Bug 1241422
Summary: | SElinux is set as Enforcing in the Ceph OSD nodes | ||
---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Yogev Rabl <yrabl> |
Component: | rhosp-director | Assignee: | Jiri Stransky <jstransk> |
Status: | CLOSED ERRATA | QA Contact: | Yogev Rabl <yrabl> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | Director | CC: | calfonso, dmacpher, jstransk, mburns, ohochman, rhel-osp-director-maint, rrosa |
Target Milestone: | ga | ||
Target Release: | Director | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | openstack-tripleo-heat-templates-0.8.6-37.el7ost | Doc Type: | Bug Fix |
Doc Text: |
SELinux was set to enforcing mode on Ceph OSD nodes. However, according to official Ceph documentation, SELinux should be set to permissive mode on Ceph OSD nodes. This fix sets SELinux to permissive on Ceph OSD nodes.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2015-08-05 13:58:59 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Yogev Rabl
2015-07-09 08:20:41 UTC
Jiri, Please update this with the latest status. This only impacts OSD nodes, not monitor nodes. WIP patch submitted but needs proper testing to be considered working (not moving to ON_DEV yet). https://review.openstack.org/201259 Submitted a backport and tested deployment with a Ceph node: [root@overcloud-cephstorage-0 ~]# cat /etc/selinux/config | grep '^SELINUX=' SELINUX=permissive [root@overcloud-cephstorage-0 ~]# getenforce Permissive Verified with openstack-tripleo-heat-templates-0.8.6-44.el7ost.noarch : [stack@rhos-compute-node-18 ~]$ nova list +--------------------------------------+-------------------------+--------+------------+-------------+-----------------------+ | ID | Name | Status | Task State | Power State | Networks | +--------------------------------------+-------------------------+--------+------------+-------------+-----------------------+ | 02a0e351-0b6d-4f3c-b589-926d4a9b3eea | overcloud-cephstorage-0 | ACTIVE | - | Running | ctlplane=192.168.0.19 | | 18cf391e-7afb-4b55-a5dc-06b75cfb4876 | overcloud-compute-0 | ACTIVE | - | Running | ctlplane=192.168.0.20 | | a847401a-a030-4266-aca2-e8d1cf2889b6 | overcloud-controller-0 | ACTIVE | - | Running | ctlplane=192.168.0.21 | | 08f04db2-4eeb-4dac-a2ba-4a120c9d2140 | overcloud-controller-1 | ACTIVE | - | Running | ctlplane=192.168.0.22 | | c52d985e-7e06-4952-a572-fee4349fd922 | overcloud-controller-2 | ACTIVE | - | Running | ctlplane=192.168.0.23 | +--------------------------------------+-------------------------+--------+------------+-------------+-----------------------+ [stack@rhos-compute-node-18 ~]$ ssh heat-admin.0.19 Last login: Tue Jul 21 08:32:54 2015 from 192.168.0.1 [heat-admin@overcloud-cephstorage-0 ~]$ [heat-admin@overcloud-cephstorage-0 ~]$ [heat-admin@overcloud-cephstorage-0 ~]$ [heat-admin@overcloud-cephstorage-0 ~]$ getenforce Permissive Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2015:1549 |