Using Deployment over rsync-ssh on
Red Hat Enterprise Linux with SELinux enabled
This addendum complements:
PDF: FirstSpirit Manual for Administrators
Chapters: 10 Secure deployment via rsync and ssh
Problem:
If SELinux (Security Enhanced Linux) is enabled on Red Hat Enterprise Linux (RHEL) or a comparable Linux system, the deployment task over rsync and ssh started within FirstSpirit to an external webserver fails with exitcode 12. The following error message is shown in firstspirit5/log/fs-server.log:
ERROR 30.04.2014 14:48:14.289 {pID=2722,uID=0,seID=2913} (de.espirit.firstspirit.impl.access.ScriptContextImpl): rsync-ssh-Deployment for project "Testproject":
failed with exitcode 12 for WrapperManager.exec(
rsync -vcrt -e ssh -oBatchMode=yes -oStrictHostKeyChecking=no -l webuser /opt/firstspirit5/web/fs5staging/2722/2913/ webhost:/webpath)
Solution:
Verify if SELinux is enabled on both hosts, the FirstSpirit-Server and the deployment target, the webserver host:
$ sestatus
If it is enabled, disable it:
$ vi /etc/selinux/config
replace
SELINUX=enabled
with
SELINUX=disabled
and
reboot
Explanation:
SELinux cannot decide if rsync is used in client oder server mode. Read http://danwalsh.livejournal.com/61646.html for more details.