Hi,
Set selinux to permissive solved the problem.
Disabling SELinux solves the issue, however there are more sophisticated
ways of dealing with this. The root cause is SELinux not allowing the web
server process to open outgoing connections to ports not marked as
http_port_t. If you don't care about SELinux at all and you're ok with
having it set to permissive, feel free to stop reading here.
You could either allow it to open outgoing connections anywhere by setting
a SELinux bool
setsebool -P httpd_can_network_connect 1
Or by marking the docker port as http_port_t
semanage port -a -t http_port_t -p tcp $DOCKER_PORT
Adam
On Thu, Sep 8, 2016 at 5:54 PM, Thomas Bendler <thomas.bend...@gmail.com>
wrote:
> Hi Adam,
>
> thanks a lot, this was indeed the problem. Set selinux to permissive
> solved the problem.
>
> Regards Thomas
>
> 2016-09-08 11:07 GMT+02:00 Adam Ruzicka <aruzi...@redhat.com>:
>
>> Hello,
>> it might be a SELinux issue. Could you check /var/log/audit/audit.log for
>> lines containing the port number? If it is a SELinux issue you should see
>> something like this there
>>
>> type=AVC msg=audit(1473324981.209:1007): avc: denied { name_connect }
>> for pid=4380 comm="diagnostic_con*" dest=4243
>> scontext=system_u:system_r:passenger_t:s0
>> tcontext=system_u:object_r:unreserved_port_t:s0
>> tclass=tcp_socket
>>
>>
>> Adam
>>
>> On Thu, Sep 8, 2016 at 10:43 AM, Thomas Bendler <thomas.bend...@gmail.com
>> > wrote:
>>
>>> Hi @all,
>>>
>>> I try to setup the docker plugin on foreman but didn't get it up and
>>> running so far. I have two CentOS 7 boxes, one running foreman and one
>>> running docker. I've modified the docker sysconfig file to start docker
>>> with the remote API:
>>>
>>> thbe@docker1.domain.local ~$ curl -XGET http://localhost:4243/version
>>>
>>> {"Version":"1.10.3","ApiVersion":"1.22","GitCommit":"d381c64
>>> -unsupported","GoVersion":"go1.6.3","Os":"linux","Arch":"amd
>>> 64","KernelVersion":"3.10.0-327.28.2.el7.x86_64","BuildTim
>>> e":"2016-08-04T13:21:17.566257784+00:00","PkgVersion":"
>>> docker-common-1.10.3-46.el7.centos.10.x86_64"}
>>>
>>> thbe@docker1.domain.local ~$
>>>
>>> [...]
>>>
>>> thbe@manage1.domain.local ~$ curl -XGET http://docker1.domain.local:42
>>> 43/version
>>>
>>> {"Version":"1.10.3","ApiVersion":"1.22","GitCommit":"d381c64
>>> -unsupported","GoVersion":"go1.6.3","Os":"linux","Arch":"amd
>>> 64","KernelVersion":"3.10.0-327.28.2.el7.x86_64","BuildTim
>>> e":"2016-08-04T13:21:17.566257784+00:00","PkgVersion":"
>>> docker-common-1.10.3-46.el7.centos.10.x86_64"}
>>>
>>> thbe@manage1.domain.local ~$
>>>
>>> It work from the docker host and the foreman host, so far so good.
>>> Checking if additional operations work looks also good:
>>>
>>> thbe@manage1.domain.local ~$ curl -XPOST http://docker1.domain.local:42
>>> 43/images/create?fromImage=centos:7
>>>
>>> {"status":"Trying to pull repository docker.io/library/centos ... "}
>>>
>>> {"status":"Pulling from docker.io/library/centos","id":"7"}
>>>
>>> {"status":"Pulling fs layer","progressDetail":{},"id":"8d30e94188e7"}
>>>
>>> {"status":"Downloading","progressDetail":{"current":526329,"
>>> total":70591526},"progress":"[\u003e
>>> ] 526.3 kB/70.59 MB","id":"8d30e94188e7"}
>>>
>>> [...]
>>>
>>> {"status":"Extracting","progressDetail":{"current":70591526,
>>> "total":70591526},"progress":"[==================================================\u003e]
>>> 70.59 MB/70.59 MB","id":"8d30e94188e7"}
>>>
>>> {"status":"Pull complete","progressDetail":{},"id":"8d30e94188e7"}
>>>
>>> {"status":"Pull complete","progressDetail":{},"id":"8d30e94188e7"}
>>>
>>> {"status":"Digest: sha256:2ae0d2c881c7123870114fb
>>> 9cc7afabd1e31f9888dac8286884f6cf59373ed9b"}
>>>
>>> {"status":"Status: Downloaded newer image for docker.io/centos:7"}
>>>
>>> thbe@manage1.domain.local ~$
>>>
>>> But when I create the compute resource in foreman (without
>>> user/password/email), I get:
>>>
>>> Permission denied - connect(2) for 192.168.XXX.XXX:4243 (Errno::EACCES)
>>>
>>> If I use my Docker Hub credentials for user/password/email, I got the
>>> same error:
>>>
>>> Permission denied - connect(2) for 192.168.XXX.XXX:4243 (Errno::EACCES)
>>>
>>> Anyone any idea how can fix this?
>>>
>>> Regards Thomas
>>> --
>>> Linux ... enjoy the ride!
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Foreman users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to foreman-users+unsubscr...@googlegroups.com.
>>> To post to this group, send email to foreman-users@googlegroups.com.
>>> Visit this group at https://groups.google.com/group/foreman-users.
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Foreman users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to foreman-users+unsubscr...@googlegroups.com.
>> To post to this group, send email to foreman-users@googlegroups.com.
>> Visit this group at https://groups.google.com/group/foreman-users.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> --
> Linux ... enjoy the ride!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Foreman users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to foreman-users+unsubscr...@googlegroups.com.
> To post to this group, send email to foreman-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/foreman-users.
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
