testing/os-autoinst-distri-rocky-migrated
10
0
Fork 0
Code Issues 12 Pull Requests 1 Packages Projects Releases Wiki Activity

FIX: add selinux config for /var/tmp/rocky in _pxe_setup for support_server #149

Merged
tcooper merged 2 commits from support_server_selinux into develop 2023-02-24 17:13:06 +00:00
Conversation 0 Commits 2 Files Changed 1 +4
tcooper commented 2023-02-10 22:03:58 +00:00 (Migrated from github.com)
Copy Link

Description

Current support_server test fails with...

# Test died: command 'rpm --root=/var/tmp/rocky --rebuilddb' failed at rocky/tests/_support_server.pm line 37.

support_server_fail (openQA test)

This pull request will allow _pxe_setup of support_server test to complete successfully.

openQA.rockylinux.org:

  • os-autoinst-distri-rocky: commit: b0a55de

How Has This Been Tested?

In a generic Rocky 9 Vagrant VM...

# replicate issue
[root@rocky9 ~]# cat /etc/rocky-release
Rocky Linux release 9.1 (Blue Onyx)

[root@rocky9 ~]# mkdir -p /var/tmp/rocky

[root@rocky9 ~]# rpm --root=/var/tmp/rocky --rebuilddb
error: cant create transaction lock on /var/tmp/rocky/var/lib/rpm/.rpm.lock (Permission denied)

# resolve issue with selinux content
[root@rocky9 ~]# dnf -y install policycoreutils-python-utils
...<snip>...

[root@rocky9 ~]# ls -ldZ /var/tmp/rocky
drwxr-xr-x. 2 root root unconfined_u:object_r:user_tmp_t:s0 6 Feb 10 21:38 /var/tmp/rocky

[root@rocky9 ~]# semanage fcontext -a -e /var/lib/rpm /var/tmp/rocky

[root@rocky9 ~]# restorecon -vvRF /var/tmp/rocky
Relabeled /var/tmp/rocky from unconfined_u:object_r:user_tmp_t:s0 to system_u:object_r:rpm_var_lib_t:s0

[root@rocky9 ~]# ls -ldZ /var/tmp/rocky
drwxr-xr-x. 5 root root system_u:object_r:rpm_var_lib_t:s0 39 Feb 10 21:42 /var/tmp/rocky

[root@rocky9 ~]# rpm --root=/var/tmp/rocky --rebuilddb

# continued support_server sequence
[root@rocky9 ~]# cd /var/tmp; dnf download rocky-release rocky-repos rocky-gpg-keys
Extra Packages for Enterprise Linux 9 - x86_64                                                     19 kB/s |  21 kB     00:01
(1/3): rocky-gpg-keys-9.1-1.11.el9.noarch.rpm                                                      23 kB/s |  12 kB     00:00
(2/3): rocky-repos-9.1-1.11.el9.noarch.rpm                                                         23 kB/s |  12 kB     00:00
(3/3): rocky-release-9.1-1.11.el9.noarch.rpm                                                       37 kB/s |  22 kB     00:00

[root@rocky9 tmp]# rpm --root=/var/tmp/rocky --nodeps -i /var/tmp/*.rpm
warning: /var/tmp/rocky-gpg-keys-9.1-1.11.el9.noarch.rpm: Header V4 RSA/SHA256 Signature, key ID 350d275d: NOKEY

[root@rocky9 tmp]# rpm --root=/var/tmp/rocky -qa
rocky-gpg-keys-9.1-1.11.el9.noarch
rocky-release-9.1-1.11.el9.noarch
rocky-repos-9.1-1.11.el9.noarch

...<cont>...

How Should This Be Tested?

openqa-cli api -X POST isos ISO=Rocky-9.1-20221214.1-x86_64-dvd.iso ISO_URL=https://dl.rockylinux.org/pub/rocky/9/isos/x86_64/Rocky-9.1-20221214.1-x86_64-dvd.iso ARCH=x86_64 DISTRI=rocky FLAVOR=dvd-iso VERSION=9.1 CURRREL=9 BUILD=20230210-Rocky-9.1-x86_64.0 TEST=support_server

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • Any dependent changes have been merged and published in downstream modules
# Description Current `support_server` test fails with... ``` # Test died: command 'rpm --root=/var/tmp/rocky --rebuilddb' failed at rocky/tests/_support_server.pm line 37. ``` ![support_server_fail](https://user-images.githubusercontent.com/542846/218205776-388668d8-a508-4d47-8bf0-26d5af7bc24e.png) ([openQA test](https://openqa.rockylinux.org/tests/4195#step/_support_server/23)) This pull request will allow `_pxe_setup` of `support_server` test to complete successfully. ## openQA.rockylinux.org: - os-autoinst-distri-rocky: commit: [b0a55de](https://github.com/rocky-linux/os-autoinst-distri-rocky/commit/b0a55dee102594380b07052c759cc6d635942a74) # How Has This Been Tested? In a generic Rocky 9 Vagrant VM... ```bash # replicate issue [root@rocky9 ~]# cat /etc/rocky-release Rocky Linux release 9.1 (Blue Onyx) [root@rocky9 ~]# mkdir -p /var/tmp/rocky [root@rocky9 ~]# rpm --root=/var/tmp/rocky --rebuilddb error: cant create transaction lock on /var/tmp/rocky/var/lib/rpm/.rpm.lock (Permission denied) # resolve issue with selinux content [root@rocky9 ~]# dnf -y install policycoreutils-python-utils ...<snip>... [root@rocky9 ~]# ls -ldZ /var/tmp/rocky drwxr-xr-x. 2 root root unconfined_u:object_r:user_tmp_t:s0 6 Feb 10 21:38 /var/tmp/rocky [root@rocky9 ~]# semanage fcontext -a -e /var/lib/rpm /var/tmp/rocky [root@rocky9 ~]# restorecon -vvRF /var/tmp/rocky Relabeled /var/tmp/rocky from unconfined_u:object_r:user_tmp_t:s0 to system_u:object_r:rpm_var_lib_t:s0 [root@rocky9 ~]# ls -ldZ /var/tmp/rocky drwxr-xr-x. 5 root root system_u:object_r:rpm_var_lib_t:s0 39 Feb 10 21:42 /var/tmp/rocky [root@rocky9 ~]# rpm --root=/var/tmp/rocky --rebuilddb # continued support_server sequence [root@rocky9 ~]# cd /var/tmp; dnf download rocky-release rocky-repos rocky-gpg-keys Extra Packages for Enterprise Linux 9 - x86_64 19 kB/s | 21 kB 00:01 (1/3): rocky-gpg-keys-9.1-1.11.el9.noarch.rpm 23 kB/s | 12 kB 00:00 (2/3): rocky-repos-9.1-1.11.el9.noarch.rpm 23 kB/s | 12 kB 00:00 (3/3): rocky-release-9.1-1.11.el9.noarch.rpm 37 kB/s | 22 kB 00:00 [root@rocky9 tmp]# rpm --root=/var/tmp/rocky --nodeps -i /var/tmp/*.rpm warning: /var/tmp/rocky-gpg-keys-9.1-1.11.el9.noarch.rpm: Header V4 RSA/SHA256 Signature, key ID 350d275d: NOKEY [root@rocky9 tmp]# rpm --root=/var/tmp/rocky -qa rocky-gpg-keys-9.1-1.11.el9.noarch rocky-release-9.1-1.11.el9.noarch rocky-repos-9.1-1.11.el9.noarch ...<cont>... ``` # How Should This Be Tested? ```bash openqa-cli api -X POST isos ISO=Rocky-9.1-20221214.1-x86_64-dvd.iso ISO_URL=https://dl.rockylinux.org/pub/rocky/9/isos/x86_64/Rocky-9.1-20221214.1-x86_64-dvd.iso ARCH=x86_64 DISTRI=rocky FLAVOR=dvd-iso VERSION=9.1 CURRREL=9 BUILD=20230210-Rocky-9.1-x86_64.0 TEST=support_server ``` # Checklist: - [x] My code follows the style guidelines of this project - [x] I have performed a self-review of my own code - [x] I have commented my code, particularly in hard-to-understand areas - [ ] I have made corresponding changes to the documentation - [x] My changes generate no new warnings - [x] Any dependent changes have been merged and published in downstream modules
akatch (Migrated from github.com) reviewed 2023-02-10 22:03:58 +00:00
lumarel (Migrated from github.com) approved these changes 2023-02-23 15:41:21 +00:00
lumarel (Migrated from github.com) left a comment
Copy Link

LGTM from the logical side, I know the process quite well up to now, so I think this should be fine.

LGTM from the logical side, I know the process quite well up to now, so I think this should be fine.
AlanMarshall (Migrated from github.com) approved these changes 2023-02-24 14:59:57 +00:00
AlanMarshall (Migrated from github.com) left a comment
Copy Link

Due to present limitations in my setup, I am unable to test this PR. However, on examining the numerous intricate changes and the test output above, I conclude that if this isn't actually a fix, it will definitely go a long way towards being a fix.
On that basis it should be merged.

Due to present limitations in my setup, I am unable to test this PR. However, on examining the numerous intricate changes and the test output above, I conclude that if this isn't actually a fix, it will definitely go a long way towards being a fix. On that basis it should be merged.
Sign in to join this conversation.
Reviewers
No reviewers
akatch
lumarel
AlanMarshall
Labels
Clear labels   
priority: critical

This issue or pull request is of utmost priority

  
priority: high

This issue or pull request is of high priority

  
priority: low

This issue or pull request is of low priority

  
priority: medium

This issue or pull request is of medium priority

  
status: abandoned

This issue or pull request has been abandoned or is stale

  
status: duplicate

This issue or pull request already exists

  
status: invalid

This doesn't seem right

  
status: peer review needed

Requires at least one review in order to be merged

  
status: wontfix

This will not be worked on

  
tag: content

Additions to (or modifications of) content in the repository

  
tag: good first issue

Good for newcomers

  
tag: help wanted

Extra attention is needed

  
test suite

This issue or pull request is for test suite changes

  
type: bug

Something isn't working

  
type: documentation

Improvements or additions to documentation

  
type: enhancement

New feature or request

  
type: maintenance

To improve or continue maintenance for something

  
type: question

Further information is requested

No Label
priority: critical
priority: high
priority: low
priority: medium
status: abandoned
status: duplicate
status: invalid
status: peer review needed
status: wontfix
tag: content
tag: good first issue
tag: help wanted
test suite
type: bug
type: documentation
type: enhancement
type: maintenance
type: question
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: testing/os-autoinst-distri-rocky-migrated#149
No description provided.
Delete Branch "support_server_selinux"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?