Actions
Bug #27254
open
Bug #27156: Do not send CA list on client authentication
Apache refuses to start when /var/rudder/lib/ssl/policy_server.pem is a symlink
Status:
Pending release
Priority:
N/A
Assignee:
Category:
Server components
Target version:
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No
Description
When we try to copy /var/rudder/cfengine-community/inputs/certs/policy-server.pem, which is a symlink, apache refuse to start, telling us that the file does not exist:
Jul 09 12:25:05 server httpd[76973]: AH00526: Syntax error on line 32 of /opt/rudder/etc/rudder-apache-relay-ssl.conf: Jul 09 12:25:05 server httpd[76973]: SSLCADNRequestFile: file '/var/rudder/lib/ssl/policy_server.pem' does not exist or is empty
While:
[root@server vagrant]# ll /var/rudder/lib/ssl/policy_server.pem lrwxrwxrwx. 1 root rudder 8 Jul 9 08:31 /var/rudder/lib/ssl/policy_server.pem -> root.pem [root@server vagrant]# ll /var/rudder/lib/ssl/root.pem -rw-r-----. 1 root rudder 1894 Jul 9 08:35 /var/rudder/lib/ssl/root.pem cat /var/rudder/lib/ssl/policy_server.pem -----BEGIN CERTIFICATE----- MIIFSzCCAzOgAwIBAgIUI5ZJHwI/wFbd9VF4CTMeJ3ChRccwDQYJKoZIhvcNAQEL BQAwFjEUMBIGCgmSJomT8ixkAQEMBHJvb3QwHhcNMjUwNzA5MDgyOTE3WhcNMzUw NzA3MDgyOTE3WjAWMRQwEgYKCZImiZPyLGQBAQwEcm9vdDCCAiIwDQYJKoZIhvcN AQEBBQADggIPADCCAgoCggIBAMKFlne/p6Wo8pCFuRkF7etkDLC0vWqLML5LRF1B 1+1wEdY8Eq/WRTF7wK6SKIRCLLJttsbEVw6zP5lSmTBqQrOYSooWhBFyXmU+SvAL ....
So we need to copy root.pem directly
Files
Updated by François ARMAND 1 day ago
- Status changed from New to In progress
- Assignee set to François ARMAND
Updated by François ARMAND 1 day ago
- Status changed from In progress to Pending technical review
- Assignee changed from François ARMAND to Benoît PECCATTE
- Pull Request set to https://github.com/Normation/rudder-techniques/pull/1892
Updated by François ARMAND about 19 hours ago
- Status changed from Pending technical review to In progress
Updated by Nicolas CHARLES about 19 hours ago
the selinux log is
type=AVC msg=audit(1752150940.565:1072): avc: denied { read } for pid=26024 comm="httpd" name="policy_server.pem" dev="sda4" ino=477651 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:rudder_relayd_var_lib_t:s0 tclass=lnk_file permissive=0
Updated by Benoît PECCATTE about 17 hours ago
- Status changed from In progress to Pending technical review
- Assignee changed from Benoît PECCATTE to François ARMAND
- Pull Request changed from https://github.com/Normation/rudder-techniques/pull/1892 to https://github.com/Normation/rudder/pull/6514
Updated by Benoît PECCATTE about 16 hours ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder|4d891cb773ead9772d5f5358508149ae75931d2f.
Actions