Fixed
Created: Jul 28, 2013
Updated: Mar 11, 2016
Resolved Date: Sep 4, 2013
Found In Version: 5.0.1
Fix Version: 5.0.1.7
Severity: Severe
Applicable for: Wind River Linux 5
Component/s: Userspace
Problem Description
======================
Selinux is set to Permissive to avoid another engine-setup error when configuring JVM.
And then it is failed to confgiure HTTPD.
Get following error in engine-setup-xxx.log:
2013-07-28 09:19:13::DEBUG::setup_sequences::59::root:: running _configureSelinuxBoolean
2013-07-28 09:19:13::DEBUG::engine-setup::744::root:: Enable httpd_can_network_connect boolean
2013-07-28 09:19:13::DEBUG::common_utils::372::root:: Executing command --> '/usr/sbin/semanage boolean --modify --on httpd_can_network_connect'
2013-07-28 09:19:13::DEBUG::common_utils::410::root:: output =
2013-07-28 09:19:13::DEBUG::common_utils::411::root:: stderr = /usr/sbin/semanage: Boolean httpd_can_network_connect is not defined
2013-07-28 09:19:13::DEBUG::common_utils::412::root:: retcode = 1
2013-07-28 09:19:13::DEBUG::setup_sequences::62::root:: Traceback (most recent call last):
File "/usr/share/ovirt-engine/scripts/setup_sequences.py", line 60, in run
function()
File "/usr/bin/engine-setup", line 752, in _configureSelinuxBoolean
out, rc = utils.execCmd(cmdList=cmd, failOnError=True, msg=output_messages.ERR_FAILED_UPDATING_SELINUX_BOOLEAN)
File "/usr/share/ovirt-engine/scripts/common_utils.py", line 415, in execCmd
raise Exception(msg)
Exception: Failed to enable SELinux boolean
Expected Behavior
======================
Succeed to setup oVirt engine.
Observed Behavior
======================
Can't configure HTTPD for oVirt engine.
Logs
======================
The console output:
root@localhost:~# engine-setup
Welcome to oVirt Engine setup utility
oVirt Engine uses httpd to proxy requests to the application server.
It looks like the httpd installed locally is being actively used.
The installer can override current configuration .
Alternatively you can use JBoss directly (on ports higher than 1024)
Do you wish to override current httpd configuration and restart the service? ['yes'| 'no'] [yes] : yes
HTTP Port [80] :
HTTPS Port [443] :
Host fully qualified domain name. Note: this name should be fully resolvable [localhost.localdomain] : pek-ovirt-engine.wrs.com
Enter a password for an internal oVirt Engine administrator user (admin@internal) :
Warning: Weak Password.
Confirm password :
Organization Name for the Certificate [localdomain] : wrs.com
The engine can be configured to present the UI in three different application modes. virt [Manage virtualization only], gluster [Manage gluster storage only], and both [Manage virtualization as well as gluster storage] ['virt'| 'gluster'| 'both'] [both] :
The default storage type you will be using ['NFS'| 'FC'| 'ISCSI'| 'POSIXFS'] [NFS] :
Enter DB type for installation ['remote'| 'local'] [local] :
Enter a password for a local oVirt Engine DB admin user (engine) :
Warning: Weak Password.
Confirm password :
Local ISO domain path [/var/lib/exports/iso] : /exports/iso
Firewall ports need to be opened.
The installer can configure firewall automatically overriding the current configuration. The old configuration will be backed up.
Alternately you can configure the firewall later using an example file.
Which firewall do you wish to configure? ['None']: none
Configure VDSM on this host? ['yes'| 'no'] [yes] : no
oVirt Engine will be installed using the following configuration:
=================================================================
override-httpd-config: yes
http-port: 80
https-port: 443
host-fqdn: pek-ovirt-engine.wrs.com
auth-pass: ********
org-name: wrs.com
application-mode: both
default-dc-type: NFS
db-remote-install: local
db-local-pass: ********
nfs-mp: /exports/iso
override-firewall: none
config-allinone: no
Proceed with the configuration listed above? (yes|no): yes
Installing:
Configuring oVirt Engine... [ DONE ]
Configuring JVM... [ DONE ]
Creating CA... [ DONE ]
Updating ovirt-engine service... [ DONE ]
Setting Database Configuration... [ DONE ]
Setting Database Security... [ DONE ]
Creating Database... [ DONE ]
Updating the Default Data Center Storage Type... [ DONE ]
Editing oVirt Engine Configuration... [ DONE ]
Editing Postgresql Configuration... [ DONE ]
Configuring the Default ISO Domain... [ DONE ]
Configuring Firewall... [ DONE ]
Starting ovirt-engine Service... [ DONE ]
Configuring HTTPD... [ ERROR ]
Failed to enable SELinux boolean
Please check log file /var/log/ovirt-engine/engine-setup_2013_07_28_09_16_53.log for more information
Misc Info
======================
It should be passed to run engine-setup whether selinux is disabled or not.
In wrlinux, semanage always return 1:
root@localhost:~# setenforce 1
root@localhost:~# getenforce
Enforcing
root@localhost:~# /usr/sbin/semanage boolean --modify --on httpd_can_network_connect
root@localhost:~# echo $?
1
root@localhost:~# setenforce 0
root@localhost:~# getenforce
Permissive
root@localhost:~# /usr/sbin/semanage boolean --modify --on httpd_can_network_connect
/usr/sbin/semanage: Boolean httpd_can_network_connect is not defined
root@localhost:~# echo $?
1
But in fedora, semanage always return 0:
[root@ovirt-engine ~]# setenforce 1
[root@ovirt-engine ~]# getenforce
Enforcing
[root@ovirt-engine ~]# /usr/sbin/semanage boolean --modify --on httpd_can_network_connect
[root@ovirt-engine ~]# echo $?
0
[root@ovirt-engine ~]# setenforce 0
[root@ovirt-engine ~]# getenforce
Permissive
[root@ovirt-engine ~]# /usr/sbin/semanage boolean --modify --on httpd_can_network_connect
[root@ovirt-engine ~]# echo $?
0
step 1; /buildarea1/product/wrlinux-ovp/wrlinux/configure --enable-board=intel-xeon-core --enable-rootfs=ovp-ovirt-engine --enable-addons=wr-ovp --with-package=wrs-kvm-helper --with-template=feature/openvswitch,feature/vxlan --enable-parallel-pkgbuilds=5 --enable-jobs=5 --with-sstate-dir=/buildarea1/build/PUBLIC_SSTATES/intel-xeon-core
step 2; make fs
step 3; Boot intel-xeon-core target
step 4; On target, run command:
# setenfore 0
# engine-setup
