Bug 1202944
Summary: | "glance image-list" fails on F21, causing packstack install to fail | ||
---|---|---|---|
Product: | [Community] RDO | Reporter: | Lars Kellogg-Stedman <lars> |
Component: | openstack-selinux | Assignee: | Lon Hohberger <lhh> |
Status: | CLOSED EOL | QA Contact: | Ofer Blaut <oblaut> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | Juno | CC: | eglynn, fpercoco, joe, srevivo |
Target Milestone: | --- | ||
Target Release: | Kilo | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-05-19 15:54:47 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Lars Kellogg-Stedman
2015-03-17 18:41:39 UTC
Moving under openstack-selinux, this rule should be added there Seeing this on Fedora 22 Server with packstack installing Kilo: type=AVC msg=audit(1439342973.418:343334): avc: denied { name_connect } for pid=15393 comm="glance-api" dest=35357 scontext=system_u:system_r:glance_api_t:s0 tcontext=system_u:object_r:keystone_port_t:s0 tclass=tcp_socket permissive=0 This fixes things without setenforce 0 # setsebool -P glance_api_can_network 1 # /usr/bin/glance --os-tenant-name services --os-username glance --os-password xxxxx --os-region-name soutside --os-auth-url http://xxx:35357/ image-list +----+------+-------------+------------------+------+--------+ | ID | Name | Disk Format | Container Format | Size | Status | +----+------+-------------+------------------+------+--------+ +----+------+-------------+------------------+------+--------+ and when rerunning packstack, the install finishes. xxx.xxx.x.xxx_provision_glance: [ DONE ] Finalizing [ DONE ] **** Installation completed successfully ****** This bug is against a Version which has reached End of Life. If it's still present in supported release (http://releases.openstack.org), please update Version and reopen. |