Bug #23343: "Error: Package: 2:ceph-selinux-13.0.1-3017.g5fee268.el7.x86_64" in smoke - sepia - Ceph

Actions

Copy link

Bug #23343

closed

"Error: Package: 2:ceph-selinux-13.0.1-3017.g5fee268.el7.x86_64" in smoke

Added by Yuri Weinstein about 6 years ago. Updated about 6 years ago.

Status:

Resolved

Priority:

Urgent

Assignee:

David Galloway

Category:

Target version:

% Done:

Source:

Q/A

Tags:

Backport:

Regression:

Severity:

3 - minor

Reviewed:

Affected Versions:

ceph-qa-suite:

smoke

Crash signature (v1):

Crash signature (v2):

Description

Run: http://pulpito.ceph.com/teuthology-2018-03-13_17:31:37-smoke-master-testing-basic-smithi/
Jobs: all
Logs: http://qa-proxy.ceph.com/teuthology/teuthology-2018-03-13_17:31:37-smoke-master-testing-basic-smithi/2287609/teuthology.log

2018-03-13T17:52:03.393 INFO:teuthology.orchestra.run.smithi097.stdout:--> Running transaction check
2018-03-13T17:52:03.393 INFO:teuthology.orchestra.run.smithi097.stdout:---> Package ceph-selinux.x86_64 2:13.0.1-3017.g5fee268.el7 will be installed
2018-03-13T17:52:03.393 INFO:teuthology.orchestra.run.smithi097.stdout:--> Processing Dependency: selinux-policy-base >= 3.13.1-166.el7_4.9 for package: 2:ceph-selinux-13.0.1-3017.g5fee268.el7.x86_64
2018-03-13T17:52:03.399 INFO:teuthology.orchestra.run.smithi097.stdout:---> Package python-urllib3.noarch 0:1.10.2-3.el7 will be installed
2018-03-13T17:52:03.399 INFO:teuthology.orchestra.run.smithi097.stdout:---> Package userspace-rcu.x86_64 0:0.7.16-1.el7 will be installed
2018-03-13T17:52:03.881 INFO:teuthology.orchestra.run.smithi117.stdout:No package  available.
2018-03-13T17:52:04.044 INFO:teuthology.orchestra.run.smithi097.stdout:--> Finished Dependency Resolution
2018-03-13T17:52:04.178 INFO:teuthology.orchestra.run.smithi097.stdout:Error: Package: 2:ceph-selinux-13.0.1-3017.g5fee268.el7.x86_64 (ceph)
2018-03-13T17:52:04.179 INFO:teuthology.orchestra.run.smithi097.stdout:           Requires: selinux-policy-base >= 3.13.1-166.el7_4.9
2018-03-13T17:52:04.179 INFO:teuthology.orchestra.run.smithi097.stdout:           Installed: selinux-policy-targeted-3.13.1-166.el7_4.7.noarch (@rhel-7-server-rpms)
2018-03-13T17:52:04.179 INFO:teuthology.orchestra.run.smithi097.stdout:               selinux-policy-base = 3.13.1-166.el7_4.7
2018-03-13T17:52:04.179 INFO:teuthology.orchestra.run.smithi097.stdout:           Available: selinux-policy-minimum-3.12.1-153.el7.noarch (rhel-7-server-rpms)
2018-03-13T17:52:04.179 INFO:teuthology.orchestra.run.smithi097.stdout:               selinux-policy-base = 3.12.1-153.el7
2018-03-13T17:52:04.179 INFO:teuthology.orchestra.run.smithi097.stdout:           Available: selinux-policy-minimum-3.12.1-153.el7_0.10.noarch (rhel-7-server-rpms)

Actions

Copy link

Updated by Yuri Weinstein about 6 years ago

Brad, Boris - can you pls take a look at this? This is brand new ditrso rhel 7.4 we starting use in sepia.

Actions

Copy link

Updated by Brad Hubbard about 6 years ago

Project changed from Ceph to sepia

ceph-selinux-13.0.1-3017.g5fee268.el7.x86_64 was compiled on a (CentOS) machine with selinux-policy-* version 3.13.1-166.el7_4.9 installed so that becomes the minimum requirement.

If we take a look at the environment we are trying to install in...

[root@smithi074 ~]# yum list selinux-policy-targeted --showduplicates|gawk '/rhel-7-server-rpms/&&/3.13.1-166.el7_4.[79]/'
selinux-policy-targeted.noarch      3.13.1-166.el7_4.7       @rhel-7-server-rpms
selinux-policy-targeted.noarch      3.13.1-166.el7_4.7       rhel-7-server-rpms

If I install and subscribe a fresh rhel7.4 system.

# yum list selinux-policy-targeted --showduplicates|gawk '/rhel-7-server-rpms/&&/3.13.1-166.el7_4.[79]/'
selinux-policy-targeted.noarch    3.13.1-166.el7_4.7      rhel-7-server-rpms
selinux-policy-targeted.noarch    3.13.1-166.el7_4.9      rhel-7-server-rpms

What about if I re-register it?

[root@smithi074 ~]# subscription-manager unregister
Unregistering from: satellite.front.sepia.ceph.com:443/rhsm
System has been unregistered.
[root@smithi074 ~]# subscription-manager config --remove=server.hostname --remove=server.prefix --remove=rhsm.baseurl --remove=rhsm.full_refresh_on_yum --remove=rhsm.repo_ca_cert
You have removed the value for section server and name hostname.
The default value for hostname will now be used.
You have removed the value for section server and name prefix.
The default value for prefix will now be used.
You have removed the value for section rhsm and name baseurl.
The default value for baseurl will now be used.
You have removed the value for section rhsm and name full_refresh_on_yum.
The default value for full_refresh_on_yum will now be used.
You have removed the value for section rhsm and name repo_ca_cert.
The default value for repo_ca_cert will now be used.
[root@smithi074 ~]# subscription-manager register --activationkey=XXX --org=XXX
The system has been registered with ID: XXXX

Installed Product Current Status:
Product Name: Red Hat Enterprise Linux Server
Status: Not Subscribed

Unable to find available subscriptions for all your installed products.
[root@smithi074 ~]# subscription-manager attach

Installed Product Current Status:
Product Name: Red Hat Enterprise Linux Server
Status: Subscribed
[root@smithi074 ~]# yum clean all
Loaded plugins: fastestmirror, langpacks, priorities, product-id, search-disabled-repos, subscription-manager
Cleaning repos: ceph ceph-noarch ceph-source epel lab-extras rhel-7-fcgi-ceph rhel-7-server-rpms
Cleaning up everything
Maybe you want: rm -rf /var/cache/yum, to also free up space taken by orphaned data from disabled or removed repos
Cleaning up list of fastest mirrors
[root@smithi074 ~]# yum list selinux-policy-targeted --showduplicates|gawk '/rhel-7-server-rpms/&&/3.13.1-166.el7_4.[79]/'
selinux-policy-targeted.noarch 3.13.1-166.el7_4.7 @rhel-7-server-rpms
selinux-policy-targeted.noarch 3.13.1-166.el7_4.7 rhel-7-server-rpms
selinux-policy-targeted.noarch 3.13.1-166.el7_4.9 rhel-7-server-rpms

So it appears the rhel-7-server-rpms channel on satellite.front.sepia.ceph.com is not up to date.

Actions

Copy link

Updated by Yuri Weinstein about 6 years ago

Assignee set to David Galloway

David, can you take a look pls?

Actions

Copy link

Updated by David Galloway about 6 years ago

Assignee changed from David Galloway to Yuri Weinstein

D'oh. I set up a daily sync task on the Satellite but failed to add any repos to the task.

I've synced all repos. Can you try this again please and let me know if you run into the same problem?

Actions

Copy link

Updated by Yuri Weinstein about 6 years ago

Still errors, see => http://pulpito.ceph.com/teuthology-2018-03-14_14:24:19-smoke-master-testing-basic-smithi/

Actions

Copy link

Updated by David Galloway about 6 years ago

Yuri Weinstein wrote:

Still errors, see => http://pulpito.ceph.com/teuthology-2018-03-14_14:24:19-smoke-master-testing-basic-smithi/

Well, you're getting SELinux denials now instead of package installation errors.


 SELinux denials found on ubuntu@smithi196.front.sepia.ceph.com: ['type=AVC msg=audit(1521039078.707:2154): avc: denied { module_request } for pid=9074 comm="rhsmd" kmod=6E65746465762D70BE4916D87F scontext=system_u:system_r:rhsmcertd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:kernel_t:s0 tclass=system permissive=1', 'type=AVC msg=audit(1521039156.076:2165): avc: denied { module_request } for pid=9074 comm="rhsmd" kmod=6E65746465762DC0752F16D87F scontext=system_u:system_r:rhsmcertd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:kernel_t:s0 tclass=system permissive=1']

The proper thing to do would probably be to report a BZ.

The quick thing would be to whitelist rhsmd SELinux denials.

Actions

Copy link