RHEL7 EPEL vs rubygem-gssapi

Guys,

Attempting a clean RHEL7 install of foreman 1.6-RC2, but running into a
problem with rubygem-gssapi. It seems to be missing from the EPEL repos:

[root@foreman ~]# yum repolist
Loaded plugins: langpacks, product-id, subscription-manager
repo id repo name
status
epel/x86_64 Extra Packages for Enterprise
Linux 7 - x86_64 5,610
foreman/x86_64 Foreman 1.6
257
foreman-plugins/x86_64 Foreman plugins 1.6
85
puppetlabs-deps/x86_64 Puppet Labs Dependencies El 7 -
x86_64 10
puppetlabs-products/x86_64 Puppet Labs Products El 7 -
x86_64 79
rhel-7-server-optional-rpms/7Server/x86_64 Red Hat Enterprise Linux 7
Server - Optional (RPMs) 4,368
rhel-7-server-rpms/7Server/x86_64 Red Hat Enterprise Linux 7
Server (RPMs) 4,737
rhel-server-rhscl-7-rpms/7Server/x86_64 Red Hat Software Collections
RPMs for Red Hat Enterprise Linux 7 Server 779
repolist: 15,925
[root@foreman ~]# yum install foreman-proxy
Loaded plugins: langpacks, product-id, subscription-manager
rhel-7-server-optional-rpms
> 2.9 kB 00:00:00
rhel-7-server-rpms
> 3.7 kB 00:00:00
rhel-server-rhscl-7-rpms
> 3.1 kB 00:00:00
Resolving Dependencies
–> Running transaction check
—> Package foreman-proxy.noarch 0:1.6.0-0.2.RC2.el7 will be installed
–> Processing Dependency: rubygem(sinatra) for package:
foreman-proxy-1.6.0-0.2.RC2.el7.noarch
–> Processing Dependency: rubygem(rubyipmi) for package:
foreman-proxy-1.6.0-0.2.RC2.el7.noarch
–> Processing Dependency: rubygem(rkerberos) for package:
foreman-proxy-1.6.0-0.2.RC2.el7.noarch
–> Processing Dependency: rubygem(gssapi) for package:
foreman-proxy-1.6.0-0.2.RC2.el7.noarch
–> Processing Dependency: rubygem(bundler_ext) for package:
foreman-proxy-1.6.0-0.2.RC2.el7.noarch
–> Running transaction check
—> Package foreman-proxy.noarch 0:1.6.0-0.2.RC2.el7 will be installed
–> Processing Dependency: rubygem(gssapi) for package:
foreman-proxy-1.6.0-0.2.RC2.el7.noarch
—> Package rubygem-bundler_ext.noarch 0:0.3.0-6.el7 will be installed
–> Processing Dependency: rubygem(bundler) for package:
rubygem-bundler_ext-0.3.0-6.el7.noarch
—> Package rubygem-rkerberos.x86_64 0:0.1.3-2.1.el7 will be installed
—> Package rubygem-rubyipmi.noarch 0:0.7.0-2.el7 will be installed
–> Processing Dependency: ipmitool for package:
rubygem-rubyipmi-0.7.0-2.el7.noarch
—> Package rubygem-sinatra.noarch 1:1.3.5-1.el7 will be installed
–> Processing Dependency: rubygem(tilt) >= 1.3.3 for package:
1:rubygem-sinatra-1.3.5-1.el7.noarch
–> Processing Dependency: rubygem(rack-protection) >= 1.3.0 for package:
1:rubygem-sinatra-1.3.5-1.el7.noarch
–> Running transaction check
—> Package foreman-proxy.noarch 0:1.6.0-0.2.RC2.el7 will be installed
–> Processing Dependency: rubygem(gssapi) for package:
foreman-proxy-1.6.0-0.2.RC2.el7.noarch
—> Package ipmitool.x86_64 0:1.8.13-7.el7 will be installed
–> Processing Dependency: OpenIPMI-modalias for package:
ipmitool-1.8.13-7.el7.x86_64
—> Package rubygem-bundler.noarch 0:1.3.1-3.el7 will be installed
–> Processing Dependency: rubygem(thor) for package:
rubygem-bundler-1.3.1-3.el7.noarch
–> Processing Dependency: rubygem(net-http-persistent) for package:
rubygem-bundler-1.3.1-3.el7.noarch
—> Package rubygem-rack-protection.noarch 0:1.3.2-3.el7 will be installed
—> Package rubygem-tilt.noarch 0:1.3.7-2.el7 will be installed
–> Running transaction check
—> Package OpenIPMI-modalias.x86_64 0:2.0.19-11.el7 will be installed
—> Package foreman-proxy.noarch 0:1.6.0-0.2.RC2.el7 will be installed
–> Processing Dependency: rubygem(gssapi) for package:
foreman-proxy-1.6.0-0.2.RC2.el7.noarch
—> Package rubygem-net-http-persistent.noarch 0:2.8-5.el7 will be
installed
—> Package rubygem-thor.noarch 0:0.17.0-3.el7 will be installed
–> Finished Dependency Resolution
Error: Package: foreman-proxy-1.6.0-0.2.RC2.el7.noarch (foreman)
Requires: rubygem(gssapi)
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
[root@foreman ~]#

I've manually fetched rubygem-gssapi for older RHEL6 installs that I've
done, but this package doesn't seem to be in the RHEL7 EPEL repo.

Any ideas? I'm directly connected to all the external repos this time -
not working behind a corporate firewall today.

Cheers

Duncan

> Guys,
>
> Attempting a clean RHEL7 install of foreman 1.6-RC2, but running into a
> problem with rubygem-gssapi. It seems to be missing from the EPEL repos:
>
> [root@foreman ~]# yum repolist
[snip]
> --> Finished Dependency Resolution
> Error: Package: foreman-proxy-1.6.0-0.2.RC2.el7.noarch (foreman)
> Requires: rubygem(gssapi)
> You could try using --skip-broken to work around the problem
> You could try running: rpm -Va --nofiles --nodigest
> [root@foreman ~]#
>
> I've manually fetched rubygem-gssapi for older RHEL6 installs that I've
> done, but this package doesn't seem to be in the RHEL7 EPEL repo.
>
> Any ideas? I'm directly connected to all the external repos this time -
> not working behind a corporate firewall today.

There's a build of it in EPEL7, but I suspect it's not included as
rubygem-ffi (its dependency) hasn't been built yet.

http://koji.fedoraproject.org/koji/buildinfo?buildID=499187

Seems I started to rebuild ffi in our reops, but didn't build gssapi, so
that's not going to help much.

I'll see if we can get ffi built in EPEL7, as Bryan Kearney's the
maintainer.

https://bugzilla.redhat.com/show_bug.cgi?id=1096191

Cheers

D

http://koji.katello.org/packages/rubygem-ffi/1.4.0/2.el7/x86_64/rubygem-ffi-1.4.0-2.el7.x86_64.rpm
if you'd like to use it with the above gssapi build in the meantime.

If it's not fixed shortly, we'll pull them into our repos temporarily.

With Bryan's help, I've built and submitted it:
https://admin.fedoraproject.org/updates/rubygem-ffi-1.9.3-1.el7

Karma's only 1 as it's a new build, if anybody can test it.

Jan, could you also submit your rubygem-gssapi EL7 build for
epel7-testing please?

I've now created

https://admin.fedoraproject.org/updates/rubygem-gssapi-1.1.2-3.el7

Thanks guys, this gets me a little closer, but am now facing gem issues:

[root@foreman ~]# foreman-installer
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[foreman.rhel7.local]:
Could not evaluate: Could not load data from https://foreman.rhel7.local
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[foreman.rhel7.local]:
Failed to call refresh: Could not load data from https://foreman.rhel7.local
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[foreman.rhel7.local]:
Could not load data from https://foreman.rhel7.local
Installing Done
[100%] […]
Something went wrong! Check the log for ERROR-level output

After some digging, I find:

[root@foreman foreman]# cat /var/log/foreman/apipie_cache.log
rake aborted!
Please install the sqlite3 adapter: gem install activerecord-sqlite3-adapter (Could not find sqlite3 (~> 1.3.5) amongst
[actionmailer-3.2.8, actionpack-3.2.8, activemodel-3.2.8,
activerecord-3.2.8, activeresource-3.2.8, activesupport-3.2.8,
ancestry-2.0.0, apipie-rails-0.2.5, arel-3.0.2, audited-3.0.0,
audited-activerecord-3.0.0, bigdecimal-1.1.0, bootstrap-sass-3.0.3.0,
builder-3.0.0, bundler-1.3.5, bundler_ext-0.3.0, deep_cloneable-2.0.0,
diff-lcs-1.1.3, erubis-2.7.0, fast_gettext-0.8.0, foreigner-1.4.2,
gettext_i18n_rails-0.10.0, gettext_i18n_rails_js-0.0.8, hike-1.2.1,
i18n-0.6.0, i18n_data-0.2.7, io-console-0.3, journey-1.0.4,
jquery-rails-2.0.2, jquery-ui-rails-4.0.2, json-1.5.5, ldap_fluff-0.3.1,
mail-2.4.4, mime-types-1.19, minitest-2.5.1, multi_json-1.8.2,
net-http-persistent-2.7, net-ldap-0.3.1, netrc-0.7.7, oauth-0.4.7,
pg-0.12.2, po_to_json-0.0.7, polyglot-0.3.3, rabl-0.9.0, rack-1.4.1,
rack-cache-1.2, rack-ssl-1.3.2, rack-test-0.6.1, rails-3.2.8,
railties-3.2.8, rake-0.9.2.2, rdoc-3.9.5, ref-1.0.0, rest-client-1.6.7,
ruby2ruby-2.0.1, ruby_parser-3.1.1, safemode-1.2.1, sass-3.2.13,
scoped_search-2.7.1, sexp_processor-4.1.3, sprockets-2.4.5,
therubyracer-0.11.0beta5, thor-0.18.1, tilt-1.3.3, treetop-1.4.10,
tzinfo-0.3.33, uuidtools-2.1.3, validates_lengths_from_database-0.2.0,
will_paginate-3.0.2])

Tasks: TOP => apipie:cache => environment
(See full trace by running task with --trace)
[root@foreman foreman]#

Leaving me well past the point of being able to get something going.

Am I missing something? It's a fresh RHEL7 box, subscribed to the right
channels, installing foreman-installer, then running it without options.

Cheers

D

> Thanks guys, this gets me a little closer, but am now facing gem issues:
>
> [root@foreman ~]# foreman-installer
> /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[foreman.rhel7.local]:
> Could not evaluate: Could not load data from https://foreman.rhel7.local
> /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[foreman.rhel7.local]:
> Failed to call refresh: Could not load data from https://foreman.rhel7.local
> /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[foreman.rhel7.local]:
> Could not load data from https://foreman.rhel7.local
> Installing Done
> [100%] […]
> Something went wrong! Check the log for ERROR-level output

Try visiting the Foreman web UI, what's displayed? Any errors?

If so, check /var/log/foreman/production.log and httpd's error log
perhaps for more.

> After some digging, I find:
>
> [root@foreman foreman]# cat /var/log/foreman/apipie_cache.log
> rake aborted!
> Please install the sqlite3 adapter: gem install > activerecord-sqlite3-adapter (Could not find sqlite3 (~> 1.3.5) amongst

Ignore this, it's irrelevant.

>
> > Thanks guys, this gets me a little closer, but am now facing gem issues:
> >
> > [root@foreman ~]# foreman-installer
> >
> /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[foreman.rhel7.local]:
>
> > Could not evaluate: Could not load data from https://foreman.rhel7.local
> >
> /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[foreman.rhel7.local]:
>
> > Failed to call refresh: Could not load data from
> https://foreman.rhel7.local
> >
> /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[foreman.rhel7.local]:
>
> > Could not load data from https://foreman.rhel7.local
> > Installing Done
> > [100%] […]
> > Something went wrong! Check the log for ERROR-level output
>
> Try visiting the Foreman web UI, what's displayed? Any errors?
>
> If so, check /var/log/foreman/production.log and httpd's error log
> perhaps for more.
>
>
Sorry - should have said. Firefox gives me 403 for
https://foreman.rhel7.local. Chrome just says the https site is not
available (might have my browser certificates mangled a bit there).
firewalld is completely disabled at this point.

I'm also seeing:

[root@foreman httpd]# cat foreman-ssl_error_ssl.log
[Tue Sep 09 15:45:57.625139 2014] [autoindex:error] [pid 25318] [client
192.168.122.1:40494] AH01276: Cannot serve directory
/usr/share/foreman/public/: No matching DirectoryIndex
(index.html,index.html.var,index.cgi,index.pl,index.php,index.xhtml) found,
and server-generated directory index forbidden by Options directive
[Tue Sep 09 15:47:29.224151 2014] [autoindex:error] [pid 25326] [client
192.168.122.1:40499] AH01276: Cannot serve directory
/usr/share/foreman/public/: No matching DirectoryIndex
(index.html,index.html.var,index.cgi,index.pl,index.php,index.xhtml) found,
and server-generated directory index forbidden by Options directive
[root@foreman httpd]#

Had to start the foreman service manually too - is that the plan?

> > After some digging, I find:
> >
> > [root@foreman foreman]# cat /var/log/foreman/apipie_cache.log
> > rake aborted!
> > Please install the sqlite3 adapter: gem install > > activerecord-sqlite3-adapter (Could not find sqlite3 (~> 1.3.5) amongst
>
> Ignore this, it's irrelevant.
>
>
OK

> Try visiting the Foreman web UI, what's displayed? Any errors?
>
> If so, check /var/log/foreman/production.log and httpd's error log
> perhaps for more.
>
>
> Sorry - should have said. Firefox gives me 403 for
> https://foreman.rhel7.local. Chrome just says the https site is not
> available (might have my browser certificates mangled a bit there).
> firewalld is completely disabled at this point.
>
> I'm also seeing:
>
> [root@foreman httpd]# cat foreman-ssl_error_ssl.log
> [Tue Sep 09 15:45:57.625139 2014] [autoindex:error] [pid 25318] [client
> 192.168.122.1:40494] AH01276: Cannot serve directory
> /usr/share/foreman/public/: No matching DirectoryIndex
> (index.html,index.html.var,index.cgi,index.pl,index.php,index.xhtml)
> found, and server-generated directory index forbidden by Options directive
> [Tue Sep 09 15:47:29.224151 2014] [autoindex:error] [pid 25326] [client
> 192.168.122.1:40499] AH01276: Cannot serve directory
> /usr/share/foreman/public/: No matching DirectoryIndex
> (index.html,index.html.var,index.cgi,index.pl,index.php,index.xhtml)
> found, and server-generated directory index forbidden by Options directive
> [root@foreman httpd]#

I've just been testing a similar install on CentOS 7.0 and found we have
a remaining SELinux issue, which I don't believe is fixed here.

[Tue Sep 09 15:17:40.226767 2014] [passenger:error] [pid 13611] ***
Passenger could not be initialized because of this error: Unable to
start the Phusion Passenger watchdog: it seems to have crashed during
startup for an unknown reason, with exit code 1

(in httpd/error_log)

Digging a little, and it appears to be
Bug #7198: Socket read and write on RHEL7 - SELinux - Foreman, and it fixes the problem for
me, so I'll get that into 1.6.0.

Could you try with "setenforce 0", then restart httpd?

> Had to start the foreman service manually too - is that the plan?

Nah, httpd/Passenger should work.

>
> > Try visiting the Foreman web UI, what's displayed? Any errors?
> >
> > If so, check /var/log/foreman/production.log and httpd's error log
> > perhaps for more.
> >
> >
> > Sorry - should have said. Firefox gives me 403 for
> > https://foreman.rhel7.local. Chrome just says the https site is not
> > available (might have my browser certificates mangled a bit there).
> > firewalld is completely disabled at this point.
> >
> > I'm also seeing:
> >
> > [root@foreman httpd]# cat foreman-ssl_error_ssl.log
> > [Tue Sep 09 15:45:57.625139 2014] [autoindex:error] [pid 25318] [client
> > 192.168.122.1:40494] AH01276: Cannot serve directory
> > /usr/share/foreman/public/: No matching DirectoryIndex
> > (index.html,index.html.var,index.cgi,index.pl,index.php,index.xhtml)
> > found, and server-generated directory index forbidden by Options
> directive
> > [Tue Sep 09 15:47:29.224151 2014] [autoindex:error] [pid 25326] [client
> > 192.168.122.1:40499] AH01276: Cannot serve directory
> > /usr/share/foreman/public/: No matching DirectoryIndex
> > (index.html,index.html.var,index.cgi,index.pl,index.php,index.xhtml)
> > found, and server-generated directory index forbidden by Options
> directive
> > [root@foreman httpd]#
>
> I've just been testing a similar install on CentOS 7.0 and found we have
> a remaining SELinux issue, which I don't believe is fixed here.
>
> [Tue Sep 09 15:17:40.226767 2014] [passenger:error] [pid 13611] ***
> Passenger could not be initialized because of this error: Unable to
> start the Phusion Passenger watchdog: it seems to have crashed during
> startup for an unknown reason, with exit code 1
>
> (in httpd/error_log)
>
> Digging a little, and it appears to be
> Bug #7198: Socket read and write on RHEL7 - SELinux - Foreman, and it fixes the problem for
> me, so I'll get that into 1.6.0.
>
> Could you try with "setenforce 0", then restart httpd?
>
>
Looks like that's managing to haul Foreman into action. Thanks.

> > Had to start the foreman service manually too - is that the plan?
>
> Nah, httpd/Passenger should work.
>
>
Yes - um, forget that last question. Clearly didn't think that one through.

Cheers

D