Brian –
Thanks for your response. You are right that I don’t seem to have the selinux-policy-devel package. Although I do have a number of seemingly related packages, but I don’t need nor intend to use selinux on this particular test server. I tried getenforce again with the same result. I also provided the instructions from 2326 that I followed below. Another interesting aspect of this issue: I rebooted the box to ensure that selinux was in fact disabled, which it was, but I noticed that my first publish attempt is actually partially successful. All subsequent attempts fail immediately. This also happens by just restarting the pulp services. You don't have to reboot. In discussing this with Sean Meyers it seems I have a variant of https://pulp.plan.io/issues/2387 that doesn’t depend on selinux being enabled. I have been told they are working on a hotfix for that. At this point I am just wondering if it is possible to revert to 2.10 while I wait for the full solution in 2.10.2. Thanks. [root@pulp-server:~]# getenforce Disabled [root@pulp-server:~]# rpm -qa |grep -i selinux selinux-policy-targeted-3.7.19-292.el6.noarch libselinux-2.0.94-7.el6.i686 libselinux-ruby-2.0.94-7.el6.x86_64 libselinux-devel-2.0.94-7.el6.x86_64 selinux-policy-3.7.19-292.el6.noarch libselinux-python-2.0.94-7.el6.x86_64 libselinux-2.0.94-7.el6.x86_64 pulp-selinux-2.10.1-1.el6.noarch libselinux-utils-2.0.94-7.el6.x86_64 # Instructions I followed from 2326. I also rebooted this test machine for good measure. $ getenforce Enforcing $ setenforce 0 $ echo > /var/log/audit/audit.log $ semodule -R From: Brian Bouterse [mailto:bbout...@redhat.com] Sent: Wednesday, November 09, 2016 11:41 AM To: Mcnabb, Dustin Cc: pulp-list@redhat.com Subject: [E] Re: [Pulp-list] Receiving error when trying to publish any rpm repo. Hi Dustin, I believe the 2.10.2 and 2.11 GA releases allow you to upgrade from 2.10.1. If you can't restore from backups onto a fresh 2.10.0 GA install, I would recommend upgrading to the 2.10.2 once that is GA. You could also try the 2.10.2 beta or 2.11 beta. You're showing what looks like an SELinux error, but sestatus shows disabled. Does audit.log also show errors when your publish fails? Also what does `sudo getenforce` show? It would be good to confirm that SELinux is really not set to "Enforcing" on your system. You mention you applied the fix from 2326. What changes did you make in that area? Also regarding the /etc/selinux/targeted/policy/policy.24 stuff, maybe you are missing the selinux-policy-devel package? -Brian On Tue, Nov 8, 2016 at 1:53 PM, Mcnabb, Dustin <dustin.mcn...@verizon.com<mailto:dustin.mcn...@verizon.com>> wrote: So I upgraded to 2.10.1 and managed to get past the failing db migration, but now I am finding I can't even publish a repo, and I suspect other issues might exist. I have documented my troubleshooting steps below, and I verified these issues don't exist on another pulp server running 2.10.0. Ultimately, I am wondering if I can revert to 2.10.0 cleanly, or if I need to upgrade to a beta version and whether that should be 2.10.2 or 2.11.0 Beta 2? [root@pulp-server]# pulp-admin rpm repo publish run --repo-id redhat-6-x86_64-os +----------------------------------------------------------------------+ Publishing Repository [redhat-6-x86_64-os] +----------------------------------------------------------------------+ This command may be exited via ctrl+c without affecting the request. Initializing repo metadata [-] ... completed Publishing Distribution files [-] ... completed Publishing RPMs [==================================================] 100% 4023 of 4023 items ... completed Publishing Delta RPMs ... skipped Publishing Errata [==================================================] 100% 3712 of 3712 items ... completed Publishing Comps file [==================================================] 100% 213 of 213 items Task Failed [Errno 1] Operation not permitted Nov 8 15:56:02 pulp-server pulp: pulp.server.async.tasks:INFO: Task failed : [17ecfada-b3a3-42cc-a2b1-74aec4fc9231] Nov 8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832) Task pulp.server.managers.repo.publish.publish[id] raised unexpected: OSError(1, 'Operation not permitted') Nov 8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832) Traceback (most recent call last): Nov 8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832) File "/usr/lib/python2.6/site-packages/celery/app/trace.py", line 240, in trace_task Nov 8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832) R = retval = fun(*args, **kwargs) Nov 8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832) File "/usr/lib/python2.6/site-packages/pulp/server/async/tasks.py", line 488, in __call__ Nov 8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832) return super(Task, self).__call__(*args, **kwargs) Nov 8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832) File "/usr/lib/python2.6/site-packages/pulp/server/async/tasks.py", line 103, in __call__ Nov 8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832) return super(PulpTask, self).__call__(*args, **kwargs) Nov 8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832) File "/usr/lib/python2.6/site-packages/celery/app/trace.py", line 437, in __protected_call__ Nov 8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832) return self.run(*args, **kwargs) Nov 8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832) File "/usr/lib/python2.6/site-packages/pulp/server/controllers/repository.py", line 1095, in publish Nov 8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832) result = check_publish(repo_obj, dist_id, dist_inst, transfer_repo, conduit, call_config) Nov 8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832) File "/usr/lib/python2.6/site-packages/pulp/server/controllers/repository.py", line 1187, in check_publish Nov 8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832) result = _do_publish(repo_obj, dist_id, dist_inst, transfer_repo, conduit, call_config) Nov 8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832) File "/usr/lib/python2.6/site-packages/pulp/server/controllers/repository.py", line 1239, in _do_publish Nov 8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832) publish_report = publish_repo(transfer_repo, conduit, call_config) Nov 8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832) File "/usr/lib/python2.6/site-packages/pulp/server/async/tasks.py", line 673, in wrap_f Nov 8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832) return f(*args, **kwargs) Nov 8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832) File "/usr/lib/python2.6/site-packages/pulp_rpm/plugins/distributors/yum/distributor.py", line 174, in publish_repo Nov 8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832) return self._publisher.process_lifecycle() Nov 8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832) File "/usr/lib/python2.6/site-packages/pulp/plugins/util/publish_step.py", line 566, in process_lifecycle Nov 8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832) super(PluginStep, self).process_lifecycle() Nov 8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832) File "/usr/lib/python2.6/site-packages/pulp/plugins/util/publish_step.py", line 163, in process_lifecycle Nov 8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832) step.process() Nov 8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832) File "/usr/lib/python2.6/site-packages/pulp/plugins/util/publish_step.py", line 253, in process Nov 8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832) self._process_block() Nov 8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832) File "/usr/lib/python2.6/site-packages/pulp/plugins/util/publish_step.py", line 297, in _process_block Nov 8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832) self.process_main() Nov 8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832) File "/usr/lib/python2.6/site-packages/pulp/plugins/util/publish_step.py", line 905, in process_main Nov 8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832) selinux.restorecon(timestamp_master_dir.encode('utf-8'), recursive=True) Nov 8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832) File "/usr/lib64/python2.6/site-packages/selinux/__init__.py", line 83, in restorecon Nov 8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832) lsetfilecon(path, context) Nov 8 15:56:02 pulp-server pulp: celery.worker.job:ERROR: (6756-60832) OSError: [Errno 1] Operation not permitted # I confirmed that selinux is disabled on this test server [root@pulp-server:~]# sestatus SELinux status: disabled # I tried running restorecon recursively as root as described here https://www.redhat.com/archives/pulp-list/2016-May/msg00054.html # There was no stdout or stderr, and it had no affect on the problem. [root@pulp-server:pulp]# restorecon -R /etc/pki/pulp # Running pulp 2.10.1 I tried the fix documented here https://pulp.plan.io/issues/2326 # I got this error and publish still fails with same error. [root@pulp-server:~]# semodule -R SELinux: Could not downgrade policy file /etc/selinux/targeted/policy/policy.24, searching for an older version. SELinux: Could not open policy file <= /etc/selinux/targeted/policy/policy.24: No such file or directory libsemanage.semanage_reload_policy: load_policy returned error code 2. (No such file or directory). # The policy.24 files does in fact exist despite the error to the contrary [root@pulp-server:~]# ls -al /etc/selinux/targeted/policy/policy.24 -rw-r--r-- 1 root root 8424080 Oct 28 19:31 /etc/selinux/targeted/policy/policy.24 Dustin _______________________________________________ Pulp-list mailing list Pulp-list@redhat.com<mailto:Pulp-list@redhat.com> https://www.redhat.com/mailman/listinfo/pulp-list
_______________________________________________ Pulp-list mailing list Pulp-list@redhat.com https://www.redhat.com/mailman/listinfo/pulp-list