Hi Adam, thanks for the hint, I'll try this as well.
Regards Thomas 2016-09-12 9:12 GMT+02:00 Adam Ruzicka <[email protected]>: > Hi, > > Set selinux to permissive solved the problem. > > > Disabling SELinux solves the issue, however there are more sophisticated > ways of dealing with this. The root cause is SELinux not allowing the web > server process to open outgoing connections to ports not marked as > http_port_t. If you don't care about SELinux at all and you're ok with > having it set to permissive, feel free to stop reading here. > > You could either allow it to open outgoing connections anywhere by setting > a SELinux bool > setsebool -P httpd_can_network_connect 1 > > Or by marking the docker port as http_port_t > semanage port -a -t http_port_t -p tcp $DOCKER_PORT > > Adam > > On Thu, Sep 8, 2016 at 5:54 PM, Thomas Bendler <[email protected]> > wrote: > >> Hi Adam, >> >> thanks a lot, this was indeed the problem. Set selinux to permissive >> solved the problem. >> >> Regards Thomas >> >> 2016-09-08 11:07 GMT+02:00 Adam Ruzicka <[email protected]>: >> >>> Hello, >>> it might be a SELinux issue. Could you check /var/log/audit/audit.log >>> for lines containing the port number? If it is a SELinux issue you should >>> see something like this there >>> >>> type=AVC msg=audit(1473324981.209:1007): avc: denied { name_connect } >>> for pid=4380 comm="diagnostic_con*" dest=4243 >>> scontext=system_u:system_r:passenger_t:s0 >>> tcontext=system_u:object_r:unreserved_port_t:s0 >>> tclass=tcp_socket >>> >>> >>> Adam >>> >>> On Thu, Sep 8, 2016 at 10:43 AM, Thomas Bendler < >>> [email protected]> wrote: >>> >>>> Hi @all, >>>> >>>> I try to setup the docker plugin on foreman but didn't get it up and >>>> running so far. I have two CentOS 7 boxes, one running foreman and one >>>> running docker. I've modified the docker sysconfig file to start docker >>>> with the remote API: >>>> >>>> [email protected] ~$ curl -XGET http://localhost:4243/version >>>> >>>> {"Version":"1.10.3","ApiVersion":"1.22","GitCommit":"d381c64 >>>> -unsupported","GoVersion":"go1.6.3","Os":"linux","Arch":"amd >>>> 64","KernelVersion":"3.10.0-327.28.2.el7.x86_64","BuildTime" >>>> :"2016-08-04T13:21:17.566257784+00:00","PkgVersion":"docker- >>>> common-1.10.3-46.el7.centos.10.x86_64"} >>>> >>>> [email protected] ~$ >>>> >>>> [...] >>>> >>>> [email protected] ~$ curl -XGET http://docker1.domain.local:42 >>>> 43/version >>>> >>>> {"Version":"1.10.3","ApiVersion":"1.22","GitCommit":"d381c64 >>>> -unsupported","GoVersion":"go1.6.3","Os":"linux","Arch":"amd >>>> 64","KernelVersion":"3.10.0-327.28.2.el7.x86_64","BuildTime" >>>> :"2016-08-04T13:21:17.566257784+00:00","PkgVersion":"docker- >>>> common-1.10.3-46.el7.centos.10.x86_64"} >>>> >>>> [email protected] ~$ >>>> >>>> It work from the docker host and the foreman host, so far so good. >>>> Checking if additional operations work looks also good: >>>> >>>> [email protected] ~$ curl -XPOST http://docker1.domain.local:42 >>>> 43/images/create?fromImage=centos:7 >>>> >>>> {"status":"Trying to pull repository docker.io/library/centos ... "} >>>> >>>> {"status":"Pulling from docker.io/library/centos","id":"7"} >>>> >>>> {"status":"Pulling fs layer","progressDetail":{},"id":"8d30e94188e7"} >>>> >>>> {"status":"Downloading","progressDetail":{"current":526329," >>>> total":70591526},"progress":"[\u003e >>>> ] 526.3 kB/70.59 MB","id":"8d30e94188e7"} >>>> >>>> [...] >>>> >>>> {"status":"Extracting","progressDetail":{"current":70591526, >>>> "total":70591526},"progress":"[==================================================\u003e] >>>> 70.59 MB/70.59 MB","id":"8d30e94188e7"} >>>> >>>> {"status":"Pull complete","progressDetail":{},"id":"8d30e94188e7"} >>>> >>>> {"status":"Pull complete","progressDetail":{},"id":"8d30e94188e7"} >>>> >>>> {"status":"Digest: sha256:2ae0d2c881c7123870114fb >>>> 9cc7afabd1e31f9888dac8286884f6cf59373ed9b"} >>>> >>>> {"status":"Status: Downloaded newer image for docker.io/centos:7"} >>>> >>>> [email protected] ~$ >>>> >>>> But when I create the compute resource in foreman (without >>>> user/password/email), I get: >>>> >>>> Permission denied - connect(2) for 192.168.XXX.XXX:4243 (Errno::EACCES) >>>> >>>> If I use my Docker Hub credentials for user/password/email, I got the >>>> same error: >>>> >>>> Permission denied - connect(2) for 192.168.XXX.XXX:4243 (Errno::EACCES) >>>> >>>> Anyone any idea how can fix this? >>>> >>>> Regards Thomas >>>> -- >>>> Linux ... enjoy the ride! >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Foreman users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To post to this group, send email to [email protected]. >>>> Visit this group at https://groups.google.com/group/foreman-users. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Foreman users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To post to this group, send email to [email protected]. >>> Visit this group at https://groups.google.com/group/foreman-users. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> >> >> -- >> Linux ... enjoy the ride! >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Foreman users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> Visit this group at https://groups.google.com/group/foreman-users. >> For more options, visit https://groups.google.com/d/optout. >> > > -- > You received this message because you are subscribed to the Google Groups > "Foreman users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/foreman-users. > For more options, visit https://groups.google.com/d/optout. > -- Linux ... enjoy the ride! -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
