Project

Profile

Help

Issue #976

ISO repo not able to publish

Added by jkvita over 5 years ago. Updated over 1 year ago.

Status:
CLOSED - NOTABUG
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
3. High
Version:
2.6.1 Beta
Platform Release:
OS:
Fedora 20
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

Hello,

I am not able to publish iso repos neither through pulp-admin nor API.

pulp-admin iso repo create --repo-id=aaa
pulp-admin iso repo publish run --repo-id=aaa

Stacktrace:

 (6284-02176) Error received removing distributor [IsoRepoTest_repo_distributor] from repo [IsoRepoTest_repo]
 (6284-02176) Traceback (most recent call last):
 (6284-02176)   File "/usr/lib/python2.7/site-packages/pulp/server/managers/repo/cud.py", line 241, in delete_repo
 (6284-02176)     distributor_manager.remove_distributor(repo_id, repo_distributor['id'])
 (6284-02176)   File "/usr/lib/python2.7/site-packages/pulp/server/managers/repo/distributor.py", line 241, in remove_distributor
 (6284-02176)     distributor_instance.distributor_removed(transfer_repo, call_config)
 (6284-02176)   File "/usr/lib/python2.7/site-packages/pulp/plugins/file/distributor.py", line 65, in distributor_removed
 (6284-02176)     self.unpublish_repo(repo, config)
 (6284-02176)   File "/usr/lib/python2.7/site-packages/pulp_rpm/plugins/distributors/iso_distributor/distributor.py", line 55, in unpublish_repo
 (6284-02176)     publish.remove_repository_protection(repo)
 (6284-02176)   File "/usr/lib/python2.7/site-packages/pulp_rpm/plugins/distributors/iso_distributor/publish.py", line 78, in remove_repository_protection
 (6284-02176)     protected_repo_utils.delete_protected_repo(relative_path)
 (6284-02176)   File "/usr/lib/python2.7/site-packages/pulp_rpm/repo_auth/protected_repo_utils.py", line 63, in delete_protected_repo
 (6284-02176)     f.save()
 (6284-02176)   File "/usr/lib/python2.7/site-packages/pulp_rpm/repo_auth/protected_repo_utils.py", line 143, in save
 (6284-02176)     f = open(self.filename, 'w')
 (6284-02176) IOError: [Errno 13] Permission denied: '/etc/pki/pulp/content/pulp-protected-repos'
# rpm -qa| grep pulp
pulp-admin-client-2.6.1-0.3.rc.fc20.noarch
pulp-consumer-client-2.6.1-0.3.rc.fc20.noarch
pulp-agent-2.6.1-0.3.rc.fc20.noarch
pulp-rpm-yumplugins-2.6.1-0.4.rc.fc20.noarch
python-kombu-3.0.24-5.pulp.fc20.noarch
python-pulp-rpm-common-2.6.1-0.4.rc.fc20.noarch
pulp-server-2.6.1-0.3.rc.fc20.noarch
pulp-selinux-2.6.1-0.3.rc.fc20.noarch
python-pulp-bindings-2.6.1-0.3.rc.fc20.noarch
python-pulp-agent-lib-2.6.1-0.3.rc.fc20.noarch
pulp-puppet-handlers-2.6.1-0.3.rc.fc20.noarch
pulp-rpm-handlers-2.6.1-0.4.rc.fc20.noarch
pulp-docker-admin-extensions-1.0.0-1.fc20.noarch
python-pulp-puppet-common-2.6.1-0.3.rc.fc20.noarch
pulp-rpm-plugins-2.6.1-0.4.rc.fc20.noarch
python-pulp-client-lib-2.6.1-0.3.rc.fc20.noarch
pulp-puppet-admin-extensions-2.6.1-0.3.rc.fc20.noarch
python-isodate-0.5.0-4.pulp.fc20.noarch
pulp-rpm-consumer-extensions-2.6.1-0.4.rc.fc20.noarch
pulp-docker-plugins-1.0.0-1.fc20.noarch
pulp-puppet-plugins-2.6.1-0.3.rc.fc20.noarch
pulp-rpm-admin-extensions-2.6.1-0.4.rc.fc20.noarch
python-pulp-common-2.6.1-0.3.rc.fc20.noarch
pulp-puppet-consumer-extensions-2.6.1-0.3.rc.fc20.noarch
python-pulp-docker-common-1.0.0-1.fc20.noarch

History

#1 Updated by jortel@redhat.com over 5 years ago

  • Severity changed from 2. Medium to 3. High
  • Triaged changed from No to Yes

#2 Updated by ipanova@redhat.com over 5 years ago

I tried to reproduce this on 2.6.1 and was not able to:

$ pulp-admin iso repo create --repo-id test-repo

Successfully created repository [test-repo]

[ipanova@ina pulp_rpm]$ pulp-admin -u admin -p admin iso repo publish run --repo-id test-repo

+----------------------------------------------------------------------+
                   Publishing Repository [test-repo]
+----------------------------------------------------------------------+

This command may be exited via ctrl+c without affecting the request.

The repository was successfully published.

Task Succeeded

Do you still have this issue? overwise I am closing it

#3 Updated by jkvita over 5 years ago

I still have the issue. Its probably caused by selinux.
After

# setenforce 0

it is fine like you shown.

Here is report:

# grep -i avc /var/log/audit/audit.log
type=USER_AVC msg=audit(1433233092.174:64): pid=1 uid=0 auid=4294967295 ses=4294967295  subj=system_u:system_r:init_t:s0 msg='avc:  received policyload notice (seqno=2)  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
type=USER_AVC msg=audit(1433233281.645:122): pid=1 uid=0 auid=4294967295 ses=4294967295  subj=system_u:system_r:init_t:s0 msg='avc:  received policyload notice (seqno=3)  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
type=USER_AVC msg=audit(1433233281.645:123): pid=1 uid=0 auid=4294967295 ses=4294967295  subj=system_u:system_r:init_t:s0 msg='avc:  received policyload notice (seqno=4)  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
type=USER_AVC msg=audit(1433233281.645:124): pid=1 uid=0 auid=4294967295 ses=4294967295  subj=system_u:system_r:init_t:s0 msg='avc:  received policyload notice (seqno=5)  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
type=USER_AVC msg=audit(1433233281.645:125): pid=1 uid=0 auid=4294967295 ses=4294967295  subj=system_u:system_r:init_t:s0 msg='avc:  received policyload notice (seqno=6)  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
type=AVC msg=audit(1433234912.262:171): avc:  denied  { write } for  pid=20996 comm="celery" name="content" dev="xvda1" ino=255550 scontext=system_u:system_r:celery_t:s0 tcontext=system_u:object_r:pulp_cert_t:s0 tclass=dir
type=AVC msg=audit(1433244084.793:243): avc:  denied  { write } for  pid=6442 comm="celery" name="content" dev="xvda1" ino=255550 scontext=system_u:system_r:celery_t:s0 tcontext=system_u:object_r:pulp_cert_t:s0 tclass=dir
type=AVC msg=audit(1433252765.438:323): avc:  denied  { write } for  pid=6753 comm="celery" name="content" dev="xvda1" ino=255550 scontext=system_u:system_r:celery_t:s0 tcontext=system_u:object_r:pulp_cert_t:s0 tclass=dir
type=AVC msg=audit(1433252807.341:325): avc:  denied  { write } for  pid=6753 comm="celery" name="content" dev="xvda1" ino=255550 scontext=system_u:system_r:celery_t:s0 tcontext=system_u:object_r:pulp_cert_t:s0 tclass=dir
type=AVC msg=audit(1433252807.341:325): avc:  denied  { add_name } for  pid=6753 comm="celery" name="pulp-protected-repos" scontext=system_u:system_r:celery_t:s0 tcontext=system_u:object_r:pulp_cert_t:s0 tclass=dir
type=AVC msg=audit(1433252807.341:325): avc:  denied  { create } for  pid=6753 comm="celery" name="pulp-protected-repos" scontext=system_u:system_r:celery_t:s0 tcontext=system_u:object_r:pulp_cert_t:s0 tclass=file

Also its happening with 2.6.2 too.

#4 Updated by ipanova@redhat.com over 5 years ago

so, i created an instance of pulp in ec2 and tested with pulp 2.6.1-0.3.rc, selinux enabled - published without any problems. then did the update to 2.6.2 version - same situation, was not able to reproduce the bug.
audit.log is clean.
Not sure what else i can do, maybe some other developer will be able to reproduce that.

#5 Updated by ipanova@redhat.com over 5 years ago

Actually, looking closer at the traceback, seems like you provided a wrong one, as it is about removal of distributor from the repo. Howether, neither that, i was not able to reproduce.

#6 Updated by ipanova@redhat.com over 5 years ago

Is this file apache readable "etc/pki/pulp/content/pulp-protected-repos"?

#7 Updated by jkvita over 5 years ago

I tried it again and I am not able to reproduce it either, not even on the machines which were failing before. Don't know what happened. I guess this is not a problem anymore.

Yes, the file is readable by everybody.

#8 Updated by ipanova@redhat.com over 5 years ago

  • Status changed from NEW to CLOSED - NOTABUG

ok, then i am closing it

#9 Updated by bmbouter over 1 year ago

  • Tags Pulp 2 added

Please register to edit this issue

Also available in: Atom PDF