Actions
Issue #976
closed
ISO repo not able to publish
Status:
CLOSED - NOTABUG
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
3. High
Version:
2.6.1 Beta
Platform Release:
OS:
Fedora 20
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:
Description
Hello,
I am not able to publish iso repos neither through pulp-admin nor API.
pulp-admin iso repo create --repo-id=aaa
pulp-admin iso repo publish run --repo-id=aaa
Stacktrace:
(6284-02176) Error received removing distributor [IsoRepoTest_repo_distributor] from repo [IsoRepoTest_repo]
(6284-02176) Traceback (most recent call last):
(6284-02176) File "/usr/lib/python2.7/site-packages/pulp/server/managers/repo/cud.py", line 241, in delete_repo
(6284-02176) distributor_manager.remove_distributor(repo_id, repo_distributor['id'])
(6284-02176) File "/usr/lib/python2.7/site-packages/pulp/server/managers/repo/distributor.py", line 241, in remove_distributor
(6284-02176) distributor_instance.distributor_removed(transfer_repo, call_config)
(6284-02176) File "/usr/lib/python2.7/site-packages/pulp/plugins/file/distributor.py", line 65, in distributor_removed
(6284-02176) self.unpublish_repo(repo, config)
(6284-02176) File "/usr/lib/python2.7/site-packages/pulp_rpm/plugins/distributors/iso_distributor/distributor.py", line 55, in unpublish_repo
(6284-02176) publish.remove_repository_protection(repo)
(6284-02176) File "/usr/lib/python2.7/site-packages/pulp_rpm/plugins/distributors/iso_distributor/publish.py", line 78, in remove_repository_protection
(6284-02176) protected_repo_utils.delete_protected_repo(relative_path)
(6284-02176) File "/usr/lib/python2.7/site-packages/pulp_rpm/repo_auth/protected_repo_utils.py", line 63, in delete_protected_repo
(6284-02176) f.save()
(6284-02176) File "/usr/lib/python2.7/site-packages/pulp_rpm/repo_auth/protected_repo_utils.py", line 143, in save
(6284-02176) f = open(self.filename, 'w')
(6284-02176) IOError: [Errno 13] Permission denied: '/etc/pki/pulp/content/pulp-protected-repos'
# rpm -qa| grep pulp
pulp-admin-client-2.6.1-0.3.rc.fc20.noarch
pulp-consumer-client-2.6.1-0.3.rc.fc20.noarch
pulp-agent-2.6.1-0.3.rc.fc20.noarch
pulp-rpm-yumplugins-2.6.1-0.4.rc.fc20.noarch
python-kombu-3.0.24-5.pulp.fc20.noarch
python-pulp-rpm-common-2.6.1-0.4.rc.fc20.noarch
pulp-server-2.6.1-0.3.rc.fc20.noarch
pulp-selinux-2.6.1-0.3.rc.fc20.noarch
python-pulp-bindings-2.6.1-0.3.rc.fc20.noarch
python-pulp-agent-lib-2.6.1-0.3.rc.fc20.noarch
pulp-puppet-handlers-2.6.1-0.3.rc.fc20.noarch
pulp-rpm-handlers-2.6.1-0.4.rc.fc20.noarch
pulp-docker-admin-extensions-1.0.0-1.fc20.noarch
python-pulp-puppet-common-2.6.1-0.3.rc.fc20.noarch
pulp-rpm-plugins-2.6.1-0.4.rc.fc20.noarch
python-pulp-client-lib-2.6.1-0.3.rc.fc20.noarch
pulp-puppet-admin-extensions-2.6.1-0.3.rc.fc20.noarch
python-isodate-0.5.0-4.pulp.fc20.noarch
pulp-rpm-consumer-extensions-2.6.1-0.4.rc.fc20.noarch
pulp-docker-plugins-1.0.0-1.fc20.noarch
pulp-puppet-plugins-2.6.1-0.3.rc.fc20.noarch
pulp-rpm-admin-extensions-2.6.1-0.4.rc.fc20.noarch
python-pulp-common-2.6.1-0.3.rc.fc20.noarch
pulp-puppet-consumer-extensions-2.6.1-0.3.rc.fc20.noarch
python-pulp-docker-common-1.0.0-1.fc20.noarch
Updated by jortel@redhat.com over 9 years ago
- Severity changed from 2. Medium to 3. High
- Triaged changed from No to Yes
Updated by ipanova@redhat.com over 9 years ago
I tried to reproduce this on 2.6.1 and was not able to:
$ pulp-admin iso repo create --repo-id test-repo
Successfully created repository [test-repo]
[ipanova@ina pulp_rpm]$ pulp-admin -u admin -p admin iso repo publish run --repo-id test-repo
+----------------------------------------------------------------------+
Publishing Repository [test-repo]
+----------------------------------------------------------------------+
This command may be exited via ctrl+c without affecting the request.
The repository was successfully published.
Task Succeeded
Do you still have this issue? overwise I am closing it
Updated by jkvita over 9 years ago
I still have the issue. Its probably caused by selinux.
After
# setenforce 0
it is fine like you shown.
Here is report:
# grep -i avc /var/log/audit/audit.log
type=USER_AVC msg=audit(1433233092.174:64): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received policyload notice (seqno=2) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
type=USER_AVC msg=audit(1433233281.645:122): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received policyload notice (seqno=3) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
type=USER_AVC msg=audit(1433233281.645:123): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received policyload notice (seqno=4) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
type=USER_AVC msg=audit(1433233281.645:124): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received policyload notice (seqno=5) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
type=USER_AVC msg=audit(1433233281.645:125): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received policyload notice (seqno=6) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
type=AVC msg=audit(1433234912.262:171): avc: denied { write } for pid=20996 comm="celery" name="content" dev="xvda1" ino=255550 scontext=system_u:system_r:celery_t:s0 tcontext=system_u:object_r:pulp_cert_t:s0 tclass=dir
type=AVC msg=audit(1433244084.793:243): avc: denied { write } for pid=6442 comm="celery" name="content" dev="xvda1" ino=255550 scontext=system_u:system_r:celery_t:s0 tcontext=system_u:object_r:pulp_cert_t:s0 tclass=dir
type=AVC msg=audit(1433252765.438:323): avc: denied { write } for pid=6753 comm="celery" name="content" dev="xvda1" ino=255550 scontext=system_u:system_r:celery_t:s0 tcontext=system_u:object_r:pulp_cert_t:s0 tclass=dir
type=AVC msg=audit(1433252807.341:325): avc: denied { write } for pid=6753 comm="celery" name="content" dev="xvda1" ino=255550 scontext=system_u:system_r:celery_t:s0 tcontext=system_u:object_r:pulp_cert_t:s0 tclass=dir
type=AVC msg=audit(1433252807.341:325): avc: denied { add_name } for pid=6753 comm="celery" name="pulp-protected-repos" scontext=system_u:system_r:celery_t:s0 tcontext=system_u:object_r:pulp_cert_t:s0 tclass=dir
type=AVC msg=audit(1433252807.341:325): avc: denied { create } for pid=6753 comm="celery" name="pulp-protected-repos" scontext=system_u:system_r:celery_t:s0 tcontext=system_u:object_r:pulp_cert_t:s0 tclass=file
Also its happening with 2.6.2 too.
Updated by ipanova@redhat.com over 9 years ago
so, i created an instance of pulp in ec2 and tested with pulp 2.6.1-0.3.rc, selinux enabled - published without any problems. then did the update to 2.6.2 version - same situation, was not able to reproduce the bug.
audit.log is clean.
Not sure what else i can do, maybe some other developer will be able to reproduce that.
Updated by ipanova@redhat.com over 9 years ago
Actually, looking closer at the traceback, seems like you provided a wrong one, as it is about removal of distributor from the repo. Howether, neither that, i was not able to reproduce.
Updated by ipanova@redhat.com over 9 years ago
Is this file apache readable "etc/pki/pulp/content/pulp-protected-repos"?
Updated by jkvita over 9 years ago
I tried it again and I am not able to reproduce it either, not even on the machines which were failing before. Don't know what happened. I guess this is not a problem anymore.
Yes, the file is readable by everybody.
Updated by ipanova@redhat.com over 9 years ago
- Status changed from NEW to CLOSED - NOTABUG
ok, then i am closing it
Actions
.