I've noticed this behavior on a few of our Spacewalk clients recently. I've applied the latest Spacewalk server and client patches and that doesn't seem to help. I've also turned SELinux on and off and that doesn't seem to help, even though there are some SELinux messages being written to the logs.
I'm running Spacewalk 2.7 and clients with the 2.7 client packages running OL 7. The only solution I've found thus far is to remove the RHN client packages and then reinstall/re-register which works flawlessly. When a client is malfunctioning, again inexplicably, it throws this error in the server rhn_server_xmlrpc log: 2018/03/05 11:56:34 -05:00 12089 <IP address omitted>: rhnServer/server_certificate.certificate('ERROR', "Could not marshall certificate for {'username': None, 'operating_system': 'redhat -release-server', 'description': 'Initial Registration Parameters:\\nOS: redhat-release-server\\nRelease: 7Server\\nCPU Arch: x86_64', 'checksum': <omitted>', 'profile_name': '<omitted>.domain.com', 'system_id': '<omitted>', 'architecture': 'x86_64-redhat-linux', 'os_release': '7.4', 'fie lds': ['system_id', 'os_release', 'operating_system', 'architecture', 'type'], 'type': 'REAL'}") This error on the client: # yum repolist Loaded plugins: changelog, rhnplugin, verify There was an error communicating with RHN. Red Hat Satellite or RHN Classic support will be disabled. rhn-plugin: Error communicating with server. The message was: While running 'registration.upgrade_version': caught <type 'exceptions.TypeError'> : ('cannot marshal None unless allow_none is enabled', {'username': None, 'operating_system': 'redhat-release-server', 'description': 'Initial Regist ration Parameters:\nOS: redhat-release-server\nRelease: 7Server\nCPU Arch: x86_64', 'checksum': '<omitted>', 'profile_name': <omitted>.domain.com', 'system_id': '<omitted>', 'architecture': 'x86_64-redhat-linux', 'os_release': '7.4', 'fields': ['system_id', 'os_release', 'operating_system ', 'architecture', 'type'], 'type': 'REAL'}) repolist: 0 And I saw some SELinux messages, but again, fixing these or setting SELinux to permissive didn't help: # sealert -a /var/log/audit/audit.log 100% done found 1 alerts in /var/log/audit/audit.log -------------------------------------------------------------------------------- SELinux is preventing /usr/bin/python2.7 from write access on the directory /usr/lib/python2.7/site-packages/spacewalk/common. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that python2.7 should be allowed write access on the common directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'osad' --raw | audit2allow -M my-osad # semodule -i my-osad.pp Additional Information: Source Context system_u:system_r:osad_t:s0 Target Context system_u:object_r:lib_t:s0 Target Objects /usr/lib/python2.7/site-packages/spacewalk/common [ dir ] Source osad Source Path /usr/bin/python2.7 Port <Unknown> Host <Unknown> Source RPM Packages python-2.7.5-58.0.1.el7.x86_64 Target RPM Packages spacewalk-usix-2.7.8-1.el7.noarch Policy RPM selinux-policy-3.13.1-166.0.3.el7_4.7.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name <omitted>.domain.com Platform Linux <omitted>.domain.com 3.10.0-693.11.6.el7.x86_64 #1 SMP Wed Jan 3 18:59:47 PST 2018 x86_64 x86_64 Alert Count 2 First Seen 2018-03-05 11:44:53 CST Last Seen 2018-03-05 11:44:53 CST Local ID <omitted> Raw Audit Messages type=AVC msg=audit(1520271893.927:335515): avc: denied { write } for pid=24343 comm="osad" name="common" dev="dm-1" ino=654732 scontext=system_u:system_r:osad_t:s0 tcontext=sys tem_u:object_r:lib_t:s0 tclass=dir type=SYSCALL msg=audit(1520271893.927:335515): arch=x86_64 syscall=open success=no exit=EACCES a0=177b400 a1=2c1 a2=81a4 a3=7effc9e4c610 items=0 ppid=1 pid=24343 auid=4294967295 u id=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=osad exe=/usr/bin/python2.7 subj=system_u:system_r:osad_t:s0 key=(null) Hash: osad,osad_t,lib_t,dir,write Matthew Wilkinson | Lead Server Administrator, Unix
_______________________________________________ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list