Description of problem: I tried to install using the instructions at http://openstack.redhat.com/Quickstart on a freshly installed "minimum install" of Fedora 19. The installation failed twice. I disabled selinux, "setenforce 0", and tried again with success. Checking the audit log after the successful completion, I see that most of the denials claim that they're now allowed. This looks like it might be a puppet resource ordering problem. Version-Release number of selected component (if applicable): openstack-packstack-2013.2.1-0.12.dev806.fc20.noarch Actual results: connect: No such file or directory Please make sure that the zfs-fuse daemon is running. internal error: failed to initialize ZFS library connect: No such file or directory Please make sure that the zfs-fuse daemon is running. internal error: failed to initialize ZFS library Error: Could not start Service[openvswitch]: Execution of '/sbin/service openvswitch start' returned 1: Error: /Stage[main]/Vswitch::Ovs/Service[openvswitch]/ensure: change from stopped to running failed: Could not start Service[openvswitch]: Execution of '/sbin/service openvswitch start' returned 1: # audit2allow < /var/log/audit/audit.log #============= glance_api_t ============== #!!!! This avc is allowed in the current policy allow glance_api_t amqp_port_t:tcp_socket name_connect; #============= nagios_t ============== #!!!! This avc is allowed in the current policy allow nagios_t nagios_log_t:dir { read remove_name }; #!!!! This avc is allowed in the current policy allow nagios_t nagios_log_t:file { read write rename unlink }; #============= nrpe_t ============== #!!!! This avc is allowed in the current policy allow nrpe_t proc_t:file { read getattr open }; #!!!! This avc is allowed in the current policy allow nrpe_t var_t:dir read; #============= swift_t ============== allow swift_t file_t:dir { read getattr open }; #!!!! This avc is allowed in the current policy allow swift_t self:tcp_socket accept; #!!!! This avc is allowed in the current policy allow swift_t var_t:dir { write remove_name add_name }; allow swift_t var_t:file { rename read lock create write getattr unlink open };
I'll have to check whether openstack-selinux is correctly installed. If it were, this wouldn't be a packstack bug.
Actually, this isn't a RHOS issue but RDO. Moving it to the right product.
By any chance do you still have installation logs? Please check /var/tmp/packstack/<timestamp>-<hash>/manifests and attach any file named <IP>_<failed-manifest>.pp.log to this bug.
(In reply to Joe Julian from comment #0) > Description of problem: > I tried to install using the instructions at > http://openstack.redhat.com/Quickstart on a freshly installed "minimum > install" of Fedora 19. The installation failed twice. > > I disabled selinux, "setenforce 0", and tried again with success. > > Checking the audit log after the successful completion, I see that most of > the denials claim that they're now allowed. This looks like it might be a > puppet resource ordering problem. > > Version-Release number of selected component (if applicable): > openstack-packstack-2013.2.1-0.12.dev806.fc20.noarch > Hi Julian, The package you're using is targeting Fedora 20. This isn't an issue anymore with Fedora 20 which is the currently supported Fedora version for current RDO. Besides workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1066112 - The issing log file issue for mariadb. Regards, Gilles PS: Note workaround for mariabdb
I gave up and installed by hand.