plan.io/issues/2387 that doesn’t depend on selinux being enabled. I have been told they are working on a hotfix for that. At this point I am just wondering if it is possible to revert to 2.10 while I wait for the full solution in 2.10.2. Thanks.

[root at pulp-server:~]# getenforce
Disabled
[root at pulp-server:~]# rpm -qa |grep -i selinux
selinux-policy-targeted-3.7.19-292.el6.noarch
libselinux-2.0.94-7.el6.i686
libselinux-ruby-2.0.94-7.el6.x86_64
libselinux-devel-2.0.94-7.el6.x86_64
selinux-policy-3.7.19-292.el6.noarch
libselinux-python-2.0.94-7.el6.x86_64
libselinux-2.0.94-7.el6.x86_64
pulp-selinux-2.10.1-1.el6.noarch
libselinux-utils-2.0.94-7.el6.x86_64

# Instructions I followed from 2326. I also rebooted this test machine for good measure.
$ getenforce
Enforcing
$ setenforce 0
$ echo > /var/log/audit/audit.log
$ semodule -R

From: Brian Bouterse [mailto:bbouters at redhat.com]
Sent: Wednesday, November 09, 2016 11:41 AM
To: Mcnabb, Dustin
Cc: pulp-list at redhat.com
Subject: [E] Re: [Pulp-list] Receiving error when trying to publish any rpm repo.

Hi Dustin,
I believe the 2.10.2 and 2.11 GA releases allow you to upgrade from 2.10.1. If you can't restore from backups onto a fresh 2.10.0 GA install, I would recommend upgrading to the 2.10.2 once that is GA. You could also try the 2.10.2 beta or 2.11 beta.
You're showing what looks like an SELinux error, but sestatus shows disabled. Does audit.log also show errors when your publish fails? Also what does `sudo getenforce` show? It would be good to confirm that SELinux is really not set to "Enforcing" on your system.
You mention you applied the fix from 2326. What changes did you make in that area?
Also regarding the /etc/selinux/targeted/policy/policy.24 stuff, maybe you are missing the selinux-policy-devel package?
-Brian


On Tue, Nov 8, 2016 at 1:53 PM, Mcnabb, Dustin <dustin.mcnabb at verizon.com<mailto:dustin.mcnabb at verizon.com>> wrote:
So I upgraded to 2.10.1 and managed to get past the failing db migration, but now I am finding I can't even publish a repo, and I suspect other issues might exist. I have documented my troubleshooting steps below, and I verified these issues don't exist on another pulp server running 2.10.0. Ultimately, I am wondering if I can revert to 2.10.0 cleanly, or if I need to upgrade to a beta version and whether that should be 2.10.2 or 2.11.0 Beta 2?

[root at pulp-server]# pulp-admin rpm repo publish run --repo-id redhat-6-x86_64-os
+----------------------------------------------------------------------+
               Publishing Repository [redhat-6-x86_64-os]
+----------------------------------------------------------------------+

This command may be exited via ctrl+c without affecting the request.


Initializing repo metadata
[-]
... completed

Publishing Distribution files
[-]
... completed

Publishing RPMs
[==================================================] 100%
4023 of 4023 items
... completed

Publishing Delta RPMs
... skipped

Publishing Errata
[==================================================] 100%
3712 of 3712 items
... completed

Publishing Comps file
[==================================================] 100%
213 of 213 items

Task Failed

[Errno 1] Operation not permitted


Nov  8 15:56:02 pulp-server pulp: pulp.server.async.tasks:INFO: Task failed : [17ecfada-b3a3-42cc-a2b1-74aec4fc9231]
Nov  8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832) Task pulp.server.managers.repo.publish.publish[id] raised unexpected: OSError(1, 'Operation not permitted')
Nov  8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832) Traceback (most recent call last):
Nov  8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832)   File "/usr/lib/python2.6/site-packages/celery/app/trace.py", line 240, in trace_task
Nov  8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832)     R = retval = fun(*args, **kwargs)
Nov  8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832)   File "/usr/lib/python2.6/site-packages/pulp/server/async/tasks.py", line 488, in __call__
Nov  8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832)     return super(Task, self).__call__(*args, **kwargs)
Nov  8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832)   File "/usr/lib/python2.6/site-packages/pulp/server/async/tasks.py", line 103, in __call__
Nov  8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832)     return super(PulpTask, self).__call__(*args, **kwargs)
Nov  8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832)   File "/usr/lib/python2.6/site-packages/celery/app/trace.py", line 437, in __protected_call__
Nov  8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832)     return self.run(*args, **kwargs)
Nov  8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832)   File "/usr/lib/python2.6/site-packages/pulp/server/controllers/repository.py", line 1095, in publish
Nov  8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832)     result = check_publish(repo_obj, dist_id, dist_inst, transfer_repo, conduit, call_config)
Nov  8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832)   File "/usr/lib/python2.6/site-packages/pulp/server/controllers/repository.py", line 1187, in check_publish
Nov  8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832)     result = _do_publish(repo_obj, dist_id, dist_inst, transfer_repo, conduit, call_config)
Nov  8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832)   File "/usr/lib/python2.6/site-packages/pulp/server/controllers/repository.py", line 1239, in _do_publish
Nov  8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832)     publish_report = publish_repo(transfer_repo, conduit, call_config)
Nov  8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832)   File "/usr/lib/python2.6/site-packages/pulp/server/async/tasks.py", line 673, in wrap_f
Nov  8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832)     return f(*args, **kwargs)
Nov  8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832)   File "/usr/lib/python2.6/site-packages/pulp_rpm/plugins/distributors/yum/distributor.py", line 174, in publish_repo
Nov  8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832)     return self._publisher.process_lifecycle()
Nov  8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832)   File "/usr/lib/python2.6/site-packages/pulp/plugins/util/publish_step.py", line 566, in process_lifecycle
Nov  8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832)     super(PluginStep, self).process_lifecycle()
Nov  8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832)   File "/usr/lib/python2.6/site-packages/pulp/plugins/util/publish_step.py", line 163, in process_lifecycle
Nov  8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832)     step.process()
Nov  8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832)   File "/usr/lib/python2.6/site-packages/pulp/plugins/util/publish_step.py", line 253, in process
Nov  8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832)     self._process_block()
Nov  8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832)   File "/usr/lib/python2.6/site-packages/pulp/plugins/util/publish_step.py", line 297, in _process_block
Nov  8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832)     self.process_main()
Nov  8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832)   File "/usr/lib/python2.6/site-packages/pulp/plugins/util/publish_step.py", line 905, in process_main
Nov  8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832)     selinux.restorecon(timestamp_master_dir.encode('utf-8'), recursive=True)
Nov  8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832)   File "/usr/lib64/python2.6/site-packages/selinux/__init__.py", line 83, in restorecon
Nov  8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832)     lsetfilecon(path, context)
Nov  8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832) OSError: [Errno 1] Operation not permitted

# I confirmed that selinux is disabled on this test server
[root at pulp-server:~]# sestatus
SELinux status:                 disabled

# I tried running restorecon recursively as root as described here
https://www.redhat.com/archives/pulp-list/2016-May/msg00054.html

# There was no stdout or stderr, and it had no affect on the problem.
[root at pulp-server:pulp]# restorecon -R /etc/pki/pulp

# Running pulp 2.10.1 I tried the fix documented here
https://pulp.plan.io/issues/2326

# I got this error and publish still fails with same error.

[root at pulp-server:~]# semodule -R
SELinux:  Could not downgrade policy file /etc/selinux/targeted/policy/policy.24, searching for an older version.
SELinux:  Could not open policy file <= /etc/selinux/targeted/policy/policy.24:  No such file or directory
libsemanage.semanage_reload_policy: load_policy returned error code 2. (No such file or directory).

# The policy.24 files does in fact exist despite the error to the contrary
[root at pulp-server:~]# ls -al /etc/selinux/targeted/policy/policy.24
-rw-r--r-- 1 root root 8424080 Oct 28 19:31 /etc/selinux/targeted/policy/policy.24
Dustin

_______________________________________________
Pulp-list mailing list
Pulp-list at redhat.com<mailto:Pulp-list at redhat.com>
https://www.redhat.com/mailman/listinfo/pulp-list

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20161109/dc6bb087/attachment.htm>

More information about the Pulp-list mailing list