<div dir="ltr">Thank you Michael for taking care of this restart and fixing up the new problems that came up :)<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Feb 25, 2017 at 8:54 PM, Michael Scherer <span dir="ltr"><<a href="mailto:mscherer@redhat.com" target="_blank">mscherer@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">Le samedi 25 février 2017 à 16:21 +0100, Michael Scherer a écrit :<br>
> Le samedi 25 février 2017 à 15:45 +0100, Michael Scherer a écrit :<br>
> > Le samedi 25 février 2017 à 14:38 +0100, Michael Scherer a écrit :<br>
> > > Le samedi 25 février 2017 à 14:21 +0100, Michael Scherer a écrit :<br>
> > > > Le vendredi 24 février 2017 à 19:58 +0100, Michael Scherer a écrit :<br>
> > > ><br>
> > > > so the great upgrade has started, and while almost everything went well,<br>
> > > > the host running gerrit/jenkins/etc (<a href="http://myrmicinae.rht.gluster.org" rel="noreferrer" target="_blank">myrmicinae.rht.gluster.org</a>) is<br>
> > > > again taking ages, because "firmware is loading" .<br>
> > > ><br>
> > > > So just to let you know that situation is under control, we just have to<br>
> > > > wait.<br>
> > ><br>
> > > It turn out that I was slightly too optimist, as the server where<br>
> > > builders and fstat are running (haplometrosis.rht) have been<br>
> > > misconfigured since it was starting a interface both as part of a bridge<br>
> > > and outside of a bridge. Of course, this did create a race condition and<br>
> > > sometme it work, sometime it don't.<br>
> > ><br>
> > > And this time, it didn't. So this is now fixed (as I tested to reboot)<br>
> > ><br>
> > > Of course, things wouldn't be fun if something didn't broke, and fstat<br>
> > > is not coming back on the new kernel. As the old kernel is fine, I<br>
> > > suspect something broke during the upgrade of the kernel and it did<br>
> > > create a invalid initrd. I will investigate and report.<br>
> > ><br>
> > ><br>
> > > And if you wonder, yes we are still waiting on myrmicinae to boot.<br>
> ><br>
> > So myrmicinae finally came back.<br>
> ><br>
> > And unsurprisingly, it didn't work as planned.<br>
> ><br>
> > First, it suffered from the same problem with network than haplometrosis<br>
> > (cause I configured the same, using nmcli, who created the same wrong<br>
> > file). The trick was how to restart network for VM without a full<br>
> > restart of the server.<br>
> ><br>
> > Then, gerrit didn't start automatically. This is gonna be fixed once we<br>
> > move it to ansible.<br>
> ><br>
> > Third, after I started manually gerrit, it took a long time to log me<br>
> > (which mean I started to freak out and plan how to debug it), but now, I<br>
> > can connect to the web interface, etc.<br>
> ><br>
> > If anything is broken, please sent emails and/or ping me on internal irc<br>
> > and/or ping nigel<br>
><br>
> So since I had free time and since we still have 890 coverity defects, I<br>
> decided to continue the cleaning I started, and ... found out that<br>
> selinux is in the way and it broke unauthenticated git clone.<br>
><br>
> I am fixing it.<br>
<br>
</div></div># grep 1488035935.129:282 /var/log/audit/audit.log |audit2why<br>
type=AVC msg=audit(1488035935.129:282): avc: denied { getattr } for<br>
pid=3662 comm="git-daemon" path="/review/<a href="http://review.gluster.org/git" rel="noreferrer" target="_blank">review.gluster.<wbr>org/git</a>"<br>
dev="vdb1" ino=8388690<br>
scontext=system_u:system_r:<wbr>git_system_t:s0-s0:c0.c1023<br>
tcontext=unconfined_u:object_<wbr>r:git_user_content_t:s0 tclass=dir<br>
<br>
Was caused by:<br>
The boolean git_system_enable_homedirs was set incorrectly.<br>
Description:<br>
Allow git to system enable homedirs<br>
<br>
Allow access by executing:<br>
# setsebool -P git_system_enable_homedirs 1<br>
<br>
So I just enabled the right boolean, I will defer the proper fix for<br>
later (ie, use a different label for the git repository)<br>
<div class="HOEnZb"><div class="h5"><br>
--<br>
Michael Scherer<br>
Sysadmin, Community Infrastructure and Platform, OSAS<br>
<br>
<br>
</div></div><br>______________________________<wbr>_________________<br>
Gluster-devel mailing list<br>
<a href="mailto:Gluster-devel@gluster.org">Gluster-devel@gluster.org</a><br>
<a href="http://lists.gluster.org/mailman/listinfo/gluster-devel" rel="noreferrer" target="_blank">http://lists.gluster.org/<wbr>mailman/listinfo/gluster-devel</a><br></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">nigelb<br></div></div>
</div>