RedHat Satellite update fails due to Selinux issue

Solution Verified - Updated -

Environment

  • Satellite 6.11, 6.12

Issue

  • While updating satellite its failing with below error:

    [ERROR ] [configure] /Stage[main]/Candlepin::Artemis/Selboolean[candlepin_can_bind_activemq_port]: Could not evaluate: Execution of '/usr/sbin/getsebool candlepin_can_bind_activemq_port' returned 255: Error getting active value for candlepin_can_bind_activemq_port

Resolution

  • Perform the following steps after taking healthy Snapshot\backup of server.

    1. Remove pcp-selinux
    # dnf remove pcp-selinux
    1. Stop all services
    # satellite-maintain service stop
    1. Be on permissive mode
    # setenforce 0
    1. Reinstall the foreman-selinux katello-selinux pulpcore-selinux candlepin-selinux and ensure there are no issues.
    # dnf reinstall foreman-selinux katello-selinux pulpcore-selinux candlepin-selinux --disableplugin=foreman- 
protector
    1. Start back the services
    # satellite-maintain service restart

Root Cause

  • Selinux was disabled when satellite was first installed and later it was enabled during upgrade.

Diagnostic Steps

  • For additional reference refer below article
    1358393

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments