Hi Adam,

thanks for the hint, I'll try this as well.

Regards Thomas

2016-09-12 9:12 GMT+02:00 Adam Ruzicka <[email protected]>:

> Hi,
>
> Set selinux to permissive solved the problem.
>
>
> Disabling SELinux solves the issue, however there are more sophisticated
> ways of dealing with this. The root cause is SELinux not allowing the web
> server process to open outgoing connections to ports not marked as
> http_port_t. If you don't care about SELinux at all and you're ok with
> having it set to permissive, feel free to stop reading here.
>
> You could either allow it to open outgoing connections anywhere by setting
> a SELinux bool
> setsebool -P httpd_can_network_connect 1
>
> Or by marking the docker port as http_port_t
> semanage port -a -t http_port_t -p tcp $DOCKER_PORT
>
> Adam
>
> On Thu, Sep 8, 2016 at 5:54 PM, Thomas Bendler <[email protected]>
> wrote:
>
>> Hi Adam,
>>
>> thanks a lot, this was indeed the problem. Set selinux to permissive
>> solved the problem.
>>
>> Regards Thomas
>>
>> 2016-09-08 11:07 GMT+02:00 Adam Ruzicka <[email protected]>:
>>
>>> Hello,
>>> it might be a SELinux issue. Could you check /var/log/audit/audit.log
>>> for lines containing the port number? If it is a SELinux issue you should
>>> see something like this there
>>>
>>> type=AVC msg=audit(1473324981.209:1007): avc:  denied  { name_connect }
>>> for  pid=4380 comm="diagnostic_con*" dest=4243
>>> scontext=system_u:system_r:passenger_t:s0 
>>> tcontext=system_u:object_r:unreserved_port_t:s0
>>> tclass=tcp_socket
>>>
>>>
>>> Adam
>>>
>>> On Thu, Sep 8, 2016 at 10:43 AM, Thomas Bendler <
>>> [email protected]> wrote:
>>>
>>>> Hi @all,
>>>>
>>>> I try to setup the docker plugin on foreman but didn't get it up and
>>>> running so far. I have two CentOS 7 boxes, one running foreman and one
>>>> running docker. I've modified the docker sysconfig file to start docker
>>>> with the remote API:
>>>>
>>>> [email protected] ~$ curl -XGET http://localhost:4243/version
>>>>
>>>> {"Version":"1.10.3","ApiVersion":"1.22","GitCommit":"d381c64
>>>> -unsupported","GoVersion":"go1.6.3","Os":"linux","Arch":"amd
>>>> 64","KernelVersion":"3.10.0-327.28.2.el7.x86_64","BuildTime"
>>>> :"2016-08-04T13:21:17.566257784+00:00","PkgVersion":"docker-
>>>> common-1.10.3-46.el7.centos.10.x86_64"}
>>>>
>>>> [email protected] ~$
>>>>
>>>> [...]
>>>>
>>>> [email protected] ~$ curl -XGET http://docker1.domain.local:42
>>>> 43/version
>>>>
>>>> {"Version":"1.10.3","ApiVersion":"1.22","GitCommit":"d381c64
>>>> -unsupported","GoVersion":"go1.6.3","Os":"linux","Arch":"amd
>>>> 64","KernelVersion":"3.10.0-327.28.2.el7.x86_64","BuildTime"
>>>> :"2016-08-04T13:21:17.566257784+00:00","PkgVersion":"docker-
>>>> common-1.10.3-46.el7.centos.10.x86_64"}
>>>>
>>>> [email protected] ~$
>>>>
>>>> It work from the docker host and the foreman host, so far so good.
>>>> Checking if additional operations work looks also good:
>>>>
>>>> [email protected] ~$ curl -XPOST http://docker1.domain.local:42
>>>> 43/images/create?fromImage=centos:7
>>>>
>>>> {"status":"Trying to pull repository docker.io/library/centos ... "}
>>>>
>>>> {"status":"Pulling from docker.io/library/centos","id":"7"}
>>>>
>>>> {"status":"Pulling fs layer","progressDetail":{},"id":"8d30e94188e7"}
>>>>
>>>> {"status":"Downloading","progressDetail":{"current":526329,"
>>>> total":70591526},"progress":"[\u003e
>>>>                 ] 526.3 kB/70.59 MB","id":"8d30e94188e7"}
>>>>
>>>> [...]
>>>>
>>>> {"status":"Extracting","progressDetail":{"current":70591526,
>>>> "total":70591526},"progress":"[==================================================\u003e]
>>>> 70.59 MB/70.59 MB","id":"8d30e94188e7"}
>>>>
>>>> {"status":"Pull complete","progressDetail":{},"id":"8d30e94188e7"}
>>>>
>>>> {"status":"Pull complete","progressDetail":{},"id":"8d30e94188e7"}
>>>>
>>>> {"status":"Digest: sha256:2ae0d2c881c7123870114fb
>>>> 9cc7afabd1e31f9888dac8286884f6cf59373ed9b"}
>>>>
>>>> {"status":"Status: Downloaded newer image for docker.io/centos:7"}
>>>>
>>>> [email protected] ~$
>>>>
>>>> But when I create the compute resource in foreman (without
>>>> user/password/email), I get:
>>>>
>>>> Permission denied - connect(2) for 192.168.XXX.XXX:4243 (Errno::EACCES)
>>>>
>>>> ​If I use my Docker Hub credentials for user/password/email, I got the
>>>> same error:
>>>>
>>>> Permission denied - connect(2) for 192.168.XXX.XXX:4243 (Errno::EACCES)
>>>>
>>>> Anyone any idea how can fix this?​
>>>>
>>>> ​Regards Thomas​
>>>> --
>>>> Linux ... enjoy the ride!
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Foreman users" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to [email protected].
>>>> To post to this group, send email to [email protected].
>>>> Visit this group at https://groups.google.com/group/foreman-users.
>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Foreman users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to [email protected].
>>> To post to this group, send email to [email protected].
>>> Visit this group at https://groups.google.com/group/foreman-users.
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>
>>
>> --
>> Linux ... enjoy the ride!
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Foreman users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>> To post to this group, send email to [email protected].
>> Visit this group at https://groups.google.com/group/foreman-users.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Foreman users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To post to this group, send email to [email protected].
> Visit this group at https://groups.google.com/group/foreman-users.
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

Reply via email to