Added
http://tracker.ceph.com/issues/40743 ""SELinux denials found" in
ceph-deploy/nautilus"
On Thu, Jul 11, 2019 at 2:21 PM Sage Weil <sweil(a)redhat.com> wrote:
>
> On Wed, 10 Jul 2019, Yuri Weinstein wrote:
> > ceph-volume PASSED (thx Andrew!)
> > ceph-deploy is deferred ?
>
> The first problem is that the teuthology ceph_deploy.py task was using
> ceph-create-keys, which is gone in nautilus. Fix:
>
>
https://github.com/ceph/ceph/pull/29002
>
> which should get backported to nautilus. With that change, my test run is
> hitting other problems, but they seem unrelated... an selinux denial, and
> a py2/py3 thing:
>
> 2019-07-11T17:10:47.277
INFO:teuthology.orchestra.run.mira063.stderr:[ceph_deploy][ERROR ] Traceback (most recent
call last):
> 2019-07-11T17:10:47.277
INFO:teuthology.orchestra.run.mira063.stderr:[ceph_deploy][ERROR ] File
"/home/ubuntu/cephtest/ceph-deploy/ceph_deploy/util/decorators.py", line 69, in
newfunc
> 2019-07-11T17:10:47.277
INFO:teuthology.orchestra.run.mira063.stderr:[ceph_deploy][ERROR ] return f(*a, **kw)
> 2019-07-11T17:10:47.277
INFO:teuthology.orchestra.run.mira063.stderr:[ceph_deploy][ERROR ] File
"/home/ubuntu/cephtest/ceph-deploy/ceph_deploy/cli.py", line 166, in _main
> 2019-07-11T17:10:47.278
INFO:teuthology.orchestra.run.mira063.stderr:[ceph_deploy][ERROR ] return
args.func(args)
> 2019-07-11T17:10:47.279
INFO:teuthology.orchestra.run.mira063.stderr:[ceph_deploy][ERROR ] File
"/home/ubuntu/cephtest/ceph-deploy/ceph_deploy/new.py", line 145, in new
> 2019-07-11T17:10:47.279
INFO:teuthology.orchestra.run.mira063.stderr:[ceph_deploy][ERROR ] remote_ips =
net.ip_addresses(distro.conn)
> 2019-07-11T17:10:47.279
INFO:teuthology.orchestra.run.mira063.stderr:[ceph_deploy][ERROR ] File
"/home/ubuntu/cephtest/ceph-deploy/ceph_deploy/util/net.py", line 84, in
ip_addresses
> 2019-07-11T17:10:47.279
INFO:teuthology.orchestra.run.mira063.stderr:[ceph_deploy][ERROR ] ifaces =
linux_interfaces(conn)
> 2019-07-11T17:10:47.279
INFO:teuthology.orchestra.run.mira063.stderr:[ceph_deploy][ERROR ] File
"/home/ubuntu/cephtest/ceph-deploy/ceph_deploy/util/net.py", line 168, in
linux_interfaces
> 2019-07-11T17:10:47.279
INFO:teuthology.orchestra.run.mira063.stderr:[ceph_deploy][ERROR ] ifaces =
_interfaces_ip(b'\n'.join(cmd1).decode('utf-8') + '\n' +
> 2019-07-11T17:10:47.279
INFO:teuthology.orchestra.run.mira063.stderr:[ceph_deploy][ERROR ] TypeError: sequence
item 0: expected a bytes-like object, str found
> 2019-07-11T17:10:47.280
INFO:teuthology.orchestra.run.mira063.stderr:[ceph_deploy][ERROR ]
>
> ...but only on ubuntu 18.04; centos 7.6 hits the selinux thing instead.
>
> see
http://pulpito.ceph.com/sage-2019-07-11_16:58:04-ceph-deploy-master-distro-…
>
> Anyway, I think the only concern is whether the selinux denial is
> a problem for 14.2.2:
>
> SELinux denials found on ubuntu(a)mira111.front.sepia.ceph.com: ['type=AVC
> msg=audit(1562873206.107:6783): avc: denied { getattr } for pid=27073
> comm="fn_anonymous" path="/run/udev/data/b8:16"
dev="tmpfs" ino=171147
> scontext=system_u:system_r:ceph_t:s0
> tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1',
> 'type=AVC msg=audit(1562873121.637:6464): avc: denied { getattr } for
> pid=25719 comm="ms_dispatch" path="/proc/kcore"
dev="proc" ino=4026532068
> scontext=system_u:system_r:ceph_t:s0
> tcontext=system_u:object_r:proc_kcore_t:s0 tclass=file permissive=1',
> 'type=AVC msg=audit(1562873206.107:6782): avc: denied { read } for
> pid=27073 comm="fn_anonymous" name="b8:16" dev="tmpfs"
ino=171147
> scontext=system_u:system_r:ceph_t:s0
> tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1',
> 'type=AVC msg=audit(1562873220.884:6841): avc: denied { open } for
> pid=27750 comm="fn_anonymous" path="/run/udev/data/b8:48"
dev="tmpfs"
> ino=169443 scontext=system_u:system_r:ceph_t:s0
> tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1',
> 'type=AVC msg=audit(1562873132.862:6512): avc: denied { getattr } for
> pid=25719 comm="ms_dispatch" path="/proc/kcore"
dev="proc" ino=4026532068
> scontext=system_u:system_r:ceph_t:s0
> tcontext=system_u:object_r:proc_kcore_t:s0 tclass=file permissive=1',
> 'type=AVC msg=audit(1562873220.884:6841): avc: denied { read } for
> pid=27750 comm="fn_anonymous" name="b8:48" dev="tmpfs"
ino=169443
> scontext=system_u:system_r:ceph_t:s0
> tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1',
> 'type=AVC msg=audit(1562873220.885:6842): avc: denied { getattr } for
> pid=27750 comm="fn_anonymous" path="/run/udev/data/b8:48"
dev="tmpfs"
> ino=169443 scontext=system_u:system_r:ceph_t:s0
> tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1',
> 'type=AVC msg=audit(1562873206.107:6782): avc: denied { open } for
> pid=27073 comm="fn_anonymous" path="/run/udev/data/b8:16"
dev="tmpfs"
> ino=171147 scontext=system_u:system_r:ceph_t:s0
> tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=1']
>
> ?
> sage
>
>
> > > Sage, 14.2.2 is ready for your approval. > Nathan, David FYI > >
> > On Wed, Jul 10, 2019 at 12:33 PM Yuri Weinstein <yweinste(a)redhat.com>
wrote:
> > >
> > > In short - two outstanding issues: ceph-voliume and ceph-deploy
> > > ============================
> > > Status update and outstanding issues:
> > >
> > > rados - PASSED
> > > rgw - Casey approved
> > > rbd - Jason approved
> > > krbd - Ilya approved
> > > fs - Patrick approved
> > > kcephfs - Patrick approved
> > > multimds - Patrick approved
> > >
> > > ceph-deploy - FAILED Sage is looking
> > >
> > > upgrade/client-upgrade-hammer (nautilus) - PASSED
> > > upgrade/client-upgrade-jewel (nPASSED on Casey's fixautilus) - PASSED
> > > upgrade/client-upgrade-mimic (nautilus) - PASSED
> > >
> > > upgrade/luminous-p2p - PASSED on Casey's fix
> > >
> > > powercycle - PASSED
> > >
> > > ceph-ansible - PASSED on Brad's fix (one job failed seems in infra,
Brad FYI)
> > > upgrade/luminous-x (nautilus) - PASSED on Casey's fix
> > > upgrade/mimic-x (nautilus) - PASSED on Casey's fix
> > >
> > > ceph-volume - FAILED, Alfredo, Andrew fixing.
> > > (
> > > several ceph-volume relatedcommits were added:
> > > 305527f38f86cb7c850b21e042a6336fbc90749a
> > > 7c292056473a3085a662699e268773d1e06e9e0a
> > > c12a9eace2a129c617fa602685f13828d8646895
> > > b38a0ce96ae1c69723757e4cbefedd0ab5485b95
> > > d2c53596c96d53edb3968fdaed2ad26f4c9003df
> > > a2fbaea6a98a7604f66a265399b69ce8c501a7e5
> > > 6e9f39bad46c0c93ec91ab56d0b86b8bffb0bc3a
> > > )
> > _______________________________________________
> > Dev mailing list -- dev(a)ceph.io
> > To unsubscribe send an email to dev-leave(a)ceph.io
> >
> >