www.cendio.com
Bug 4939 - Support/recommend RHEL7
: Support/recommend RHEL7
Status: CLOSED FIXED
: ThinLinc
Server OS
: 4.1.0
: PC Unknown
: P2 Normal
: 4.3.0
Assigned To:
:
:
: 4313 5239 5243 5249 5283
:
  Show dependency treegraph
 
Reported: 2013-12-12 12:32 by
Modified: 2014-10-29 15:00 (History)
Acceptance Criteria:


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From cendio 2013-12-12 12:32:05
Eventually, we should probably start recommending Red Hat Enterprise Linux 7.
Before that, we need to make sure it works ok. The release date is unknown, but
a public beta has just arrived.
------- Comment #1 From cendio 2013-12-12 13:19:30 -------
Some personal notes from a first installation:

* The installer is confusing, worse than before I think. 

* The default installation gives you a system without any GUI at all. 

* The network does not work by default in VMware. "ifconfig" command is gone.
system-config-network is gone. After fiddling around for a while, I managed to
get the network up with "ifup ens33". 

* rhn_register et al are gone. They were quie user friendly. Now they are
referring to the command line tool "subscription-manager", which is not very
obvious. "subscription-manager register" worked but was not enough. You cannot
install subscription-manager-gui, because you are not registered. Doing
"subscription-manager attach --auto" worked though. 

* SSH is installed and active by default, which is nice. 

* TL package installation works. 

* Automatic installation of LSB packages via tl-setup did not work:

2013-12-12 12:54:04,351: Downloading Packages
2013-12-12 12:54:05,338: Public key for at-3.1.13-12.el7.x86_64.rpm is not
installed
2013-12-12 12:54:36,310: Check Package Signatures
2013-12-12 12:54:36,311: Retrieving key from
file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta
2013-12-12 12:54:36,330: Importing GPG key 0xF21541EB:
 Userid     : "Red Hat, Inc. (beta key 2) <security@redhat.com>"
 Fingerprint: b08b 659e e86a f623 bc90 e8db 938a 80ca f215 41eb
 Package    : redhat-release-everything-7.0-0.6.el7.x86_64 (@anaconda/7.0)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta
2013-12-12 12:54:36,330: Importing GPG key 0x897DA07A:
 Userid     : "Red Hat, Inc. (Beta Test Software) <rawhide@redhat.com>"
 Fingerprint: 17e8 543d 1d4a a5fa a96a 7e9f fd37 2689 897d a07a
 Package    : redhat-release-everything-7.0-0.6.el7.x86_64 (@anaconda/7.0)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta
2013-12-12 12:54:36,330: Retrieving key from
file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
2013-12-12 12:54:36,336: Importing GPG key 0xFD431D51:
 Userid     : "Red Hat, Inc. (release key 2) <security@redhat.com>"
 Fingerprint: 567e 347a d004 4ade 55ba 8a5f 199e 2f91 fd43 1d51
 Package    : redhat-release-everything-7.0-0.6.el7.x86_64 (@anaconda/7.0)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
2013-12-12 12:54:36,336: Importing GPG key 0x2FA658E0:
 Userid     : "Red Hat, Inc. (auxiliary key) <security@redhat.com>"
 Fingerprint: 43a6 e49c 4a38 f4be 9abf 2a53 4568 9c88 2fa6 58e0
 Package    : redhat-release-everything-7.0-0.6.el7.x86_64 (@anaconda/7.0)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
2013-12-12 12:54:36,336:   failed to install packages with reason: Didn't
install any keys

I guess this is because tl-setup cannot confirm the GPG keys. Installing with:

yum install redhat-lsb-core redhat-lsb-desktop

...works, but you have to confirm a lot of keys:


Downloading packages:
varning:
/var/cache/yum/x86_64/7Everything/rhel-7-public-beta-rpms/packages/libX11-common-1.6.0-1.el7.noarch.rpm:
Huvud V3 RSA/SHA256 Signature, nyckel-ID f21541eb: NOKEY
Hämtar nyckel från file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta
Importerar GPG-nyckel 0xF21541EB:
 Användarid   : ”Red Hat, Inc. (beta key 2) <security@redhat.com>”
 Fingeravtryck: b08b 659e e86a f623 bc90 e8db 938a 80ca f215 41eb
 Paket        : redhat-release-everything-7.0-0.6.el7.x86_64 (@anaconda/7.0)
 Från         : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta
Är detta ok [j/N]: j
Importerar GPG-nyckel 0x897DA07A:
 Användarid   : ”Red Hat, Inc. (Beta Test Software) <rawhide@redhat.com>”
 Fingeravtryck: 17e8 543d 1d4a a5fa a96a 7e9f fd37 2689 897d a07a
 Paket        : redhat-release-everything-7.0-0.6.el7.x86_64 (@anaconda/7.0)
 Från         : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta
Är detta ok [j/N]: j
Hämtar nyckel från file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Importerar GPG-nyckel 0xFD431D51:
 Användarid   : ”Red Hat, Inc. (release key 2) <security@redhat.com>”
 Fingeravtryck: 567e 347a d004 4ade 55ba 8a5f 199e 2f91 fd43 1d51
 Paket        : redhat-release-everything-7.0-0.6.el7.x86_64 (@anaconda/7.0)
 Från         : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Är detta ok [j/N]: j
Importerar GPG-nyckel 0x2FA658E0:
 Användarid   : ”Red Hat, Inc. (auxiliary key) <security@redhat.com>”
 Fingeravtryck: 43a6 e49c 4a38 f4be 9abf 2a53 4568 9c88 2fa6 58e0
 Paket        : redhat-release-everything-7.0-0.6.el7.x86_64 (@anaconda/7.0)
 Från         : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Är detta ok [j/N]: j


* Installation of the rest of packages worked fine. 

* SELinux installation failed:
2013-12-12 13:17:09,529: Configuring SELinux...
2013-12-12 13:17:09,560: Output (stderr):
2013-12-12 13:17:09,560:     Could not find the development files for your
SELinux policy.
2013-12-12 13:17:09,560: SELinux configuration failed with error code 1

* The rest of tl-setup was ok.
------- Comment #2 From cendio 2013-12-12 13:54:02 -------
Running TL:

* After a standard installation, vsmagent cannot create any sessions:

2013-12-12 13:18:53 WARNING tl-session: pam_open_session failed: 14 (Cannot
make/remove an entry for the specified session)

Apparently, the solution on bug 4634 did not work. Commenting out pam_loginuid
fixes this problem. 


* By default, no executable profiles cannot be found. 929 packages with X11
stuff can be installed with: yum groupinstall "Server with GUI". After doing
this, the profile "gnome-3" is activated. However, it doesn't work. First, the
screen is blank for several minutes, Then a gray/disabled dialog about
languages is presented. After about 10 minutes, another screen is presented
with "Oh no! Something has gone wrong". The only option is Log Out. 
Lots of errors in /var/log/messages:

...
Dec 12 13:41:02 dhcp-254-197 systemd: Started Modem Manager.
Dec 12 13:41:02 dhcp-254-197 dbus-daemon: dbus[665]: [system] Rejected send
message, 1 matched rules; type="method_call", sender=":1.10" (uid=0 pid=886
comm="/usr/sbin/NetworkManager --no-daemon ")
interface="org.freedesktop.DBus.ObjectManager" member="GetManagedObjects" error
name="(unset)" requested_reply="0" destination=":1.129" (uid=0 pid=16857
comm="/usr/sbin/ModemManager ")
Dec 12 13:41:02 dhcp-254-197 NetworkManager: (NetworkManager:886):
GLib-GIO-WARNING **: Error calling GetManagedObjects() when name owner :1.129
for name org.freedesktop.ModemManager1 came back:
GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: Rejected send message, 1
matched rules; type="method_call", sender=":1.10" (uid=0 pid=886
comm="/usr/sbin/NetworkManager --no-daemon ")
interface="org.freedesktop.DBus.ObjectManager" member="GetManagedObjects" error
name="(unset)" requested_reply="0" destination=":1.129" (uid=0 pid=16857
comm="/usr/sbin/ModemManager ")
Dec 12 13:41:02 dhcp-254-197 ModemManager[16857]: <warn>  Could not acquire the
'org.freedesktop.ModemManager1' service name
Dec 12 13:41:02 dhcp-254-197 ModemManager[16857]: <info>  ModemManager is shut
down
Dec 12 13:41:02 dhcp-254-197 gnome-session[14809]: dconf-CRITICAL: unable to
create directory '/run/user/0/dconf': Åtkomst nekas.  dconf will not work
properly.
Dec 12 13:41:27 dhcp-254-197 gnome-session[14809]: message repeated 106 times:
[dconf-CRITICAL: unable to create directory '/run/user/0/dconf': Åtkomst nekas.
 dconf will not work properly.]
Dec 12 13:41:27 dhcp-254-197 dbus-daemon: dbus[665]: [system] Failed to
activate service 'org.freedesktop.ModemManager1': timed out
Dec 12 13:41:27 dhcp-254-197 dbus[665]: [system] Failed to activate service
'org.freedesktop.ModemManager1': timed out
Dec 12 13:41:30 dhcp-254-197 gnome-session[14809]: dconf-CRITICAL: unable to
create directory '/run/user/0/dconf': Åtkomst nekas.  dconf will not work
properly.
...


* 218 packages of KDE stuff can be installed with: 
yum groupinstall "KDE Plasma Workspaces"

This enables the KDE profile, which actually works, although the initial
session size was very strange.
------- Comment #3 From cendio 2014-08-21 16:17:48 -------
RHEL 7 was released on June 10, 2014.
------- Comment #4 From cendio 2014-08-22 09:50:48 -------
The SELinux policy build environment are missing from a minimal install, making
the SELinux installer fail. Bug 4313 is about handling this case by for example
offering to install the missing package.
------- Comment #5 From cendio 2014-08-27 10:53:25 -------
(In reply to comment #1)
> * By default, no executable profiles cannot be found. 929 packages with X11
> stuff can be installed with: yum groupinstall "Server with GUI". After doing
> this, the profile "gnome-3" is activated. However, it doesn't work. First, the
> screen is blank for several minutes, Then a gray/disabled dialog about
> languages is presented. After about 10 minutes, another screen is presented
> with "Oh no! Something has gone wrong". The only option is Log Out. 
> Lots of errors in /var/log/messages:

Can't reproduce this. I installed the graphical-server-environment group and
both the Gnome and Gnome Classic profiles became available, and works out of
the box.
------- Comment #6 From cendio 2014-08-27 10:56:12 -------
(In reply to comment #2)
> * After a standard installation, vsmagent cannot create any sessions:
> 
> 2013-12-12 13:18:53 WARNING tl-session: pam_open_session failed: 14 (Cannot
> make/remove an entry for the specified session)
> 
> Apparently, the solution on bug 4634 did not work. Commenting out pam_loginuid
> fixes this problem. 

Can't reproduce any longer, so I suppose the solution for 4634 actually worked
after all.
------- Comment #7 From cendio 2014-09-02 16:54:24 -------
Problems with detecting installed KDE found and reported as bug 5239.
------- Comment #8 From cendio 2014-09-09 13:03:04 -------
After quite a bit of testing, I'm confident that there are no major issues
left.

Some notes:


There are no desktop environments installed after the default minimal install.
Gnome, Gnome Classic and KDE are available after installing extra packages.

 - Gnome :: yum groupinstall graphical-server-environment
 - KDE :: yum groupinstall kde-desktop

Additionally, EPEL provides these desktop environments:

 - XFCE :: yum groupinstall xfce-desktop
 - Mate ::  yum groupinstall mate-desktop-environment
 - Cinnamon :: yum install cinnamon


When printing to nearest, a warning shows up in the desktop environment and
this following SELinux AVC shows up in the log:

> type=AVC msg=audit(1409906549.883:6665): avc:  denied  { write } for  pid=54979 comm="python-thinlinc" name="webaccess.hconf" dev="dm-0" ino=102197015 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file
> type=SYSCALL msg=audit(1409906549.883:6665): arch=c000003e syscall=21 success=no exit=-13 a0=1fa2b60 a1=2 a2=7f61620dff88 a3=642e666e6f632f63 items=0 ppid=18452 pid=54979 auid=4294967295 uid=0 gid=7 euid=0 suid=0 fsuid=0 egid=7 sgid=7 fsgid=7 tty=(none) ses=4294967295 comm="python-thinlinc" exe="/usr/bin/python2.7" subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null)

This has been reported as bug 5243.


After installing the SELinux policy development files (bug 4313), the SELinux
install script worked just fine, and I was still able to create sessions for
all of Gnome, KDE, XFCE, Mate and Cinnamon. A few AVC:s showed up in the log
however:

> type=AVC msg=audit(1409813420.522:6429): avc:  denied  { search } for  pid=39328 comm="tl-session" name=".X11-unix" dev="dm-0" ino=67598451 scontext=system_u:system_r:thinlinc_session_t:s0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=dir
> type=SYSCALL msg=audit(1409813420.522:6429): arch=x86_64 syscall=connect success=no exit=EACCES a0=4 a1=7fffec9115b0 a2=13 a3=656572662e67726f items=0 ppid=1629 pid=39328 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=799 comm=tl-session exe=/opt/thinlinc/libexec/tl-session subj=system_u:system_r:thinlinc_session_t:s0 key=(null)

These has been reported as bug 5249 internally as well as to upstream - see the
bug report for details.
------- Comment #9 From cendio 2014-10-07 14:15:44 -------
*** Bug 5264 has been marked as a duplicate of this bug. ***
------- Comment #10 From cendio 2014-10-14 13:57:58 -------
Works as expected, a lot of testing has been performed while testing dependent
bugs for this one.
------- Comment #11 From cendio 2014-10-16 11:18:25 -------
HA functionality becomes disabled upon restart of RHEL7 server, see bug #5311
for the orginal problem.

We need to find a workaround which means that when vsmserver is started,
network needs to be configured and up.

- One workaround is to disable the service NetworkManager
------- Comment #12 From cendio 2014-10-16 13:30:21 -------
(In reply to comment #11)
> HA functionality becomes disabled upon restart of RHEL7 server, see bug #5311
> for the orginal problem.
> 
> We need to find a workaround which means that when vsmserver is started,
> network needs to be configured and up.
> 
> - One workaround is to disable the service NetworkManager

- Create the directory /etc/systemd/system/vsmserver.service.wants containing
  a symlink to /usr/lib/systemd/system/network-online.target.

  Works with NetworkManager enabled / disabled.
------- Comment #13 From cendio 2014-10-16 14:49:21 -------
(In reply to comment #12)
> (In reply to comment #11)
> > HA functionality becomes disabled upon restart of RHEL7 server, see bug #5311
> > for the orginal problem.
> > 
> > We need to find a workaround which means that when vsmserver is started,
> > network needs to be configured and up.
> > 
> > - One workaround is to disable the service NetworkManager
> 
> - Create the directory /etc/systemd/system/vsmserver.service.wants containing
>   a symlink to /usr/lib/systemd/system/network-online.target.
> 
>   Works with NetworkManager enabled / disabled.

Platform specific notes updated with documented workaround in commit 29510.
------- Comment #14 From cendio 2014-10-16 15:15:55 -------
(In reply to comment #13)
> (In reply to comment #12)
> > (In reply to comment #11)
> > > HA functionality becomes disabled upon restart of RHEL7 server, see bug #5311
> > > for the orginal problem.
> > > 
> > > We need to find a workaround which means that when vsmserver is started,
> > > network needs to be configured and up.
> > > 
> > > - One workaround is to disable the service NetworkManager
> > 
> > - Create the directory /etc/systemd/system/vsmserver.service.wants containing
> >   a symlink to /usr/lib/systemd/system/network-online.target.
> > 
> >   Works with NetworkManager enabled / disabled.
> 
> Platform specific notes updated with documented workaround in commit 29510.

Updated www.cendio.se and verified that all is ok.
------- Comment #15 From cendio 2014-10-17 14:57:07 -------
padsp script from pulseaudio-utils is broken which makes sound redirection fail
when connecting to WTS backend.

Upstream bug created:

https://bugzilla.redhat.com/show_bug.cgi?id=1154072

We should probably update our platform specific notes with workaround.
------- Comment #16 From cendio 2014-10-22 11:09:35 -------
(In reply to comment #15)
> padsp script from pulseaudio-utils is broken which makes sound redirection fail
> when connecting to WTS backend.
> 
> Upstream bug created:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1154072
> 
> We should probably update our platform specific notes with workaround.

Platform specific note sent to sales@... so they can update the web pages.
------- Comment #17 From cendio 2014-10-29 15:00:20 -------
(In reply to comment #16)
> (In reply to comment #15)
> > padsp script from pulseaudio-utils is broken which makes sound redirection fail
> > when connecting to WTS backend.
> > 
> > Upstream bug created:
> > 
> > https://bugzilla.redhat.com/show_bug.cgi?id=1154072
> > 
> > We should probably update our platform specific notes with workaround.
> 
> Platform specific note sent to sales@... so they can update the web pages.

Verified update page on www.cendio.com, looks great.