| Summary: | Selinux in Enforcing Mode breaks tftpboot | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Francisco Javier Lopez Y Grueber <flg> | ||||
| Component: | rhosp-director | Assignee: | Angus Thomas <athomas> | ||||
| Status: | CLOSED INSUFFICIENT_DATA | QA Contact: | Omri Hochman <ohochman> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 9.0 (Mitaka) | CC: | aschultz, bfournie, dbecker, flg, mburns, morazi, rhel-osp-director-maint | ||||
| Target Milestone: | --- | Flags: | dtantsur:
needinfo?
(flg) |
||||
| Target Release: | --- | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2017-09-25 21:52:01 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Attachments: |
|
||||||
Hi! Is it still a problem? If so, could you try applying similar change to what we had in https://github.com/openstack/instack-undercloud/blob/mitaka-eol/elements/ipxe/post-install.d/86-selinux? Hi, any update on this? Closing this as no response to request in 5 months. |
Created attachment 1225325 [details] Selinux Issue OSPD9: tftpboot Description of problem: We are seing permission denied errors under /tftpboot/pxelinux.cfg Before disabling selinux we saw this: Nov 28 13:52:33 cci06-util01.cloud.internal dnsmasq-tftp[1799]: file /tftpboot/pxelinux.cfg/44454c4c-5400-1054-8046-c6c04f5a3732 not found Nov 28 13:52:33 cci06-util01.cloud.internal dnsmasq-tftp[1799]: cannot access /tftpboot/pxelinux.cfg/01-a0-36-9f-7f-ae-6c: Permission denied Nov 28 13:52:33 cci06-util01.cloud.internal dnsmasq-tftp[1799]: file /tftpboot/pxelinux.cfg/94060224 not found Nov 28 13:52:33 cci06-util01.cloud.internal dnsmasq-tftp[1799]: file /tftpboot/pxelinux.cfg/9406022 not found Nov 28 13:52:33 cci06-util01.cloud.internal dnsmasq-tftp[1799]: file /tftpboot/pxelinux.cfg/940602 not found Nov 28 13:52:33 cci06-util01.cloud.internal dnsmasq-tftp[1799]: file /tftpboot/pxelinux.cfg/94060 not found Nov 28 13:52:33 cci06-util01.cloud.internal dnsmasq-tftp[1799]: file /tftpboot/pxelinux.cfg/9406 not found Nov 28 13:52:33 cci06-util01.cloud.internal dnsmasq-tftp[1799]: file /tftpboot/pxelinux.cfg/940 not found Nov 28 13:52:33 cci06-util01.cloud.internal dnsmasq-tftp[1799]: file /tftpboot/pxelinux.cfg/94 not found Nov 28 13:52:33 cci06-util01.cloud.internal dnsmasq-tftp[1799]: file /tftpboot/pxelinux.cfg/9 not found Nov 28 13:52:33 cci06-util01.cloud.internal dnsmasq-tftp[1799]: file /tftpboot/pxelinux.cfg/default not found Nov 28 14:07:03 cci06-util01.cloud.internal dnsmasq-tftp[1799]: error 0 TFTP Aborted received from 148.6.2.39 Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Delete Failed Stack 2. enable selinux setenforce 1 3. Redeploy stack Actual results: None of the hosts receive an IP Address. The logs show permission denied as shown above Expected results: All selected nodes get an IP. Deployment succeeds. Additional info: After disabling Selinux the deployment still fails as only two of the requested stack nodes are picked up properly. [3 Controllers + 4 Computes are requested] As a side node: This is an already "working" configuration ported to OSPD9. On the ospd8 node we have the same nodes tagged with equal properties. As the attached txt file shows. Even after disabling selinux there is still a remaining "file not found message".