Actions
Bug #20263
closed
Missing SELinux rules for httpd on RockyLinux
Pull Request:
Severity:
Minor - inconvenience | misleading | easy workaround
UX impact:
User visibility:
First impressions of Rudder
Effort required:
Small
Priority:
87
Name check:
To do
Fix check:
Checked
Regression:
Description
I tried to install a rudder server on a RockyLinux, it seems to work well but some SELinux rules are missing after the install and it blocks the inventories reception.
Error on the agent:
[root@agent1 ~]# rudder agent inventory
Rudder agent 6.2.10.release
Node uuid: 0b7a7887-567d-4c6f-ac0a-37ec5293e1da
M| State Technique Component Key Message
E| compliant Common Compute inventory splay Scheduling rudder_run_inventory was correct
Start execution with config [0]
error: Finished command related to promiser '/var/rudder/inventories/agent1-0b7a7887-567d-4c6f-ac0a-37ec5293e1da.ocs.*' -- an error occurred, returned 22
error: Transformer '/var/rudder/inventories/agent1-0b7a7887-567d-4c6f-ac0a-37ec5293e1da.ocs.sign' => '/usr/bin/curl --tlsv1.2 --location --insecure --fail --silent --proxy '' --user rudder:rudder --upload-file /var/rudder/inventories/agent1-0b7a7887-567d-4c6f-ac0a-37ec5293e1da.ocs.sign https://server/inventories/' returned error
error: Finished command related to promiser '/var/rudder/inventories/agent1-0b7a7887-567d-4c6f-ac0a-37ec5293e1da.ocs.*' -- an error occurred, returned 22
error: Transformer '/var/rudder/inventories/agent1-0b7a7887-567d-4c6f-ac0a-37ec5293e1da.ocs.gz' => '/usr/bin/curl --tlsv1.2 --location --insecure --fail --silent --proxy '' --user rudder:rudder --upload-file /var/rudder/inventories/agent1-0b7a7887-567d-4c6f-ac0a-37ec5293e1da.ocs.gz https://server/inventories/' returned error
E| error Inventory inventory Could not send the inventory
info Rudder agent was run on a subset of policies - not all policies were checked
## Summary #####################################################################
2 components verified in 4 directives
=> 2 components in Enforce mode
-> 1 compliant
-> 1 error
Execution time: 5.63s
################################################################################
On the apache log in trace mode:
[Mon Nov 15 14:55:57.065704 2021] [rewrite:trace1] [pid 27392:tid 139934463620864] mod_rewrite.c(482): [client 192.168.3.3:55720] 192.168.3.3 - - [server/sid#55fd7f105cd0][rid#7f45100499e0/initial] pass through /inventories/agent1-0b7a7887-567d-4c6f-ac0a-37ec5293e1da.ocs.gz [Mon Nov 15 14:55:57.068923 2021] [dav:error] [pid 27392:tid 139934463620864] [client 192.168.3.3:55720] Unable to PUT new contents for /inventories/agent1-0b7a7887-567d-4c6f-ac0a-37ec5293e1da.ocs.gz. [403, #0] [Mon Nov 15 14:55:57.068934 2021] [dav:error] [pid 27392:tid 139934463620864] (13)Permission denied: [client 192.168.3.3:55720] An error occurred while opening a resource. [500, #0]
Updated by 
Updated by
Actions