Issue #2061
closed[Errno 13] Permission denied when using symlink to a different partition
Description
Before I installed Pulp I created a symlink from /var/lib/pulp to /pulp_data/(BIG SPACE). The installation of Pulp went perfect with the documentation procedure and created the following folders under the partition.
1. published
2. static
3. uploads
I also tried to use a dummy command to test it out and it worked: pulp-admin rpm repo create --repo-id=foo
I am trying to create a CDN repository with the appropriate certificate information but it seems to crash with permissions.
pulp-admin -v rpm repo create --feed=https://cdn.redhat.com/content/dist/rhel/server/6/6.8/x86_64/os --repo-id=base --feed-cert=/etc/pki/entitlement/<cert>.pem --feed-key=/etc/pki/entitlement/<key>.pem --feed-ca-cert=<rhn-ca>.pem
2016-07-05 13:10:58,228 - ERROR - Exception occurred:
href: /pulp/api/v2/repositories/
method: POST
status: 500
error: [Errno 13] Permission denied: '/var/lib/pulp/importers/base-yum_importer'
traceback: [u' File "/usr/lib/python2.7/site-packages/django/core/handlers/base.py", line 112, in get_response\n response = wrapped_callback(request, *callback_args, **callback_kwargs)\n', u' File "/usr/lib/python2.7/site-packages/django/views/generic/base.py", line 69, in view\n return self.dispatch(request, *args, **kwargs)\n', u' File "/usr/lib/python2.7/site-packages/django/views/generic/base.py", line 87, in dispatch\n return handler(request, *args, **kwargs)\n', u' File "/usr/lib/python2.7/site-packages/pulp/server/webservices/views/decorators.py", line 241, in _auth_decorator\n return _verify_auth(self, operation, super_user_only, method, *args, **kwargs)\n', u' File "/usr/lib/python2.7/site-packages/pulp/server/webservices/views/decorators.py", line 195, in _verify_auth\n value = method(self, *args, **kwargs)\n', u' File "/usr/lib/python2.7/site-packages/pulp/server/webservices/views/util.py", line 130, in wrapper\n return func(*args, **kwargs)\n', u' File "/usr/lib/python2.7/site-packages/pulp/server/webservices/views/repositories.py", line 128, in post\n distributor_list=repo_data.get(\'distributors\')\n', u' File "/usr/lib/python2.7/site-packages/pulp/server/controllers/repository.py", line 410, in create_repo\n importer_controller.set_importer(repo_id, importer_type_id, importer_repo_plugin_config)\n', u' File "/usr/lib/python2.7/site-packages/celery/local.py", line 167, in <lambda>\n __call__ = lambda x, *a, **kw: x._get_current_object()(*a, **kw)\n', u' File "/usr/lib/python2.7/site-packages/pulp/server/async/tasks.py", line 473, in __call__\n return super(Task, self).__call__(*args, **kwargs)\n', u' File "/usr/lib/python2.7/site-packages/pulp/server/async/tasks.py", line 103, in __call__\n return super(PulpTask, self).__call__(*args, **kwargs)\n', u' File "/usr/lib/python2.7/site-packages/celery/app/task.py", line 420, in __call__\n return self.run(*args, **kwargs)\n', u' File "/usr/lib/python2.7/site-packages/pulp/server/controllers/importer.py", line 96, in set_importer\n importer.save()\n', u' File "/usr/lib/python2.7/site-packages/pulp/server/db/model/__init__.py", line 283, in save\n self._write_pem_file(key, path)\n', u' File "/usr/lib/python2.7/site-packages/pulp/server/db/model/__init__.py", line 344, in _write_pem_file\n misc.mkdir(os.path.dirname(self._pki_path))\n', u' File "/usr/lib/python2.7/site-packages/pulp/plugins/util/misc.py", line 48, in mkdir\n os.makedirs(path)\n', u' File "/usr/lib64/python2.7/os.py", line 157, in makedirs\n mkdir(name, mode)\n']
data: {}
An internal error occurred on the Pulp server:
RequestException: POST request
on /pulp/api/v2/repositories/ failed with 500 - [Errno 13] Permission denied:
'/var/lib/pulp/importers/base-yum_importer'
I checked that the permissions of the symlink are assigned to the apache user as well as the subfolders. My guess is that pulp is unable to create the importers directory.
I also think that the documentation regarding Storage Requirements should be expanded a little bit more with a couple of more scenarios.
Related issues
Updated by bmbouter over 8 years ago
Are you using SELinux? It's possible that the POSIX permissions are right, but SELinux is causing the denial. What does `getenforce` show?
Updated by Anonymous over 8 years ago
bmbouter wrote:
Are you using SELinux? It's possible that the POSIX permissions are right, but SELinux is causing the denial. What does `getenforce` show?
getenforce
Enforcing
Updated by Anonymous over 8 years ago
lmayorga1980 wrote:
bmbouter wrote:
Are you using SELinux? It's possible that the POSIX permissions are right, but SELinux is causing the denial. What does `getenforce` show?
getenforce
Enforcing
Changing the enforcing mode to 'permissive' fixed the problem but I think adding a little INFO note on the documentation would be really helpful.
Thank you.
Updated by bmbouter over 8 years ago
@lmayorga1980, can you recommend a place in the document that would have been the most helpful for this note?
Also, FYI, you can fix the SELinux labels on the symlink and it's target contents if you still want to use SELinux in Enforcing mode.
Updated by Anonymous over 8 years ago
bmbouter wrote:
@lmayorga1980, can you recommend a place in the document that would have been the most helpful for this note?
Also, FYI, you can fix the SELinux labels on the symlink and it's target contents if you still want to use SELinux in Enforcing mode.
That sounds even better. Thank you again.
Updated by dkliban@redhat.com over 8 years ago
- Severity changed from 4. Urgent to 2. Medium
- Triaged changed from No to Yes
- Tags Documentation added
Updated by bmbouter over 8 years ago
- Status changed from NEW to CLOSED - DUPLICATE
I just realized this is a duplicate of another issue. I'm closing this one since the other one is specifically to add the selinux docs.
Updated by bmbouter over 8 years ago
- Is duplicate of Issue #1560: Docs missing on selinux requirements to import from file:/// path added