Project

Profile

Help

Issue #1726

Downloading on_demand RPM content results in 500 error

Added by mmccune@redhat.com almost 5 years ago. Updated over 1 year ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
3. High
Version:
Master
Platform Release:
2.8.0
OS:
RHEL 7
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

1) Import Manifest
2) Enable RHEL 6Server repo
3) Set default download policy to "on_demand"
4) Sync
5) Register client, install a package from RHEL6 via 'yum install', note error

Main error:

pulp_streamer[26539]: pulp.streamer.server:ERROR: (26539-72352) OSError: [Errno 13] Permission denied: '/tmp/nectar-ssl_ca_cert-Q1HNWK'

Extended trace:

pulp_streamer[26539]: pulp.streamer.server:ERROR: (26539-72352) An unexpected error occurred while handling the request.
pulp_streamer[26539]: pulp.streamer.server:ERROR: (26539-72352) Traceback (most recent call last):
pulp_streamer[26539]: pulp.streamer.server:ERROR: (26539-72352)   File "/usr/lib/python2.7/site-packages/pulp/streamer/server.py", line 184, in _handle_get
pulp_streamer[26539]: pulp.streamer.server:ERROR: (26539-72352)     self._download(catalog_entry, request, responder)
pulp_streamer[26539]: pulp.streamer.server:ERROR: (26539-72352)   File "/usr/lib/python2.7/site-packages/pulp/streamer/server.py", line 214, in _download
pulp_streamer[26539]: pulp.streamer.server:ERROR: (26539-72352)     **catalog_entry.data)
pulp_streamer[26539]: pulp.streamer.server:ERROR: (26539-72352)   File "/usr/lib/python2.7/site-packages/pulp/plugins/importer.py", line 37, in get_downloader
pulp_streamer[26539]: pulp.streamer.server:ERROR: (26539-72352)     nectar_config = importer_config_to_nectar_config(config.flatten(), working_dir=working_dir)
pulp_streamer[26539]: pulp.streamer.server:ERROR: (26539-72352)   File "/usr/lib/python2.7/site-packages/pulp/plugins/util/nectar_config.py", line 51, in importer_config_to_nectar_config
pulp_streamer[26539]: pulp.streamer.server:ERROR: (26539-72352)     download_config = DownloaderConfig(**download_config_kwargs)
pulp_streamer[26539]: pulp.streamer.server:ERROR: (26539-72352)   File "/usr/lib/python2.7/site-packages/nectar/config.py", line 134, in __init__
pulp_streamer[26539]: pulp.streamer.server:ERROR: (26539-72352)     self._process_ssl_settings()
pulp_streamer[26539]: pulp.streamer.server:ERROR: (26539-72352)   File "/usr/lib/python2.7/site-packages/nectar/config.py", line 171, in _process_ssl_settings
pulp_streamer[26539]: pulp.streamer.server:ERROR: (26539-72352)     prefix=prefix)
pulp_streamer[26539]: pulp.streamer.server:ERROR: (26539-72352)   File "/usr/lib64/python2.7/tempfile.py", line 304, in mkstemp
pulp_streamer[26539]: pulp.streamer.server:ERROR: (26539-72352)     return _mkstemp_inner(dir, prefix, suffix, flags) 
pulp_streamer[26539]: pulp.streamer.server:ERROR: (26539-72352)   File "/usr/lib64/python2.7/tempfile.py", line 239, in _mkstemp_inner
pulp_streamer[26539]: pulp.streamer.server:ERROR: (26539-72352)     fd = _os.open(file, flags, 0600)
pulp_streamer[26539]: pulp.streamer.server:ERROR: (26539-72352) OSError: [Errno 13] Permission denied: '/tmp/nectar-ssl_ca_cert-Q1HNWK'

Associated revisions

Revision df7e5c5b View on GitHub
Added by bmbouter almost 5 years ago

Adds pulp_streamer_tmp_t to the pulp-streamer SELinux policy

Also removes inappropriate semicolons behind Refpol statements

re #1459 closes #1726 https://pulp.plan.io/issues/1726

Revision df7e5c5b View on GitHub
Added by bmbouter almost 5 years ago

Adds pulp_streamer_tmp_t to the pulp-streamer SELinux policy

Also removes inappropriate semicolons behind Refpol statements

re #1459 closes #1726 https://pulp.plan.io/issues/1726

History

#1 Updated by bmbouter almost 5 years ago

  • Description updated (diff)

#2 Updated by bmbouter almost 5 years ago

  • Description updated (diff)

#3 Updated by bmbouter almost 5 years ago

@mmccune, was SELinux enabled on this machine? If it was, can you post the associate AVC denial?

#4 Updated by bmbouter almost 5 years ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to bmbouter

#5 Updated by mmccune@redhat.com almost 5 years ago

This appears to be the denial:

time->Sun Feb 28 03:32:16 2016
type=SYSCALL msg=audit(1456648336.583:3519): arch=c000003e syscall=2 success=no exit=-13 a0=7fb1080198a0 a1=200c2 a2=180 a3=3 items=0 ppid=1 pid=14337 auid=4
294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="pulp_streamer" exe="/usr/bin/python2.7" subj=system
_u:system_r:streamer_t:s0 key=(null)
type=AVC msg=audit(1456648336.583:3519): avc: denied { write } for pid=14337 comm="pulp_streamer" name="tmp" dev="dm-0" ino=133 scontext=system_u:system_r
:streamer_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir

#6 Updated by mmccune@redhat.com almost 5 years ago

Confirmed, just reproduced the error now and got the same denial:

time->Tue Mar 1 07:07:57 2016
type=SYSCALL msg=audit(1456834077.500:5942): arch=c000003e syscall=2 success=no exit=-13 a0=7fb1081b3e00 a1=200c2 a2=180 a3=3 items=0 ppid=1 pid=14337 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="pulp_streamer" exe="/usr/bin/python2.7" subj=system_u:system_r:streamer_t:s0 key=(null)
type=AVC msg=audit(1456834077.500:5942): avc: denied { write } for pid=14337 comm="pulp_streamer" name="tmp" dev="dm-0" ino=133 scontext=system_u:system_r:streamer_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir

#7 Updated by bmbouter almost 5 years ago

  • Platform Release set to 2.8.0

#8 Updated by bmbouter almost 5 years ago

  • Status changed from ASSIGNED to MODIFIED
  • % Done changed from 0 to 100

#9 Updated by dkliban@redhat.com almost 5 years ago

  • Status changed from MODIFIED to 5

#10 Updated by mhrivnak over 4 years ago

  • Triaged changed from No to Yes

#11 Updated by pthomas@redhat.com over 4 years ago

  • Status changed from 5 to 6

verified

[root@mgmt5 ~]# pulp-admin rpm repo create --repo-id rhel7 --feed https://cdn.redhat.com/content/dist/rhel/rhui/server/7/7.2/x86_64/os/ --feed-ca-cert cdn/cdn.redhat.com-chain.crt --feed-cert cdn/914f702153514b06c1ef279db9dcadce.crt --feed-key cdn/914f702153514b06c1ef279db9dcadce.key --download-policy on_demand
Successfully created repository [rhel7]

[root@mgmt5 ~]#
[root@mgmt5 ~]#
[root@mgmt5 ~]# pulp-admin rpm repo sync run --repo-id rhel7
--------------------------------------------------------------------
Synchronizing Repository [rhel7]
--------------------------------------------------------------------

This command may be exited via ctrl+c without affecting the request.

[-]
Waiting to begin...
Downloading metadata...
[/]
... completed

Downloading repository content...
[\]
[==================================================] 100%
RPMs: 10359/10359 items
Delta RPMs: 0/0 items

... completed

Downloading distribution files...
[==================================================] 100%
Distributions: 0/0 items
... completed

Importing errata...
[\]
... completed

Importing package groups/categories...
[\]
... completed

Cleaning duplicate packages...
[/]
... completed

Task Succeeded

Initializing repo metadata
[-]
... completed

Publishing Distribution files
[-]
... completed

Publishing RPMs
[==================================================] 100%
10359 of 10359 items
... completed

Publishing Delta RPMs
... skipped

Publishing Errata
[==================================================] 100%
1101 of 1101 items
... completed

Publishing Comps file
[==================================================] 100%
86 of 86 items
... completed

Publishing Metadata.
[-]
... completed

Closing repo metadata
[-]
... completed

Generating sqlite files
... skipped

Publishing files to web
[|]
... completed

Writing Listings File
[-]
... completed

Task Succeeded

[root@mgmt5 ~]# yum install screen --disablerepo "*" --enablerepo rhel7
Loaded plugins: product-id, pulp-profile-update, search-disabled-repos,
: subscription-manager
rhel7 | 2.1 kB 00:00:00
(1/3): rhel7/updateinfo | 1.0 MB 00:00:00
(2/3): rhel7/group | 588 kB 00:00:00
(3/3): rhel7/primary | 12 MB 00:00:01
rhel7 10359/10359
Resolving Dependencies
--> Running transaction check
---> Package screen.x86_64 0:4.1.0-0.23.20120314git3c2946.el7_2 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

===================================================================================
Package Arch Version Repository Size
===================================================================================
Installing:
screen x86_64 4.1.0-0.23.20120314git3c2946.el7_2 rhel7 552 k

Transaction Summary
===================================================================================
Install 1 Package

Total download size: 552 k
Installed size: 914 k
Is this ok [y/d/N]: y
Downloading packages:
screen-4.1.0-0.23.20120314git3c2946.el7_2.x86_64.rpm | 552 kB 00:00:02
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : screen-4.1.0-0.23.20120314git3c2946.el7_2.x86_64 1/1
rhel7/productid | 1.7 kB 00:00:00
pulp: profile sent, status=201
Verifying : screen-4.1.0-0.23.20120314git3c2946.el7_2.x86_64 1/1

Installed:
screen.x86_64 0:4.1.0-0.23.20120314git3c2946.el7_2

Complete!
[root@mgmt5 ~]#

#12 Updated by dkliban@redhat.com over 4 years ago

  • Status changed from 6 to CLOSED - CURRENTRELEASE

#15 Updated by bmbouter over 1 year ago

  • Tags Pulp 2 added

Please register to edit this issue

Also available in: Atom PDF