Issue #1292
closedcelery NFS selinux issue
Description
Apologies if this is a duplicate, but I could not find an existing ticket for it.
- rpm -qa | egrep '(pulp|selinux)' | sort
libselinux-2.0.94-5.3.el6_4.1.x86_64
libselinux-python-2.0.94-5.3.el6_4.1.x86_64
libselinux-ruby-2.0.94-5.3.el6_4.1.x86_64
libselinux-utils-2.0.94-5.3.el6_4.1.x86_64
mod_wsgi-3.4-2.pulp.el6.x86_64
pulp-admin-client-2.5.3-1.el6.noarch
pulp-docker-admin-extensions-0.2.1-1.el6.noarch
pulp-docker-plugins-0.2.1-1.el6.noarch
pulp-selinux-2.5.3-1.el6.noarch
pulp-server-2.5.3-1.el6.noarch
python-isodate-0.5.0-4.pulp.el6.noarch
python-kombu-3.0.24-5.pulp.el6ui.noarch
python-pulp-bindings-2.5.3-1.el6.noarch
python-pulp-client-lib-2.5.3-1.el6.noarch
python-pulp-common-2.5.3-1.el6.noarch
python-pulp-docker-common-0.2.1-1.el6.noarch
selinux-policy-3.7.19-231.el6_5.3.noarch
selinux-policy-targeted-3.7.19-231.el6_5.3.noarch
Starting pulp_celerybeat...
+ chuid --scheduler=pulp.server.async.scheduler.Scheduler
--workdir=/var/lib/pulp/celery/ -f /var/log/pulp/celerybeat.log -l
INFO --detach --pidfile=/var/run/pulp/celerybeat.pid
+ su - apache -s /bin/sh -c 'celery beat
--scheduler=pulp.server.async.scheduler.Scheduler
--workdir=/var/lib/pulp/celery/ -f /var/log/pulp/celerybeat.log -l
INFO --detach --pidfile=/var/run/pulp/celerybeat.pid'
Traceback (most recent call last):
File "/usr/bin/celery", line 9, in <module>
load_entry_point('celery==3.1.11', 'console_scripts', 'celery')()
File "/usr/lib/python2.6/site-packages/celery/_main__.py", line
30, in main
main()
File "/usr/lib/python2.6/site-packages/celery/bin/celery.py", line
81, in main
cmd.execute_from_commandline(argv)
File "/usr/lib/python2.6/site-packages/celery/bin/celery.py", line
769, in execute_from_commandline
super(CeleryCommand, self).execute_from_commandline(argv)))
File "/usr/lib/python2.6/site-packages/celery/bin/base.py", line
304, in execute_from_commandline
argv = self.setup_app_from_commandline(argv)
File "/usr/lib/python2.6/site-packages/celery/bin/base.py", line
445, in setup_app_from_commandline
os.chdir(workdir)
OSError: [Errno 13] Permission denied: '/var/lib/pulp/celery/'
+ exit 0
- audit2allow < /var/log/audit/audit.log | grep celery
#============= celery_t ==============
allow celery_t nfs_t:dir search;
allow celery_t var_lib_t:lnk_file read;
Updated by bmbouter about 9 years ago
- Status changed from NEW to CLOSED - NOTABUG
- Triaged changed from No to Yes
The NFS mount needs to be configured to use the expected Pulp SELinux label instead of the default nfs_t label. Refer to the "clustering guide SELinux section": http://pulp.readthedocs.org/en/latest/user-guide/scaling.html#selinux-requirements and the NFS docs on how to configure your mount to adhere to these labels. You can apply these labels to your existing files manually using `chcon`.
I'm closing as not a bug. Please send pulp-list e-mail or leave additional comments if it continues to not work.