Katello nightly pipeline failed:
https://ci.theforeman.org/job/katello-nightly-rpm-pipeline/692/
foreman-pipeline-katello-nightly-centos7-upgrade (failed)
foreman-pipeline-katello-nightly-centos7-install (passed)
Katello nightly pipeline failed:
https://ci.theforeman.org/job/katello-nightly-rpm-pipeline/692/
foreman-pipeline-katello-nightly-centos7-upgrade (failed)
foreman-pipeline-katello-nightly-centos7-install (passed)
hrmm, its getting further, but failing at:
[ WARN 2020-09-13T23:34:56 verbose]
/Stage[main]/Pulpcore::Config/Pulpcore::Admin[collectstatic
–noinput]/Exec[pulpcore-manager collectstatic --noinput]/returns:
PermissionError: [Errno 13] Permission denied:
‘/var/lib/pulp/assets/guardian’
Unclear if its due to file permissions or selinux, will spin up a box to
check.
The only SELinux related things I see are:
type=AVC msg=audit(1600038848.320:2622): avc: denied { write } for pid=13657 comm="sidekiq" name="home" dev="vda1" ino=5979546 scontext=system_u:system_r:foreman_rails_t:s0 tcontext=unconfined_u:object_r:rpm_script_tmp_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1600038848.320:2623): avc: denied { write } for pid=13657 comm="sidekiq" name="home" dev="vda1" ino=5979546 scontext=system_u:system_r:foreman_rails_t:s0 tcontext=unconfined_u:object_r:rpm_script_tmp_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1600038883.828:2633): avc: denied { write } for pid=14177 comm="ruby" name="home" dev="vda1" ino=5979546 scontext=system_u:system_r:foreman_rails_t:s0 tcontext=unconfined_u:object_r:rpm_script_tmp_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1600038883.828:2634): avc: denied { write } for pid=14177 comm="ruby" name="home" dev="vda1" ino=5979546 scontext=system_u:system_r:foreman_rails_t:s0 tcontext=unconfined_u:object_r:rpm_script_tmp_t:s0 tclass=dir permissive=0
Which does not look related to Pulp 3 at all.
I suspect this is because we used to run collectstatic
as root, but now as pulp:
That would at least explain why it’s working on install, but not upgrade.
That sounds like a good candidate, yeah!
How can we nicely fix that?
Probably not a complete fix:
found a bug
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.