Description of problem: Permissions issue prevents CSS from rendering. Version-Release number of selected component (if applicable): 2014.2-0.4.b3.fc22 How reproducible: Consistent. Steps to Reproduce: 1. Install the openstack-dashboard package and dependencies. 2. Configure the dashboard. 3. Attempt to load the dashboard using a web browser. Actual results: Dashboard renders without CSS. Expected results: Dashboard renders with CSS. Additional info: After enabling debug in the dashboard configuration, the following error appears in the web browser: Exception Type: OSError Exception Value: [Errno 13] Permission denied: '/usr/share/openstack-dashboard/static/scss' Exception Location: /usr/lib64/python2.7/os.py in makedirs, line 157 Changing ownership of the /usr/share/openstack/static tree to apache:apache resolves the issue.
SELinux is preventing /usr/sbin/httpd from open access on the file . ***** Plugin catchall (100. confidence) suggests ************************** If you believe that httpd should be allowed open access on the file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep httpd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:httpd_t:s0 Target Context system_u:object_r:var_log_t:s0 Target Objects [ file ] Source httpd Source Path /usr/sbin/httpd Port <Unknown> Host turing.berg.ol Source RPM Packages httpd-2.4.10-1.fc20.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-188.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name turing.berg.ol Platform Linux turing.berg.ol 3.16.3-200.fc20.x86_64 #1 SMP Wed Sep 17 22:34:21 UTC 2014 x86_64 x86_64 Alert Count 17 First Seen 2014-06-25 12:10:05 CEST Last Seen 2014-10-09 08:32:40 CEST Local ID 0739f667-e91a-4042-8a12-360f7f3506c4 Raw Audit Messages type=AVC msg=audit(1412836360.505:4767): avc: denied { open } for pid=6458 comm="httpd" path="/var/log/horizon/horizon.log" dev="dm-1" ino=4194308 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=0 type=SYSCALL msg=audit(1412836360.505:4767): arch=x86_64 syscall=open success=no exit=EACCES a0=7f5dad2880b0 a1=441 a2=1b6 a3=0 items=0 ppid=6428 pid=6458 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm=httpd exe=/usr/sbin/httpd subj=system_u:system_r:httpd_t:s0 key=(null) Hash: httpd,httpd_t,var_log_t,file,open reporter: setenforce 0 should temporarily fix your issue, does it?
Matthias, 1150902 (and your first response) are talking about /var/log whereas Matt is discussing permissions for /usr/share/openstack-dashboard/static/scss. I'm pretty sure this is a basic permissions problem, not an selinux problem.
This particular issue involves general file permissions, not SELinux permissions. Nothing appears in audit.log about httpd attempting to access this directory structure.
Could you please check, if this is fixed with python-django-horizon-2014.2-1.fc22 ? What did you do to configure the dashboard? In the RDO setup case and when installing via yum install openstack-dashboard, there is no need to write to /usr/share/openstack-dashboard/static/ for httpd.
I have the same issue with openstack-dashboard-2015.1-0.1.b2.el7.centos.noarch after installing with packstack. Changing ownership of the /usr/share/openstack-dashboard/static/dashboard tree to apache:apache resolves the issue.
unfortunately, I wasn't able to reproduce this at all. The question would be: how does this happen? That directory should be read only, no need for the web server to write there at all.
I checked with openstack-dashboard-2015.1-0rc2.el7.centos.noarch and didn't see this problem.
I was able to reproduce. After installation with packstack failed because of missing RPMs I reinstalled and the problem happens again. After restarting httpd - the dashboard looks fine.
*** Bug 1219006 has been marked as a duplicate of this bug. ***
OK, to avoid confusion here: this is about httpd is not restarted after installation via packstack (or another httpd restart required). The error message given by horizon is clearly wrong, as the requested files don't even exist. Speaking of "permission denied" is not correct then.
My comment was for the Kilo release. There is a bug for Kilo: https://bugzilla.redhat.com/show_bug.cgi?id=1219006
This bug is against a version which has reached End of Life. Please reopen if it is still relevant with a latest version: http://releases.openstack.org/