FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Build System

 
 
LinkBack Thread Tools
 
Old 04-12-2012, 03:40 PM
Moray Henderson
 
Default newRepo Permission denied: '/mnt/koji/repos'

Is this the right place for questions on local koji installations?

Fresh setup of koji on CentOS 6.2. I've got hub, web and builder all
talking to each other, external repositories defined for the build tag and
build groups set up.

/mnt/koji is an nfs mount with root squashed to uid 48 (apache). I've
tested that I can write to the subdirectories as root and the owner comes
out as apache. The directory looks like

# ll -R koji
koji:
total 16
drwxr-xr-x 2 apache apache 4096 Apr 12 11:13 packages
drwxr-xr-x 3 apache apache 4096 Apr 12 15:20 repos
drwxr-xr-x 2 apache apache 4096 Apr 12 11:13 scratch
drwxr-xr-x 2 apache apache 4096 Apr 12 11:13 work

koji/packages:
total 0

koji/repos:
total 0

koji/scratch:
total 0

koji/work:
total 0

The Koji/ExternalRepoServerBootstrap document says "Wait for the repo to
regenerate, and you should now be able to run a build successfully."
However, Koji-web lists the newRepo task as failed with result "<type
'exceptions.OSError'>: [Errno 13] Permission denied: '/mnt/koji/repos'". On
the builder, kojid.log reports:

2012-04-12 14:20:31,067 [INFO] koji.build: Starting up
2012-04-12 14:20:34,363 [INFO] koji.TaskManager: Attempting to take task
176
2012-04-12 14:20:36,275 [INFO] koji.TaskManager: pids: {176: 17925}
2012-04-12 14:20:36,855 [WARNING] koji.TaskManager: FAULT:
Traceback (most recent call last):
File "/usr/lib/python2.6/site-packages/koji/daemon.py", line 1114, in
runTask
response = (handler.run(),)
File "/usr/lib/python2.6/site-packages/koji/tasks.py", line 146, in run
return self.handler(*self.params,**self.opts)
File "/usr/sbin/kojid", line 2491, in handler
repo_id, event_id = self.session.host.repoInit(tinfo['id'], **kwargs)
File "/usr/lib/python2.6/site-packages/koji/__init__.py", line 1510, in
__call__
return self.__func(self.__name,args,opts)
File "/usr/lib/python2.6/site-packages/koji/__init__.py", line 1760, in
_callMethod
raise err
Fault: <Fault 1: "<type 'exceptions.OSError'>: [Errno 13] Permission
denied: '/mnt/koji/repos'">

2012-04-12 14:20:37,110 [INFO] koji.TaskManager: open task: {'waiting':
None, 'id': 176, 'weight': 0.10000000000000001}


I've looked into the code, but my python is not up to debugging that. It's
not an SELinux problem (I tried permissive mode) and /mnt/koji is mounted
read-write on the builder even though the documentation says that's not
necessary. Can someone point me in the right direction?


Moray.
"To err is human; to purr, feline."


--
buildsys mailing list
buildsys@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/buildsys
 
Old 04-13-2012, 11:19 AM
Andreas Mack
 
Default newRepo Permission denied: '/mnt/koji/repos'

Hey,
just my two cents: It's possible to run the builders completely without NFS. I use "topurl=" instead of "topdir=" in kojid.conf. The URL is *http://kojihub.domain.tld/kojimnt where kojimnt is apache aliased to the /mnt/koji on kojihub. Regen repos has to be run on kojihub in thatcase. It's the only one in the createrepo channel.


As for the NFS problem: Smells so much like Selinux. Maybe on the server-side? Do you use NFS4 ?
HTHAndreas

On Thu, Apr 12, 2012 at 17:40, Moray Henderson <Moray.Henderson@ict-software.org> wrote:


Is this the right place for questions on local koji installations?



Fresh setup of koji on CentOS 6.2. *I've got hub, web and builder all

talking to each other, external repositories defined for the build tag and

build groups set up.



/mnt/koji is an nfs mount with root squashed to uid 48 (apache). *I've

tested that I can write to the subdirectories as root and the owner comes

out as apache. *The directory looks like



*# ll -R koji

*koji:

*total 16

*drwxr-xr-x 2 apache apache 4096 Apr 12 11:13 packages

*drwxr-xr-x 3 apache apache 4096 Apr 12 15:20 repos

*drwxr-xr-x 2 apache apache 4096 Apr 12 11:13 scratch

*drwxr-xr-x 2 apache apache 4096 Apr 12 11:13 work



*koji/packages:

*total 0



*koji/repos:

*total 0



*koji/scratch:

*total 0



*koji/work:

*total 0



The Koji/ExternalRepoServerBootstrap document says "Wait for the repo to

regenerate, and you should now be able to run a build successfully."

However, Koji-web lists the newRepo task as failed with result "<type

'exceptions.OSError'>: [Errno 13] Permission denied: '/mnt/koji/repos'". *On

the builder, kojid.log reports:



*2012-04-12 14:20:31,067 [INFO] koji.build: Starting up

*2012-04-12 14:20:34,363 [INFO] koji.TaskManager: Attempting to take task

176

*2012-04-12 14:20:36,275 [INFO] koji.TaskManager: pids: {176: 17925}

*2012-04-12 14:20:36,855 [WARNING] koji.TaskManager: FAULT:

*Traceback (most recent call last):

* *File "/usr/lib/python2.6/site-packages/koji/daemon.py", line 1114, in

runTask

* * *response = (handler.run(),)

* *File "/usr/lib/python2.6/site-packages/koji/tasks.py", line 146, in run

* * *return self.handler(*self.params,**self.opts)

* *File "/usr/sbin/kojid", line 2491, in handler

* * *repo_id, event_id = self.session.host.repoInit(tinfo['id'], **kwargs)

* *File "/usr/lib/python2.6/site-packages/koji/__init__.py", line 1510, in

__call__

* * *return self.__func(self.__name,args,opts)

* *File "/usr/lib/python2.6/site-packages/koji/__init__.py", line 1760, in

_callMethod

* * *raise err

*Fault: <Fault 1: "<type 'exceptions.OSError'>: [Errno 13] Permission

denied: '/mnt/koji/repos'">



*2012-04-12 14:20:37,110 [INFO] koji.TaskManager: open task: {'waiting':

None, 'id': 176, 'weight': 0.10000000000000001}





I've looked into the code, but my python is not up to debugging that. *It's

not an SELinux problem (I tried permissive mode) and /mnt/koji is mounted

read-write on the builder even though the documentation says that's not

necessary. *Can someone point me in the right direction?





Moray.

"To err is human; to purr, feline."





--

buildsys mailing list

buildsys@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/buildsys

--
buildsys mailing list
buildsys@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/buildsys
 
Old 04-13-2012, 04:25 PM
Moray Henderson
 
Default newRepo Permission denied: '/mnt/koji/repos'

Ah.* Silly me - it was an SELinux problem.* I
was fooled by the fact that the traceback and ‘Permission denied’
error occurred in kojid.log into
thinking that the problem was on the kojid side.* After attempting to
trace the code


*


repo_id,
event_id = self.session.host.repoInit(tinfo['id'], **kwargs)


*


and finding that session doesn’t have a host method or
attribute and repoInit doesn’t exist anywhere in kojid, I searched every
file on both systems for repoInit and found it in /usr/share/koji-hub/kojihub.py -
with corresponding error messages in /var/log/httpd/error_log.*
I also discovered the hub option KojiTraceback = extended,
which helped.


*


The problem code was


*


*
File "/usr/share/koji-hub/kojihub.py", line 2060, in repo_init


***
os.makedirs(repodir)* #should not already exist


*


and after a setenforce 0 on the hub it started to work.* I
was sure I had checked the AVC log, but perhaps that was before I had nfs
working.* Now it shows:


*


[root@kojihub
~] # aureport --avc -ts recent


*


AVC
Report


================================================== ======


#
date time comm subj syscall class permission obj event


================================================== ======


1.
04/13/2012 14:23:36 httpd unconfined_u:system_r:httpd_t:s0 4 dir getattr
system_ubject_r:nfs_t:s0 denied 494


2.
04/13/2012 14:23:36 httpd unconfined_u:system_r:httpd_t:s0 4 dir search
system_ubject_r:nfs_t:s0 denied 493


3.
04/13/2012 14:23:36 httpd unconfined_u:system_r:httpd_t:s0 83 dir write
system_ubject_r:nfs_t:s0 denied 495


4.
04/13/2012 14:23:36 httpd unconfined_u:system_r:httpd_t:s0 83 dir add_name
system_ubject_r:nfs_t:s0 denied 495


5.
04/13/2012 14:23:36 httpd unconfined_u:system_r:httpd_t:s0 83 dir create
unconfined_ubject_r:nfs_t:s0 denied 495


6.
04/13/2012 14:23:36 httpd unconfined_u:system_r:httpd_t:s0 2 file create
unconfined_ubject_r:nfs_t:s0 denied 496


7.
04/13/2012 14:23:36 httpd unconfined_u:system_r:httpd_t:s0 2 file open
system_ubject_r:nfs_t:s0 denied 496


*


Perhaps Koji/ServerHowTo could have a note for beginners that if
the hub’s /mnt/koji is on nfs you need to beat SELinux into submission.*
Unfortunately my current nfs server doesn’t have proper SELinux support.*
I may have to rearrange some disk space.


*


*


Moray.


“To err is human; to purr, feline.”


*








From: Andreas Mack
[mailto:andreas.mack@gmail.com]

Sent: 13 April 2012 12:19

To: Discussion of Fedora build system

Subject: Re: newRepo Permission denied: '/mnt/koji/repos'






*


Hey,




*






just my two cents: It's possible to run the builders
completely without NFS. I use "topurl=" instead of
"topdir=" in kojid.conf. The URL is *http://kojihub.domain.tld/kojimnt
where kojimnt is apache aliased to the /mnt/koji on kojihub. Regen repos has to
be run on kojihub in thatcase. It's the only one in the createrepo channel.






*






As for the NFS problem: Smells so much like Selinux. Maybe
on the server-side? Do you use NFS4 ?






*






HTH






Andreas




On Thu, Apr 12, 2012 at 17:40, Moray Henderson <Moray.Henderson@ict-software.org>
wrote:


Is this the right place for questions on local koji
installations?



Fresh setup of koji on CentOS 6.2. *I've got hub, web and builder all

talking to each other, external repositories defined for the build tag and

build groups set up.



/mnt/koji is an nfs mount with root squashed to uid 48 (apache). *I've

tested that I can write to the subdirectories as root and the owner comes

out as apache. *The directory looks like



*# ll -R koji

*koji:

*total 16

*drwxr-xr-x 2 apache apache 4096 Apr 12 11:13 packages

*drwxr-xr-x 3 apache apache 4096 Apr 12 15:20 repos

*drwxr-xr-x 2 apache apache 4096 Apr 12 11:13 scratch

*drwxr-xr-x 2 apache apache 4096 Apr 12 11:13 work



*koji/packages:

*total 0



*koji/repos:

*total 0



*koji/scratch:

*total 0



*koji/work:

*total 0



The Koji/ExternalRepoServerBootstrap document says "Wait for the repo to

regenerate, and you should now be able to run a build successfully."

However, Koji-web lists the newRepo task as failed with result "<type

'exceptions.OSError'>: [Errno 13] Permission denied:
'/mnt/koji/repos'". *On

the builder, kojid.log reports:



*2012-04-12 14:20:31,067 [INFO] koji.build: Starting up

*2012-04-12 14:20:34,363 [INFO] koji.TaskManager: Attempting to take task

176

*2012-04-12 14:20:36,275 [INFO] koji.TaskManager: pids: {176: 17925}

*2012-04-12 14:20:36,855 [WARNING] koji.TaskManager: FAULT:

*Traceback (most recent call last):

* *File "/usr/lib/python2.6/site-packages/koji/daemon.py",
line 1114, in

runTask

* * *response = (handler.run(),)

* *File "/usr/lib/python2.6/site-packages/koji/tasks.py",
line 146, in run

* * *return self.handler(*self.params,**self.opts)

* *File "/usr/sbin/kojid", line 2491, in handler

* * *repo_id, event_id = self.session.host.repoInit(tinfo['id'],
**kwargs)

* *File "/usr/lib/python2.6/site-packages/koji/__init__.py",
line 1510, in

__call__

* * *return self.__func(self.__name,args,opts)

* *File
"/usr/lib/python2.6/site-packages/koji/__init__.py", line 1760, in

_callMethod

* * *raise err

*Fault: <Fault 1: "<type 'exceptions.OSError'>: [Errno 13]
Permission

denied: '/mnt/koji/repos'">



*2012-04-12 14:20:37,110 [INFO] koji.TaskManager: open task: {'waiting':

None, 'id': 176, 'weight': 0.10000000000000001}





I've looked into the code, but my python is not up to debugging that.
*It's

not an SELinux problem (I tried permissive mode) and /mnt/koji is mounted

read-write on the builder even though the documentation says that's not

necessary. *Can someone point me in the right direction?





Moray.

"To err is human; to purr, feline."





--

buildsys mailing list

buildsys@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/buildsys




*










--
buildsys mailing list
buildsys@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/buildsys
 
Old 04-13-2012, 08:37 PM
Mike McLean
 
Default newRepo Permission denied: '/mnt/koji/repos'

On 04/13/2012 07:19 AM, Andreas Mack wrote:

Hey,

just my two cents: It's possible to run the builders completely without
NFS. I use "topurl=" instead of "topdir=" in kojid.conf. The URL is
http://kojihub.domain.tld/kojimnt where kojimnt is apache aliased to the
/mnt/koji on kojihub. Regen repos has to be run on kojihub in thatcase.
It's the only one in the createrepo channel.


Yeah, createrepo is the only part that strictly requires /mnt/koji on
the builders (and only ro access).


Note that running regen repos "on kojihub" means running a kojid
instance on the same host that kojihub is running on. When I do this
(generally only in test setups) I usually set that kojid instance up to
only be in the createrepo channel.

--
buildsys mailing list
buildsys@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/buildsys
 

Thread Tools




All times are GMT. The time now is 12:38 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org