Re: iscsi.service: Unit cannot be reloaded because it is inactive.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks.
The problem was that I forgot to open port 3260/tcp on my node1 and node2. I opened that port on my nodes and result is:

Full List of Resources:
    * Resource Group: apache:
    * httpd_fs    (ocf::heartbeat:Filesystem):     Started
    * httpd_vip    (ocf::heartbeat:IPaddr2):        Started
    * httpd_ser    (ocf::heartbeat:apache):        Started






On Wednesday, April 7, 2021, 08:50:33 PM GMT+4:30, Zdenek Pytela <zpytela@xxxxxxxxxx> wrote: 







On Wed, Apr 7, 2021 at 5:39 PM Jason Long <hack3rcon@xxxxxxxxx> wrote:
> Thank you.
> I'm using Fedora Server 33 and the output of your command is:
> 
> # ausearch -i -m avc,user_avc,selinux_err,user_selinux_err -ts today
> ----
> type=AVC msg=audit(04/07/2021 20:00:30.231:144) : avc:  denied  { name_bind } for  pid=693 comm=unbound-anchor src=61000 scontext=system_u:system_r:named_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=udp_socket permissive=0 
This should be fixed soon:
https://bugzilla.redhat.com/show_bug.cgi?id=1935101

>  
> 
> 
> 
> 
> 
> 
> 
> On Tuesday, April 6, 2021, 02:37:59 PM GMT+4:30, Zdenek Pytela <zpytela@xxxxxxxxxx> wrote: 
> 
> 
> 
> 
> 
> 
> 
> On Sun, Apr 4, 2021 at 12:56 PM Jason Long <hack3rcon@xxxxxxxxx> wrote:
>> Hello,
>> I'm using Fedora Server as an iSCSI Shared Storage. When I rebooted my server then the "iscsi.service" couldn't load:
>> 
>> [root@node3 ~]# systemctl status iscsi.service 
>> ● iscsi.service - Login and scanning of iSCSI devices
>>      Loaded: loaded (/usr/lib/systemd/system/iscsi.service; enabled; vendor preset: enabled)
>>      Active: inactive (dead)
>>   Condition: start condition failed at Sat 2021-04-03 18:49:08 +0430; 2s ago
>>              └─ ConditionDirectoryNotEmpty=/var/lib/iscsi/nodes was not met
>>        Docs: man:iscsiadm(8)
>>              man:iscsid(8)
>> 
>> 
>> 
>> 
>> Apr 03 18:39:17 node3.localhost.localdomain systemd[1]: Condition check resulted in Login and scanning of iSCSI devices being skipped.
>> Apr 03 18:39:17 node3.localhost.localdomain systemd[1]: iscsi.service: Unit cannot be reloaded because it is inactive.
>> Apr 03 18:39:17 node3.localhost.localdomain systemd[1]: iscsi.service: Unit cannot be reloaded because it is inactive.
>> Apr 03 18:49:08 node3.localhost.localdomain systemd[1]: Condition check resulted in Login and scanning of iSCSI devices being skipped.
>> 
>> 
>> SELinux is enabled on my Fedora Server:
>> 
>> # sestatus 
>> SELinux status:                 enabled
>> SELinuxfs mount:                /sys/fs/selinux
>> SELinux root directory:         /etc/selinux
>> Loaded policy name:             targeted
>> Current mode:                   enforcing
>> Mode from config file:          enforcing
>> Policy MLS status:              enabled
>> Policy deny_unknown status:     allowed
>> Memory protection checking:     actual (secure)
>> Max kernel policy version:      33
>> 
>> [root@node3 ~]# ps -eZ | grep iscsid_t
>> [root@node3 ~]# 
>> 
>> And when I looked at the log, then I saw below errors:
>> 
>> # dmesg -H -l err
>> [Apr 4 15:05] [drm:vmw_host_log [vmwgfx]] *ERROR* Failed to send host log message.
>> [  +0.000009] [drm:vmw_host_log [vmwgfx]] *ERROR* Failed to send host log message.
>> [  +9.037994] dev[000000004a7f146c]: Unable to change SE Device alua_support: alua_support has fixed value
>> [  +0.000014] dev[000000004a7f146c]: Unable to change SE Device alua_support: alua_support has fixed value
>> [  +0.000798] dev[000000004a7f146c]: Unable to change SE Device pgr_support: pgr_support has fixed value
>> [  +0.000004] dev[000000004a7f146c]: Unable to change SE Device pgr_support: pgr_support has fixed value
>> 
>> How can I configure SELinux for an iSCSI Shared Storage?
> Hi,
> 
> Do you have any indication it was SELinux blocking some access? Can you look for AVCs in the audit log? Which Fedora version it is?
> 
>   # ausearch -i -m avc,user_avc,selinux_err,user_selinux_err -ts today
> 
> 
>>  
>> Thank you.
>> 
>> _______________________________________________
>> selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
>> To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
>> Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
>> 
> 
> 
> -- 
> 
> Zdenek Pytela
> Security SELinux team
> 
> 
> _______________________________________________
> selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
> Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
> 
> 


-- 

Zdenek Pytela
Security SELinux team

_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux