GIT Update not working?



  • Hi,

    I’m trying to update my fog server to the latest version, using the guide (and video) @ https://wiki.fogproject.org/wiki/index.php?title=Upgrade_to_trunk (kudos for the clear linux noob explanations there!)

    The git pull worked fine the first time, but the install never updated anything.

    Below the output of a second attempt, it seems to end in “Setting up fog password…Failed!

    what could I be doing wrong?

    Currently installed:
    Running Version 1.3.0-RC-22
    SVN Revision: 6016
    
    # ```

  • Moderator

    @Quazz said in GIT Update not working?:

    @Joe-Schmitt It was in permissive for OP and did not work, though :/

    If it was really in permissive mode and still not working, then it’s not an issue with SELinux. That older article on CentOS 7 is incorrect.


  • Senior Developer

    @palloquin alright. I ask because the output of your sestatus command indicates some modifications of other selinux files (e.g. /sys/fs/selinux/deny_unknown and /sys/fs/selinux/mls). In general all that is needed to make SELinux permissive is to run:

    • setenforce 0 to set the runtime selinux enforcement policy
    • Edit /etc/selinux/config to read SELINUX=permissive instead of SELINUX=enforcing

    But since selinux was already disabled, there’s no point in doing this now (your server setup will be fine and everything should work as normal). I do want to point out though to any @Moderators who maintain the wiki that tutorials should not instruct users to disable selinux, but instead set to permissive.



  • @Joe-Schmitt
    Uh, I really don’t know. I suppose I followed some install instruction…

    I suppose I set
    SELINUX=permissive
    and
    setenforce=0

    ?


  • Senior Developer

    @palloquin how did you set SELinux to permissive mode? To repeat, permissive mode will absolutely work if completely set.

    To expand why disabling SELinux is not advised: SELinux works by labeling files on your system. In permissive mode the labeling still takes place, but no policies are actually enforced. But when you disable SELinux that labeling system is shut off. To re-enable SELinux once disabled, it’s going to take some time. You would first have to set SELinux back into permissive mode (NEVER set back into enforced once disabled unless you know SELinux well). Once your kernel boots back into permissive mode, you would need to initiate a full filesystem relabeling which can take some time. Once that finishes you can finally safely enable SELinux.



  • to add to the discussion, it seem to run just fine. just updating failed.


  • Moderator

    @Joe-Schmitt It was in permissive for OP and did not work, though :/


  • Senior Developer

    @Quazz that is incorrect. Permissive mode will absolutely work if configured correctly.


  • Moderator

    @Joe-Schmitt Pretty sure FOG doesn’t work properly in permissive mode on Centos 7 which is why it’s recommended to disabled it as per https://wiki.fogproject.org/wiki/index.php/Installation_on_CentOS_7


  • Senior Developer

    @palloquin selinux should be left permissive. Disabling it is strongly advised against, since it requires a bit of work to properly enable selinux once disabled.



  • Solved it.

    I did:

    SELINUX=disabled
    

    and then rebooted.

    install worked after that, now running:

    Running Version 1.3.4-RC-2
    SVN Revision: 6063
    

    What is the advised way to leave SELinux? disabled? permissive? or enforcing?

    Thanks all!



  • @Wayne-Workman
    Sorry:

    Operating System: CentOS Linux 7 (Core)
    CPE OS Name: cpe:/o:centos:centos:7
    Kernel: Linux 3.10.0-327.36.3.el7.x86_64
    Architecture: x86-64
    

  • Moderator

    @palloquin We still don’t know what distribution of Linux you’re running, we require this information.



  • Hi Quazz, Tom, Wayne,

    I’m just a simple boy from Windows-Country lost in the big Linux-city… all y’all be speaking linux lingo to me hoping I’ll undestand ;)

    @Quazz :

    sed -i 's/SELINUX=permissive/SELINUX=disabled/' /etc/sysconfig/selinux
    sed -i 's/SELINUX=permissive/SELINUX=disabled/' /etc/selinux/config
    

    doesn’t compute:

    [root@localhost bin]# sed -i 's/SELINUX=permissive/SELINUX=disabled/' /etc/sysconfig/selinux
    sed: warning: failed to get security context of /etc/sysconfig/selinux: No data available[root@localhost bin]#
    
    [root@localhost bin]# sed -i 's/SELINUX=permissive/SELINUX=disabled/' /etc/selinux/config
    sed: warning: failed to get security context of /etc/selinux/config: No data available[root@localhost bin]#
    

    next:

    [root@localhost bin]# service iptables stop
    Redirecting to /bin/systemctl stop  iptables.service
    Failed to stop iptables.service: Unit iptables.service not loaded.
    [root@localhost bin]# Failed to stop iptables.service: Unit iptables.service not loaded.
    

    makes sense I guess, I tried to kill that one dead a while ago, I run in a network I trust this machine is not connected to the outside world.


  • Moderator

    Having SELinux in permissive mode doesn’t block or prevent anything. The purpose of permissive mode is for SELinux to throw all the messages that it would if it were enforcing and blocking, but not actually block anything - so you can continue to run your application and tune SELinux.


  • Moderator

    @palloquin said in GIT Update not working?:

    kudos for the clear linux noob explanations there!

    Thank you.

    I need to spend a few weeknights remaking some of these videos so they are (more) current.


  • Senior Developer

    Something isn’t matching properly.

    Unless you setup “permissive” SELinux AFTER trying to install the messages make no sense at all.


  • Moderator

    @palloquin So I’m guessing you’re on Centos 7.

    You will have to disable Selinux for now, there is no working policy made available for it yet.

    sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/sysconfig/selinux
    sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
    service iptables stop
    chkconfig iptables off
    yum -y update && reboot
    

    From https://wiki.fogproject.org/wiki/index.php/Installation_on_CentOS_7

    Although, since it seems you have it set to permissive currently, the following code is probably better

    sed -i 's/SELINUX=permissive/SELINUX=disabled/' /etc/sysconfig/selinux
    sed -i 's/SELINUX=permissive/SELINUX=disabled/' /etc/selinux/config
    service iptables stop
    chkconfig iptables off
    yum -y update && reboot
    

    But I’m not 100% sure.



  • Hey Quazz!

    Results as shown:

    [root@localhost fogproject]# tail bin/error_logs/fog_error_1.3.4-RC-2.log
    php-mcrypt-5.6.30-1.el7.remi.x86_64
    php-mysqlnd-5.6.30-1.el7.remi.x86_64
    php-process-5.6.30-1.el7.remi.x86_64
    tar-1.26-31.el7.x86_64
    tftp-server-5.2-13.el7.x86_64
    unzip-6.0-16.el7.x86_64
    vsftpd-3.0.2-21.el7.x86_64
    wget-1.14-13.el7.x86_64
    xinetd-2.3.15-13.el7.x86_64
    passwd: SELinux denying access due to security policy.
    

    I knew just enough to check the state of SELinux:

    [root@localhost fogproject]# sestatus
    SELinux status:                 enabled
    SELinuxfs mount:                /sys/fs/selinux
    SELinux root directory:         /etc/selinux
    Loaded policy name:             disabled
    Current mode:                   permissive
    Mode from config file:          permissive
    Policy MLS status:              disabled
    Policy deny_unknown status:     denied
    Max kernel policy version:      28
    

  • Moderator

    Linux distribution and version?

    Can you run the output of the following command (start in the folder that you would use git pull in) and paste the results here:

    tail bin/error_logs/fog_error_1.3.4(press tab here)
    

Log in to reply
 

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.