Hi Adam,

thanks for the hint, I'll try this as well.

Regards Thomas

2016-09-12 9:12 GMT+02:00 Adam Ruzicka <aruzi...@redhat.com>:

> Hi,
>
> Set selinux to permissive solved the problem.
>
>
> Disabling SELinux solves the issue, however there are more sophisticated
> ways of dealing with this. The root cause is SELinux not allowing the web
> server process to open outgoing connections to ports not marked as
> http_port_t. If you don't care about SELinux at all and you're ok with
> having it set to permissive, feel free to stop reading here.
>
> You could either allow it to open outgoing connections anywhere by setting
> a SELinux bool
> setsebool -P httpd_can_network_connect 1
>
> Or by marking the docker port as http_port_t
> semanage port -a -t http_port_t -p tcp $DOCKER_PORT
>
> Adam
>
> On Thu, Sep 8, 2016 at 5:54 PM, Thomas Bendler <thomas.bend...@gmail.com>
> wrote:
>
>> Hi Adam,
>>
>> thanks a lot, this was indeed the problem. Set selinux to permissive
>> solved the problem.
>>
>> Regards Thomas
>>
>> 2016-09-08 11:07 GMT+02:00 Adam Ruzicka <aruzi...@redhat.com>:
>>
>>> Hello,
>>> it might be a SELinux issue. Could you check /var/log/audit/audit.log
>>> for lines containing the port number? If it is a SELinux issue you should
>>> see something like this there
>>>
>>> type=AVC msg=audit(1473324981.209:1007): avc:  denied  { name_connect }
>>> for  pid=4380 comm="diagnostic_con*" dest=4243
>>> scontext=system_u:system_r:passenger_t:s0 
>>> tcontext=system_u:object_r:unreserved_port_t:s0
>>> tclass=tcp_socket
>>>
>>>
>>> Adam
>>>
>>> On Thu, Sep 8, 2016 at 10:43 AM, Thomas Bendler <
>>> thomas.bend...@gmail.com> wrote:
>>>
>>>> Hi @all,
>>>>
>>>> I try to setup the docker plugin on foreman but didn't get it up and
>>>> running so far. I have two CentOS 7 boxes, one running foreman and one
>>>> running docker. I've modified the docker sysconfig file to start docker
>>>> with the remote API:
>>>>
>>>> thbe@docker1.domain.local ~$ curl -XGET http://localhost:4243/version
>>>>
>>>> {"Version":"1.10.3","ApiVersion":"1.22","GitCommit":"d381c64
>>>> -unsupported","GoVersion":"go1.6.3","Os":"linux","Arch":"amd
>>>> 64","KernelVersion":"3.10.0-327.28.2.el7.x86_64","BuildTime"
>>>> :"2016-08-04T13:21:17.566257784+00:00","PkgVersion":"docker-
>>>> common-1.10.3-46.el7.centos.10.x86_64"}
>>>>
>>>> thbe@docker1.domain.local ~$
>>>>
>>>> [...]
>>>>
>>>> thbe@manage1.domain.local ~$ curl -XGET http://docker1.domain.local:42
>>>> 43/version
>>>>
>>>> {"Version":"1.10.3","ApiVersion":"1.22","GitCommit":"d381c64
>>>> -unsupported","GoVersion":"go1.6.3","Os":"linux","Arch":"amd
>>>> 64","KernelVersion":"3.10.0-327.28.2.el7.x86_64","BuildTime"
>>>> :"2016-08-04T13:21:17.566257784+00:00","PkgVersion":"docker-
>>>> common-1.10.3-46.el7.centos.10.x86_64"}
>>>>
>>>> thbe@manage1.domain.local ~$
>>>>
>>>> It work from the docker host and the foreman host, so far so good.
>>>> Checking if additional operations work looks also good:
>>>>
>>>> thbe@manage1.domain.local ~$ curl -XPOST http://docker1.domain.local:42
>>>> 43/images/create?fromImage=centos:7
>>>>
>>>> {"status":"Trying to pull repository docker.io/library/centos ... "}
>>>>
>>>> {"status":"Pulling from docker.io/library/centos","id":"7"}
>>>>
>>>> {"status":"Pulling fs layer","progressDetail":{},"id":"8d30e94188e7"}
>>>>
>>>> {"status":"Downloading","progressDetail":{"current":526329,"
>>>> total":70591526},"progress":"[\u003e
>>>>                 ] 526.3 kB/70.59 MB","id":"8d30e94188e7"}
>>>>
>>>> [...]
>>>>
>>>> {"status":"Extracting","progressDetail":{"current":70591526,
>>>> "total":70591526},"progress":"[==================================================\u003e]
>>>> 70.59 MB/70.59 MB","id":"8d30e94188e7"}
>>>>
>>>> {"status":"Pull complete","progressDetail":{},"id":"8d30e94188e7"}
>>>>
>>>> {"status":"Pull complete","progressDetail":{},"id":"8d30e94188e7"}
>>>>
>>>> {"status":"Digest: sha256:2ae0d2c881c7123870114fb
>>>> 9cc7afabd1e31f9888dac8286884f6cf59373ed9b"}
>>>>
>>>> {"status":"Status: Downloaded newer image for docker.io/centos:7"}
>>>>
>>>> thbe@manage1.domain.local ~$
>>>>
>>>> But when I create the compute resource in foreman (without
>>>> user/password/email), I get:
>>>>
>>>> Permission denied - connect(2) for 192.168.XXX.XXX:4243 (Errno::EACCES)
>>>>
>>>> ​If I use my Docker Hub credentials for user/password/email, I got the
>>>> same error:
>>>>
>>>> Permission denied - connect(2) for 192.168.XXX.XXX:4243 (Errno::EACCES)
>>>>
>>>> Anyone any idea how can fix this?​
>>>>
>>>> ​Regards Thomas​
>>>> --
>>>> Linux ... enjoy the ride!
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Foreman users" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to foreman-users+unsubscr...@googlegroups.com.
>>>> To post to this group, send email to foreman-users@googlegroups.com.
>>>> Visit this group at https://groups.google.com/group/foreman-users.
>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Foreman users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to foreman-users+unsubscr...@googlegroups.com.
>>> To post to this group, send email to foreman-users@googlegroups.com.
>>> Visit this group at https://groups.google.com/group/foreman-users.
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>
>>
>> --
>> Linux ... enjoy the ride!
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Foreman users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to foreman-users+unsubscr...@googlegroups.com.
>> To post to this group, send email to foreman-users@googlegroups.com.
>> Visit this group at https://groups.google.com/group/foreman-users.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Foreman users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to foreman-users+unsubscr...@googlegroups.com.
> To post to this group, send email to foreman-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/foreman-users.
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

Reply via email to