I've identified that SELinux was preventing Foreman from starting when
using the passenger upstream repo, and replacing mod_passenger with the
EPEL version fixed that.
I'm currently applying a Puppet manifest using the puppet-foreman module,
that simply says:
class { '::foreman':
admin_<settings> => ...
}
Is there any way in this type of installation to also set the Apache
manage_repo to false so that the passenger repo never gets added?
Thanks,
Iain.
On Tuesday, 14 March 2017 10:36:24 UTC, Dominic Cleal wrote:
>
> On 11/03/17 00:28, James Evans wrote:
> > I'm working on some documentation and demos around bootstrapping a
> > Foreman environment from scratch. If I manually install Foreman,
> > following the directions on the web site everything is fine, with
> > selinux in enforcing mode. However, I want to build a Foreman
> > installation via the puppet agent. I've installed the latest
> > puppetserver and puppet-agent AIO on CentOS 7, and then installed the
> > theforeman/foreman puppet module (and dependencies). The puppet run
> > errors out with a can't find SSL certificate error:
> >
> [..]
> >
> > The cert is there, and is valid. Manually trying to start the apache
> > server gives the same error. Changing selinux to permissive mode allows
> > apache to start, and everything seems to be working in my simple vagrant
> > tests. The selinux labels seem to be the same from the working "hand
> > installed" version and the puppet installed version:
>
> The process labels may be different, but hard to say without the AVC log.
>
> > I've looked though the source of the foreman-installer, and I don't see
> > anything that is obviously making changes to selinux. I'd really like to
> > get this working in enforcing mode, and it seems like it should work.
> > Does anyone have any ideas about what might be causing the puppet module
> > to break when used without the installer?
>
> The installer also sets the parameter:
>
> apache::mod::passenger::manage_repo: false
>
> which on EL7 will install the version of Passenger from EPEL7 rather
> than from Phusion. There isn't support in the OS policy for Phusion
> Passenger, so it may be running in the wrong context (httpd_t, not
> passenger_t), bug #17093.
>
> --
> Dominic Cleal
> [email protected] <javascript:>
>
--
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
