Bug 1394860

Summary: Overcloud deployment fails due to selinux in enforcing mode
Product: Red Hat OpenStack Reporter: Chris Dearborn <christopher_dearborn>
Component: rhosp-directorAssignee: Angus Thomas <athomas>
Status: CLOSED WORKSFORME QA Contact: Omri Hochman <ohochman>
Severity: high Docs Contact:
Priority: unspecified    
Version: 10.0 (Newton)CC: arkady_kanevsky, cdevine, christopher_dearborn, dbecker, dcain, John_walsh, kasmith, kurt_hey, mburns, morazi, randy_perryman, rhel-osp-director-maint, smerrow, sreichar
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-16 18:19:08 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1335596, 1356451    
Attachments:
Description Flags
Overcloud node console, failed PXE boot none

Description Chris Dearborn 2016-11-14 15:24:29 UTC 
Created attachment 1220468 [details]
Overcloud node console, failed PXE boot

Description of problem:
In OSP 10, the overcloud deployment fails where every overcloud node fails to PXE boot with an error like:

pxelinux.cfg/24-6e-96-11-87-c4... Operation not permitted (http://ipxe.org/410c613c)

Version-Release number of selected component (if applicable):
OSP10, 10/31 puddle

How reproducible:
With SELINUX in enforcing mode on the director node, attempt an overcloud deployment.

Steps to Reproduce:
1. Install and configure director setting SELINUX to enforcing.
2. Attempt and overcloud deployment.
3. Note the error above on the console of every overcloud node.

Actual results:
Overcloud fails to deploy.

Expected results:
Overcloud should deploy.

Additional info:
- Setting SELINUX on the director node to permissive resolved the problem.
- With a browser, you can navigate to the following URL successfully:
    http://<ip_of_director>:8088/pxelinux.cfg/
  however, the directory shows as empty
- Navigating to /httpboot/pxelinux.cfg in a shell on the director node and doing an "ls" shows symlinks to the correct PXE configuration for each node
- See attached for an example of the error.
Comment 1 Chris Dearborn 2016-11-16 18:18:35 UTC 
I've verified that this issue has been fixed in the 11/14 puddle.  Closing.