Project

Profile

Help

Issue #1292

closed

celery NFS selinux issue

Added by dgregor@redhat.com over 8 years ago. Updated almost 5 years ago.

Status:
CLOSED - NOTABUG
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
2.5
Platform Release:
OS:
RHEL 6
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

Apologies if this is a duplicate, but I could not find an existing ticket for it.

  1. rpm -qa | egrep '(pulp|selinux)' | sort
    libselinux-2.0.94-5.3.el6_4.1.x86_64
    libselinux-python-2.0.94-5.3.el6_4.1.x86_64
    libselinux-ruby-2.0.94-5.3.el6_4.1.x86_64
    libselinux-utils-2.0.94-5.3.el6_4.1.x86_64
    mod_wsgi-3.4-2.pulp.el6.x86_64
    pulp-admin-client-2.5.3-1.el6.noarch
    pulp-docker-admin-extensions-0.2.1-1.el6.noarch
    pulp-docker-plugins-0.2.1-1.el6.noarch
    pulp-selinux-2.5.3-1.el6.noarch
    pulp-server-2.5.3-1.el6.noarch
    python-isodate-0.5.0-4.pulp.el6.noarch
    python-kombu-3.0.24-5.pulp.el6ui.noarch
    python-pulp-bindings-2.5.3-1.el6.noarch
    python-pulp-client-lib-2.5.3-1.el6.noarch
    python-pulp-common-2.5.3-1.el6.noarch
    python-pulp-docker-common-0.2.1-1.el6.noarch
    selinux-policy-3.7.19-231.el6_5.3.noarch
    selinux-policy-targeted-3.7.19-231.el6_5.3.noarch

Starting pulp_celerybeat...
+ chuid --scheduler=pulp.server.async.scheduler.Scheduler
--workdir=/var/lib/pulp/celery/ -f /var/log/pulp/celerybeat.log -l
INFO --detach --pidfile=/var/run/pulp/celerybeat.pid
+ su - apache -s /bin/sh -c 'celery beat
--scheduler=pulp.server.async.scheduler.Scheduler
--workdir=/var/lib/pulp/celery/ -f /var/log/pulp/celerybeat.log -l
INFO --detach --pidfile=/var/run/pulp/celerybeat.pid'
Traceback (most recent call last):
File "/usr/bin/celery", line 9, in <module>
load_entry_point('celery==3.1.11', 'console_scripts', 'celery')()
File "/usr/lib/python2.6/site-packages/celery/
_main__.py", line
30, in main
main()
File "/usr/lib/python2.6/site-packages/celery/bin/celery.py", line
81, in main
cmd.execute_from_commandline(argv)
File "/usr/lib/python2.6/site-packages/celery/bin/celery.py", line
769, in execute_from_commandline
super(CeleryCommand, self).execute_from_commandline(argv)))
File "/usr/lib/python2.6/site-packages/celery/bin/base.py", line
304, in execute_from_commandline
argv = self.setup_app_from_commandline(argv)
File "/usr/lib/python2.6/site-packages/celery/bin/base.py", line
445, in setup_app_from_commandline
os.chdir(workdir)
OSError: [Errno 13] Permission denied: '/var/lib/pulp/celery/'
+ exit 0

  1. audit2allow < /var/log/audit/audit.log | grep celery
    #============= celery_t ==============
    allow celery_t nfs_t:dir search;
    allow celery_t var_lib_t:lnk_file read;
Actions #1

Updated by bmbouter over 8 years ago

  • Status changed from NEW to CLOSED - NOTABUG
  • Triaged changed from No to Yes

The NFS mount needs to be configured to use the expected Pulp SELinux label instead of the default nfs_t label. Refer to the "clustering guide SELinux section": http://pulp.readthedocs.org/en/latest/user-guide/scaling.html#selinux-requirements and the NFS docs on how to configure your mount to adhere to these labels. You can apply these labels to your existing files manually using `chcon`.

I'm closing as not a bug. Please send pulp-list e-mail or leave additional comments if it continues to not work.

Actions #2

Updated by bmbouter almost 5 years ago

  • Tags Pulp 2 added

Also available in: Atom PDF