Hello,

I've just now updated to F1.10.2 from 1.10.1. My foreman host runs
CentOS7.2, 3.10.0-327.10.1.el7.x86_64

Something seemed to have gone wrong, SELinux blocking foreman and puppet
master, I had to disable SELinux:

: Starting Puppet master version 3.8.6
: Failed to submit 'replace facts' command for w-mpo-03.int.m-box.de to
PuppetDB at foreman.int.m-box.de:8081: Connection refused - connect(2)
: /etc/selinux/targeted/contexts/files/file_contexts: invalid context
system_u:object_r:puppet_etc_t:s0
: /etc/selinux/targeted/contexts/files/file_contexts: invalid context
system_u:object_r:puppet_etc_t:s0
: /etc/selinux/targeted/contexts/files/file_contexts: invalid context
system_u:object_r:puppet_etc_t:s0
: /etc/selinux/targeted/contexts/files/file_contexts: invalid context
system_u:object_r:puppet_etc_t:s0
(ect.pp.)

The relevant selinux packages installed:
libselinux-utils-2.2.2-6.el7.x86_64
libselinux-2.2.2-6.el7.x86_64
selinux-policy-targeted-3.13.1-60.el7_2.3.noarch
libselinux-ruby-2.2.2-6.el7.x86_64
libselinux-python-2.2.2-6.el7.x86_64
foreman-selinux-1.10.2-1.el7.noarch
selinux-policy-3.13.1-60.el7_2.3.noarch

The installer causes errors, apparently packages have been renamed, now
ruby193-rubygem-passenger40-xx

Execution of '/usr/bin/yum -d 0 -e 0 -y list
ruby193-rubygem-passenger-native' returned 1: Error: No matching
Packages to list
/Stage[main]/Foreman::Install/Package[ruby193-rubygem-passenger-native]/ensure: change from absent to present failed: Execution of '/usr/bin/yum -d 0 -e 0 -y list ruby193-rubygem-passenger-native' returned 1: Error: No matching Packages to list

[root@foreman ~]# yum search ruby193-rubygem-passenger
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile

• base: ftp.wrz.de
• epel: mirrors.coreix.net
• extras: mirror.cuegee.de
• updates: centosmirror.netcup.net
  ================================================== N/S matched:
  ruby193-rubygem-passenger ==================================================
  ruby193-rubygem-passenger40-debuginfo.x86_64 : Debug information for
  package ruby193-rubygem-passenger40
  ruby193-rubygem-passenger40.x86_64 : Passenger Ruby web application server
  ruby193-rubygem-passenger40-devel.x86_64 : Apache Module for Phusion
  Passenger
  ruby193-rubygem-passenger40-doc.noarch : Apache Module for Phusion Passenger
  ruby193-rubygem-passenger40-native.x86_64 : Phusion Passenger native
  extensions
  ruby193-rubygem-passenger40-native-libs.x86_64 : Phusion Passenger
  native extensions

Further, I had to remove tfm-rubygem-foreman_cockpit, as it was causing
connection errors:

2016-03-07 19:40:34 [app] [I] Rendered hosts/show.html.erb within
layouts/application (307.5ms)
2016-03-07 19:40:34 [app] [W] Action failed
> Errno::EACCES: Permission denied - connect(2)
> /opt/rh/ruby193/root/usr/share/ruby/net/http.rb:763:in initialize' > /opt/rh/ruby193/root/usr/share/ruby/net/http.rb:763:inopen'
> /opt/rh/ruby193/root/usr/share/ruby/net/http.rb:763:in block in connect' > /opt/rh/ruby193/root/usr/share/ruby/timeout.rb:55:intimeout'
> /opt/rh/ruby193/root/usr/share/ruby/timeout.rb:100:in timeout' > /opt/rh/ruby193/root/usr/share/ruby/net/http.rb:763:inconnect'
> /opt/rh/ruby193/root/usr/share/ruby/net/http.rb:756:in do_start' > /opt/rh/ruby193/root/usr/share/ruby/net/http.rb:745:instart'
>
/opt/theforeman/tfm/root/usr/share/gems/gems/rbovirt-0.0.35/lib/restclient_ext/request.rb:44:in
transmit' > /opt/theforeman/tfm/root/usr/share/gems/gems/rest-client-1.6.7/lib/restclient/request.rb:64:inexecute'
>
/opt/theforeman/tfm/root/usr/share/gems/gems/rest-client-1.6.7/lib/restclient/request.rb:33:in
execute' > /opt/theforeman/tfm/root/usr/share/gems/gems/rest-client-1.6.7/lib/restclient.rb:68:inget'
>
/opt/theforeman/tfm/root/usr/share/gems/gems/foreman_cockpit-1.0.3/app/models/concerns/foreman_cockpit/host_extensions.rb:22:in
block in ping_cockpit_service' > /opt/rh/ruby193/root/usr/share/ruby/timeout.rb:69:intimeout'
>
/opt/theforeman/tfm/root/usr/share/gems/gems/foreman_cockpit-1.0.3/app/models/concerns/foreman_cockpit/host_extensions.rb:21:in
ping_cockpit_service' > /opt/theforeman/tfm/root/usr/share/gems/gems/foreman_cockpit-1.0.3/app/models/concerns/foreman_cockpit/host_extensions.rb:10:incockpit_enabled?'
>
/opt/theforeman/tfm/root/usr/share/gems/gems/foreman_cockpit-1.0.3/app/helpers/concerns/foreman_cockpit/hosts_helper_extensions.rb:13:in
host_title_actions_with_cockpit' > /usr/share/foreman/app/views/hosts/show.html.erb:3:in_37b1c30930b73ec0710732fce54ba477'
>
/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_view/template.rb:145:in
block in render' > /opt/rh/ruby193/root/usr/share/gems/gems/activesupport-3.2.8/lib/active_support/notifications.rb:125:ininstrument'
>
/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_view/template.rb:143:in
render' > /opt/theforeman/tfm/root/usr/share/gems/gems/deface-1.0.1/lib/deface/action_view_extensions.rb:41:inrender'
>
/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_view/renderer/template_renderer.rb:47:in
block (2 levels) in render_template' > /opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_view/renderer/abstract_renderer.rb:38:inblock in instrument'
>
/opt/rh/ruby193/root/usr/share/gems/gems/activesupport-3.2.8/lib/active_support/notifications.rb:123:in
block in instrument' > /opt/rh/ruby193/root/usr/share/gems/gems/activesupport-3.2.8/lib/active_support/notifications/instrumenter.rb:20:ininstrument'
>
/opt/rh/ruby193/root/usr/share/gems/gems/activesupport-3.2.8/lib/active_support/notifications.rb:123:in
instrument' > /opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_view/renderer/abstract_renderer.rb:38:ininstrument'
>
/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_view/renderer/template_renderer.rb:46:in
block in render_template' > /opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_view/renderer/template_renderer.rb:54:inrender_with_layout'
>
/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_view/renderer/template_renderer.rb:45:in
render_template' > /opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_view/renderer/template_renderer.rb:18:inrender'
>
/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_view/renderer/renderer.rb:36:in
render_template' > /opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_view/renderer/renderer.rb:17:inrender'
>
/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/abstract_controller/rendering.rb:110:in
_render_template' > /opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_controller/metal/streaming.rb:225:in_render_template'
>
/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/abstract_controller/rendering.rb:103:in
render_to_body' > /opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_controller/metal/renderers.rb:28:inrender_to_body'
>
/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_controller/metal/compatibility.rb:50:in
render_to_body' > /opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/abstract_controller/rendering.rb:88:inrender'
>
/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_controller/metal/rendering.rb:16:in
render' > /opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_controller/metal/instrumentation.rb:40:inblock (2 levels) in render'
>
/opt/rh/ruby193/root/usr/share/gems/gems/activesupport-3.2.8/lib/active_support/core_ext/benchmark.rb:5:in
block in ms' > /opt/rh/ruby193/root/usr/share/ruby/benchmark.rb:295:inrealtime'
>
/opt/rh/ruby193/root/usr/share/gems/gems/activesupport-3.2.8/lib/active_support/core_ext/benchmark.rb:5:in
ms' > /opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_controller/metal/instrumentation.rb:40:inblock in render'
>
/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_controller/metal/instrumentation.rb:83:in
cleanup_view_runtime' > /opt/rh/ruby193/root/usr/share/gems/gems/activerecord-3.2.8/lib/active_record/railties/controller_runtime.rb:24:incleanup_view_runtime'
>
/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_controller/metal/instrumentation.rb:39:in
render' > /opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_controller/metal/implicit_render.rb:10:indefault_render'
>
/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_controller/metal/implicit_render.rb:5:in
send_action' > /opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/abstract_controller/base.rb:167:inprocess_action'
>
/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_controller/metal/rendering.rb:10:in
process_action' > /opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/abstract_controller/callbacks.rb:18:inblock in process_action'
>
/opt/rh/ruby193/root/usr/share/gems/gems/activesupport-3.2.8/lib/active_support/callbacks.rb:660:in
block (4 levels) in _run__4095104249420218070__process_action__4524731289656068627__callbacks' > /opt/rh/ruby193/root/usr/share/gems/gems/activesupport-3.2.8/lib/active_support/callbacks.rb:215:inblock in _conditional_callback_around_8076'
>
/opt/rh/ruby193/root/usr/share/gems/gems/activesupport-3.2.8/lib/active_support/callbacks.rb:326:in
around' > /opt/rh/ruby193/root/usr/share/gems/gems/activesupport-3.2.8/lib/active_support/callbacks.rb:310:in_callback_around_3080'
>
/opt/rh/ruby193/root/usr/share/gems/gems/activesupport-3.2.8/lib/active_support/callbacks.rb:214:in
_conditional_callback_around_8076' > /opt/rh/ruby193/root/usr/share/gems/gems/activesupport-3.2.8/lib/active_support/callbacks.rb:626:inblock (3 levels) in
_run__4095104249420218070__process_action__4524731289656068627__callbacks'
>
/opt/rh/ruby193/root/usr/share/gems/gems/activesupport-3.2.8/lib/active_support/callbacks.rb:215:in
block in _conditional_callback_around_8075' > /usr/share/foreman/app/controllers/concerns/application_shared.rb:13:inset_timezone'
>
/opt/rh/ruby193/root/usr/share/gems/gems/activesupport-3.2.8/lib/active_support/callbacks.rb:214:in
_conditional_callback_around_8075' > /opt/rh/ruby193/root/usr/share/gems/gems/activesupport-3.2.8/lib/active_support/callbacks.rb:625:inblock (2 levels) in
_run__4095104249420218070__process_action__4524731289656068627__callbacks'
>
/opt/rh/ruby193/root/usr/share/gems/gems/activesupport-3.2.8/lib/active_support/callbacks.rb:215:in
block in _conditional_callback_around_8074' > /usr/share/foreman/app/models/concerns/foreman/thread_session.rb:32:inclear_thread'
>
/opt/rh/ruby193/root/usr/share/gems/gems/activesupport-3.2.8/lib/active_support/callbacks.rb:214:in
_conditional_callback_around_8074' > /opt/rh/ruby193/root/usr/share/gems/gems/activesupport-3.2.8/lib/active_support/callbacks.rb:448:inblock in
_run__4095104249420218070__process_action__4524731289656068627__callbacks'
>
/opt/rh/ruby193/root/usr/share/gems/gems/activesupport-3.2.8/lib/active_support/callbacks.rb:215:in
block in _conditional_callback_around_8073' > /opt/rh/ruby193/root/usr/share/gems/gems/activesupport-3.2.8/lib/active_support/callbacks.rb:326:inaround'
>
/opt/rh/ruby193/root/usr/share/gems/gems/activesupport-3.2.8/lib/active_support/callbacks.rb:310:in
_callback_around_13' > /opt/rh/ruby193/root/usr/share/gems/gems/activesupport-3.2.8/lib/active_support/callbacks.rb:214:in_conditional_callback_around_8073'
>
/opt/rh/ruby193/root/usr/share/gems/gems/activesupport-3.2.8/lib/active_support/callbacks.rb:414:in
_run__4095104249420218070__process_action__4524731289656068627__callbacks' > /opt/rh/ruby193/root/usr/share/gems/gems/activesupport-3.2.8/lib/active_support/callbacks.rb:405:in__run_callback'
>
/opt/rh/ruby193/root/usr/share/gems/gems/activesupport-3.2.8/lib/active_support/callbacks.rb:385:in
_run_process_action_callbacks' > /opt/rh/ruby193/root/usr/share/gems/gems/activesupport-3.2.8/lib/active_support/callbacks.rb:81:inrun_callbacks'
>
/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/abstract_controller/callbacks.rb:17:in
process_action' > /opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_controller/metal/rescue.rb:29:inprocess_action'
>
/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_controller/metal/instrumentation.rb:30:in
block in process_action' > /opt/rh/ruby193/root/usr/share/gems/gems/activesupport-3.2.8/lib/active_support/notifications.rb:123:inblock in instrument'
>
/opt/rh/ruby193/root/usr/share/gems/gems/activesupport-3.2.8/lib/active_support/notifications/instrumenter.rb:20:in
instrument' > /opt/rh/ruby193/root/usr/share/gems/gems/activesupport-3.2.8/lib/active_support/notifications.rb:123:ininstrument'
>
/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_controller/metal/instrumentation.rb:29:in
process_action' > /opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_controller/metal/params_wrapper.rb:207:inprocess_action'
>
/opt/rh/ruby193/root/usr/share/gems/gems/activerecord-3.2.8/lib/active_record/railties/controller_runtime.rb:18:in
process_action' > /opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/abstract_controller/base.rb:121:inprocess'
>
/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/abstract_controller/rendering.rb:45:in
process' > /opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_controller/metal.rb:203:indispatch'
>
/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_controller/metal/rack_delegation.rb:14:in
dispatch' > /opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_controller/metal.rb:246:inblock in action'
>
/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_dispatch/routing/route_set.rb:73:in
call' > /opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_dispatch/routing/route_set.rb:73:indispatch'
>
/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_dispatch/routing/route_set.rb:36:in
call' > /opt/rh/ruby193/root/usr/share/gems/gems/journey-1.0.4/lib/journey/router.rb:68:inblock in call'
>
/opt/rh/ruby193/root/usr/share/gems/gems/journey-1.0.4/lib/journey/router.rb:56:in
each' > /opt/rh/ruby193/root/usr/share/gems/gems/journey-1.0.4/lib/journey/router.rb:56:incall'
>
/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_dispatch/routing/route_set.rb:600:in
call' > /opt/theforeman/tfm/root/usr/share/gems/gems/apipie-rails-0.2.6/lib/apipie/extractor/recorder.rb:97:incall'
>
/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_dispatch/middleware/static.rb:62:in
call' > /opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_dispatch/middleware/static.rb:62:incall'
>
/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_dispatch/middleware/static.rb:62:in
call' > /opt/theforeman/tfm/root/usr/share/gems/gems/apipie-rails-0.2.6/lib/apipie/middleware/checksum_in_headers.rb:27:incall'
>
/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_dispatch/middleware/best_standards_support.rb:17:in
call' > /opt/rh/ruby193/root/usr/share/gems/gems/rack-1.4.1/lib/rack/etag.rb:23:incall'
>
/opt/rh/ruby193/root/usr/share/gems/gems/rack-1.4.1/lib/rack/conditionalget.rb:25:in
call' > /opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_dispatch/middleware/head.rb:14:incall'
>
/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_dispatch/middleware/params_parser.rb:21:in
call' > /usr/share/foreman/lib/middleware/catch_json_parse_errors.rb:9:incall'
>
/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_dispatch/middleware/flash.rb:242:in
call' > /opt/rh/ruby193/root/usr/share/gems/gems/rack-1.4.1/lib/rack/session/abstract/id.rb:205:incontext'
>
/opt/rh/ruby193/root/usr/share/gems/gems/rack-1.4.1/lib/rack/session/abstract/id.rb:200:in
call' > /opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_dispatch/middleware/cookies.rb:339:incall'
>
/opt/rh/ruby193/root/usr/share/gems/gems/activerecord-3.2.8/lib/active_record/query_cache.rb:64:in
call' > /opt/rh/ruby193/root/usr/share/gems/gems/activerecord-3.2.8/lib/active_record/connection_adapters/abstract/connection_pool.rb:473:incall'
>
/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_dispatch/middleware/callbacks.rb:28:in
block in call' > /opt/rh/ruby193/root/usr/share/gems/gems/activesupport-3.2.8/lib/active_support/callbacks.rb:405:in_run__897772770191184078__call__2707769411776942791__callbacks'
>
/opt/rh/ruby193/root/usr/share/gems/gems/activesupport-3.2.8/lib/active_support/callbacks.rb:405:in
__run_callback' > /opt/rh/ruby193/root/usr/share/gems/gems/activesupport-3.2.8/lib/active_support/callbacks.rb:385:in_run_call_callbacks'
>
/opt/rh/ruby193/root/usr/share/gems/gems/activesupport-3.2.8/lib/active_support/callbacks.rb:81:in
run_callbacks' > /opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_dispatch/middleware/callbacks.rb:27:incall'
>
/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_dispatch/middleware/remote_ip.rb:31:in
call' > /opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_dispatch/middleware/debug_exceptions.rb:16:incall'
>
/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_dispatch/middleware/show_exceptions.rb:56:in
call' > /opt/rh/ruby193/root/usr/share/gems/gems/railties-3.2.8/lib/rails/rack/logger.rb:26:incall_app'
>
/opt/rh/ruby193/root/usr/share/gems/gems/railties-3.2.8/lib/rails/rack/logger.rb:16:in
call' > /opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_dispatch/middleware/request_id.rb:22:incall'
>
/opt/rh/ruby193/root/usr/share/gems/gems/rack-1.4.1/lib/rack/methodoverride.rb:21:in
call' > /opt/rh/ruby193/root/usr/share/gems/gems/rack-1.4.1/lib/rack/runtime.rb:17:incall'
>
/opt/rh/ruby193/root/usr/share/gems/gems/activesupport-3.2.8/lib/active_support/cache/strategy/local_cache.rb:72:in
call' > /opt/rh/ruby193/root/usr/share/gems/gems/rack-1.4.1/lib/rack/lock.rb:15:incall'
>
/opt/rh/ruby193/root/usr/share/gems/gems/actionpack-3.2.8/lib/action_dispatch/middleware/static.rb:

> Hello,
>
> I've just now updated to F1.10.2 from 1.10.1. My foreman host runs
> CentOS7.2, 3.10.0-327.10.1.el7.x86_64
>
> Something seemed to have gone wrong, SELinux blocking foreman and puppet
> master, I had to disable SELinux:
>
> : Starting Puppet master version 3.8.6
> : Failed to submit 'replace facts' command for w-mpo-03.int.m-box.de to
> PuppetDB at foreman.int.m-box.de:8081: Connection refused - connect(2)

This looks more like the PuppetDB service isn't running, since SELinux
would give a permission denied error (e.g. the cockpit one later on).
If you have SELinux denials they should also be logged as AVCs in
/var/log/audit/audit.log, which gives the debug info we'd need to help
further.

There is a bit of Puppet related policy in foreman-selinux, but
generally Puppet policy shouldn't be provided by the Foreman project…
so nothing's provided by us to permit connections from Puppet to PuppetDB.

If you're running Passenger then the passenger_can_connect_all boolean
could be enabled to allow connections to anything, including PuppetDB.

> The installer causes errors, apparently packages have been renamed, now
> ruby193-rubygem-passenger40-xx
>
> Execution of '/usr/bin/yum -d 0 -e 0 -y list
> ruby193-rubygem-passenger-native' returned 1: Error: No matching
> Packages to list
> /Stage[main]/Foreman::Install/Package[ruby193-rubygem-passenger-native]/ensure: change from absent to present failed: Execution of '/usr/bin/yum -d 0 -e 0 -y list ruby193-rubygem-passenger-native' returned 1: Error: No matching Packages to list

This is from 1.9 to 1.10, the package is now
tfm-rubygem-passenger-native. On a major upgrade the installer answers
aren't updated, so you could pass
–foreman-passenger-ruby-package=tfm-rubygem-passenger-native to the
installer command to change it.

> [root@foreman ~]# yum search ruby193-rubygem-passenger
> Loaded plugins: fastestmirror
> Loading mirror speeds from cached hostfile
> * base: ftp.wrz.de
> * epel: mirrors.coreix.net
> * extras: mirror.cuegee.de
> * updates: centosmirror.netcup.net
> ================================================== N/S matched:
> ruby193-rubygem-passenger ==================================================
> ruby193-rubygem-passenger40-debuginfo.x86_64 : Debug information for
> package ruby193-rubygem-passenger40
> ruby193-rubygem-passenger40.x86_64 : Passenger Ruby web application server
> ruby193-rubygem-passenger40-devel.x86_64 : Apache Module for Phusion
> Passenger
> ruby193-rubygem-passenger40-doc.noarch : Apache Module for Phusion Passenger
> ruby193-rubygem-passenger40-native.x86_64 : Phusion Passenger native
> extensions
> ruby193-rubygem-passenger40-native-libs.x86_64 : Phusion Passenger
> native extensions

These passenger40 packages aren't ours, they're from SCL projects.
They're not needed to run Foreman.

> Further, I had to remove tfm-rubygem-foreman_cockpit, as it was causing
> connection errors:
>
> 2016-03-07 19:40:34 [app] [I] Rendered hosts/show.html.erb within
> layouts/application (307.5ms)
> 2016-03-07 19:40:34 [app] [W] Action failed
> > Errno::EACCES: Permission denied - connect(2)

This looks more like SELinux, which won't permit connections from
Foreman to these hosts by default. You could enable the boolean I
mentioned above or add extra policy (audit2allow?) to permit this.

It would be worth filing a bug with the foreman_cockpit or
foreman-selinux projects to add a boolean to allow these connections.

>> Hello,
>>
>> I've just now updated to F1.10.2 from 1.10.1. My foreman host runs
>> CentOS7.2, 3.10.0-327.10.1.el7.x86_64
>>
>> Something seemed to have gone wrong, SELinux blocking foreman and puppet
>> master, I had to disable SELinux:
>>
>> : Starting Puppet master version 3.8.6
>> : Failed to submit 'replace facts' command for w-mpo-03.int.m-box.de to
>> PuppetDB at foreman.int.m-box.de:8081: Connection refused - connect(2)
>
> This looks more like the PuppetDB service isn't running, since SELinux
> would give a permission denied error (e.g. the cockpit one later on).
> If you have SELinux denials they should also be logged as AVCs in
> /var/log/audit/audit.log, which gives the debug info we'd need to help
> further.

Thanks for helping out.

I've attached audit2why.txt - exaples are:
type=AVC msg=audit(1457307116.531:554808): avc: denied { getattr } for
pid=22010 comm="ruby" path="/usr/sbin/dmidecode" dev="sda3" ino=7149843
scontext=system_u:system_r:passenger_t:s0
tcontext=system_u:object_r:dmidecode_exec_t:s0 tclass=file

type=AVC msg=audit(1457371704.867:564261): avc: denied { unlink } for
pid=4421 comm="ruby" name="preloader.4421" dev="tmpfs" ino=59232600
scontext=system_u:system_r:passenger_t:s0
tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file

type=AVC msg=audit(1457370663.383:563993): avc: denied { write } for
pid=2581 comm="httpd" name="request" dev="tmpfs" ino=57659158
scontext=system_u:system_r:httpd_t:s0
tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file

>
> There is a bit of Puppet related policy in foreman-selinux, but
> generally Puppet policy shouldn't be provided by the Foreman project…
> so nothing's provided by us to permit connections from Puppet to PuppetDB.
>
> If you're running Passenger then the passenger_can_connect_all boolean
> could be enabled to allow connections to anything, including PuppetDB.
PuppetDB is running, passenger related bools:

getsebool -a|grep passenger

passenger_can_connect_all --> on
passenger_can_connect_docker_tcp --> on
passenger_can_connect_docker_unix --> on
passenger_can_connect_ldap --> on
passenger_can_connect_libvirt --> on
passenger_can_connect_openstack --> on
passenger_can_connect_smtp --> on
passenger_can_spawn_ssh --> on
passenger_run_foreman --> on
passenger_run_puppetmaster --> on

>
>> The installer causes errors, apparently packages have been renamed, now
>> ruby193-rubygem-passenger40-xx
>>
>> Execution of '/usr/bin/yum -d 0 -e 0 -y list
>> ruby193-rubygem-passenger-native' returned 1: Error: No matching
>> Packages to list
>> /Stage[main]/Foreman::Install/Package[ruby193-rubygem-passenger-native]/ensure: change from absent to present failed: Execution of '/usr/bin/yum -d 0 -e 0 -y list ruby193-rubygem-passenger-native' returned 1: Error: No matching Packages to list
>
> This is from 1.9 to 1.10, the package is now
> tfm-rubygem-passenger-native. On a major upgrade the installer answers
> aren't updated, so you could pass
> --foreman-passenger-ruby-package=tfm-rubygem-passenger-native to the
> installer command to change it.
>
>> [root@foreman ~]# yum search ruby193-rubygem-passenger
>> Loaded plugins: fastestmirror
>> Loading mirror speeds from cached hostfile
>> * base: ftp.wrz.de
>> * epel: mirrors.coreix.net
>> * extras: mirror.cuegee.de
>> * updates: centosmirror.netcup.net
>> ================================================== N/S matched:
>> ruby193-rubygem-passenger ==================================================
>> ruby193-rubygem-passenger40-debuginfo.x86_64 : Debug information for
>> package ruby193-rubygem-passenger40
>> ruby193-rubygem-passenger40.x86_64 : Passenger Ruby web application server
>> ruby193-rubygem-passenger40-devel.x86_64 : Apache Module for Phusion
>> Passenger
>> ruby193-rubygem-passenger40-doc.noarch : Apache Module for Phusion Passenger
>> ruby193-rubygem-passenger40-native.x86_64 : Phusion Passenger native
>> extensions
>> ruby193-rubygem-passenger40-native-libs.x86_64 : Phusion Passenger
>> native extensions
>
> These passenger40 packages aren't ours, they're from SCL projects.
> They're not needed to run Foreman.
>
>> Further, I had to remove tfm-rubygem-foreman_cockpit, as it was causing
>> connection errors:
>>
>> 2016-03-07 19:40:34 [app] [I] Rendered hosts/show.html.erb within
>> layouts/application (307.5ms)
>> 2016-03-07 19:40:34 [app] [W] Action failed
>> > Errno::EACCES: Permission denied - connect(2)
>
> This looks more like SELinux, which won't permit connections from
> Foreman to these hosts by default. You could enable the boolean I
> mentioned above or add extra policy (audit2allow?) to permit this.
>
> It would be worth filing a bug with the foreman_cockpit or
> foreman-selinux projects to add a boolean to allow these connections.

Hm, SELinux was already disabled at this time. Enabling SELinux
currently brakes foreman altogether as I get a HTTP/500

audit2why.txt.xz (8.28 KB)