Bug 1084918

Summary: unable to login to horizon - selinux blocks port 5000
Product: [Community] RDO Reporter: Amit Ugol <augol>
Component: openstack-selinuxAssignee: Ryan Hallisey <rhallise>
Status: CLOSED NOTABUG QA Contact: Ofer Blaut <oblaut>
Severity: high Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: apevec, augol, mgrepl, yeylon
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-10-23 21:48:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Amit Ugol 2014-04-07 08:58:27 UTC 
Description of problem:
cannot login to horizon with any user. port 5000 is inaccessible.
disabling selinux fixes this. re-enabling it will block it again.

Version-Release number of selected component (if applicable):
list of OpenStack packages installed:
http://pastebin.test.redhat.com/201719

list of selinux-policy packages installed:
selinux-policy-3.12.1-151.el7.noarch
selinux-policy-targeted-3.12.1-151.el7.noarch

uname -a:
Linux puma36.scl.lab.tlv.redhat.com 3.10.0-119.el7.x86_64 #1 SMP Thu Apr 3 11:20:15 EDT 2014 x86_64 x86_64 x86_64 GNU/Linux

How reproducible:
always

Steps to Reproduce:
1. provision rhel7, update to latest.
2. install packstack
3. perform all-in-one

Actual results:
cannot log in to horizon

Expected results:
!Actual

Additional info:
Horizon log:
2014-04-07 08:19:56,197 18007 DEBUG openstack_auth.backend Authorization Failed: Unable to establish connection to http://10.35.160.81:5000/v2.0/tokens
2014-04-07 08:19:56,197 18007 WARNING openstack_auth.forms Login failed for user "admin".
Comment 1 Ryan Hallisey 2014-04-21 18:33:34 UTC 
I need /var/log/audit/audit.log to debug and fix this problem
Comment 2 Amit Ugol 2014-06-09 11:13:07 UTC 
must have missed it, but I don't think it is relevant anymore. forthermore the servers I tested with have been reprovisioned many times since.