Bug 1396889

Summary: [Doc][rhsc] Enable boolean for Nagios + IPA integration
Product: Red Hat Gluster Storage Reporter: Sweta Anandpara <sanandpa>
Component: doc-Administration_GuideAssignee: Divya <divya>
Status: CLOSED CURRENTRELEASE QA Contact: Sweta Anandpara <sanandpa>
Severity: high Docs Contact:
Priority: unspecified    
Version: rhgs-3.2CC: asriram, divya, lvrabec, mgrepl, mmalik, plautrba, pvrabec, qe-baseos-security, rcyriac, rhinduja, rhs-bugs, rhsc-qe-bugs, rwheeler, sanandpa, sankarshan, shtripat, ssekidde, storage-doc, storage-qa-internal
Target Milestone: ---   
Target Release: RHGS 3.2.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1396886 Environment:
Last Closed: 2017-03-24 10:21:34 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1396886    
Bug Blocks: 1351553    

Description Sweta Anandpara 2016-11-21 05:41:41 UTC 
+++ This bug was initially created as a clone of Bug #1396886 +++

Description of problem:
======================
Was following the steps mentioned in the admin guide to integrate nagios and ldap: https://access.redhat.com/documentation/en-US/Red_Hat_Storage/3.1/html-single/Administration_Guide/index.html#Integrating_LDAP_Authentication_with_Nagios

Tried logging in to Nagios web UI using the login credentials of AD users, but that failed with 500: Internal Server Error. Set the selinx policy to permissive and login to nagios web UI was successful. 

Seeing the below error in audit logs:
type=AVC msg=audit(1479359600.477:65770): avc:  denied  { name_connect } f      or  pid=3714 comm="httpd" dest=389 scontext=system_u:system_r:httpd_t:s0 t      context=system_u:object_r:ldap_port_t:s0 tclass=tcp_socket



Version-Release number of selected component (if applicable):
==============================================================
RHGS 3.2 interim build (3.8.4-5)
selinux-policy-targeted-3.13.1-102.el7_3.4.noarch
selinux-policy-3.13.1-102.el7_3.4.noarch



How reproducible:
=================
2:2


Additional info:
================
[root@dhcp46-239 ~]# rpm -qa | grep gluster
nfs-ganesha-gluster-2.3.1-8.el7rhgs.x86_64
glusterfs-api-3.8.4-5.el7rhgs.x86_64
python-gluster-3.8.4-5.el7rhgs.noarch
glusterfs-client-xlators-3.8.4-5.el7rhgs.x86_64
glusterfs-server-3.8.4-5.el7rhgs.x86_64
glusterfs-ganesha-3.8.4-5.el7rhgs.x86_64
gluster-nagios-common-0.2.4-1.el7rhgs.noarch
glusterfs-devel-3.8.4-5.el7rhgs.x86_64
gluster-nagios-addons-0.2.8-1.el7rhgs.x86_64
glusterfs-libs-3.8.4-5.el7rhgs.x86_64
glusterfs-fuse-3.8.4-5.el7rhgs.x86_64
glusterfs-api-devel-3.8.4-5.el7rhgs.x86_64
glusterfs-rdma-3.8.4-5.el7rhgs.x86_64
glusterfs-3.8.4-5.el7rhgs.x86_64
glusterfs-cli-3.8.4-5.el7rhgs.x86_64
glusterfs-geo-replication-3.8.4-5.el7rhgs.x86_64
glusterfs-debuginfo-3.8.4-4.el7rhgs.x86_64
glusterfs-events-3.8.4-5.el7rhgs.x86_64
[root@dhcp46-239 ~]# 
[root@dhcp46-239 ~]# 
[root@dhcp46-239 ~]# gluster peer status
Number of Peers: 3

Hostname: 10.70.46.240
Uuid: 72c4f894-61f7-433e-a546-4ad2d7f0a176
State: Peer in Cluster (Connected)

Hostname: 10.70.46.242
Uuid: 1e8967ae-51b2-4c27-907e-a22a83107fd0
State: Peer in Cluster (Connected)

Hostname: 10.70.46.218
Uuid: 0dea52e0-8c32-4616-8ef8-16db16120eaa
State: Peer in Cluster (Connected)
[root@dhcp46-239 ~]# 
[root@dhcp46-239 ~]# 
[root@dhcp46-239 ~]#
Comment 2 Sweta Anandpara 2016-11-23 09:12:58 UTC 
Doc URL
=========
https://access.redhat.com/documentation/en-US/Red_Hat_Storage/3.1/html-single/Administration_Guide/index.html#Integrating_LDAP_Authentication_with_Nagios

Section name:
=============
18.5.4. Integrating LDAP Authentication with Nagios

Change required:
===============
Change the existing step5 to step6.
And add whatever is written below as /new/ step5

Enable boolean httpd_can_connect_ldap if not enabled
getsebool httpd_can_connect_ldap
setsebool httpd_can_connect_ldap on
Comment 3 Divya 2017-01-27 07:05:45 UTC 
(In reply to Sweta Anandpara from comment #2)

Sweta,

I have updated the documentation based on Comment 2.

Link to the doc: http://ccs-jenkins.gsslab.brq.redhat.com:8080/job/doc-Red_Hat_Gluster_Storage-3.2-Administration_Guide-branch-BZ-1396889-Nagios_updates/lastSuccessfulBuild/artifact/tmp/en-US/html-single/index.html#Integrating_LDAP_Authentication_with_Nagios

Please review and let me know if the changes are fine.
Comment 4 Sweta Anandpara 2017-02-06 09:05:30 UTC 
Looks good.
Comment 5 Divya 2017-02-07 08:51:59 UTC 
Thanks Sweta, merged and setting the bug ON_QA.


Added a new step to enable the httpd_can_connect_ldap boolean: http://ccs-jenkins.gsslab.brq.redhat.com:8080/job/doc-Red_Hat_Gluster_Storage-3.2-Administration_Guide-branch-master/lastSuccessfulBuild/artifact/tmp/en-US/html-single/index.html#Integrating_LDAP_Authentication_with_Nagios

Please note that this branch does not yet contain all merges for RHGS 3.2.
Comment 6 Sweta Anandpara 2017-03-08 05:54:34 UTC 
Changes look good. Moving this BZ to verified in 3.2.
Comment 7 Rejy M Cyriac 2017-03-24 10:21:34 UTC 
RHGS 3.2.0 GA completed on 23 March 2017