1399238 – Selinux in Enforcing Mode breaks tftpboot

Bug 1399238 - Selinux in Enforcing Mode breaks tftpboot [NEEDINFO]

Summary: Selinux in Enforcing Mode breaks tftpboot

Keywords:
Status:	CLOSED INSUFFICIENT_DATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	rhosp-director
Sub Component:
Version:	9.0 (Mitaka)
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	Angus Thomas
QA Contact:	Omri Hochman
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-11-28 15:49 UTC by Francisco Javier Lopez Y Grueber
Modified:	2017-09-25 21:52 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-09-25 21:52:01 UTC
Target Upstream Version:
Flags:	dtantsur: needinfo? (flg)

Attachments	(Terms of Use)
Selinux Issue OSPD9: tftpboot (10.09 KB, text/plain) 2016-11-28 15:49 UTC, Francisco Javier Lopez Y Grueber	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Description Francisco Javier Lopez Y Grueber 2016-11-28 15:49:41 UTC

Created attachment 1225325 [details]
Selinux Issue OSPD9: tftpboot

Description of problem:

We are seing permission denied errors under /tftpboot/pxelinux.cfg

Before disabling selinux we saw this: 


Nov 28 13:52:33 cci06-util01.cloud.internal dnsmasq-tftp[1799]: file /tftpboot/pxelinux.cfg/44454c4c-5400-1054-8046-c6c04f5a3732 not found
Nov 28 13:52:33 cci06-util01.cloud.internal dnsmasq-tftp[1799]: cannot access /tftpboot/pxelinux.cfg/01-a0-36-9f-7f-ae-6c: Permission denied
Nov 28 13:52:33 cci06-util01.cloud.internal dnsmasq-tftp[1799]: file /tftpboot/pxelinux.cfg/94060224 not found
Nov 28 13:52:33 cci06-util01.cloud.internal dnsmasq-tftp[1799]: file /tftpboot/pxelinux.cfg/9406022 not found
Nov 28 13:52:33 cci06-util01.cloud.internal dnsmasq-tftp[1799]: file /tftpboot/pxelinux.cfg/940602 not found
Nov 28 13:52:33 cci06-util01.cloud.internal dnsmasq-tftp[1799]: file /tftpboot/pxelinux.cfg/94060 not found
Nov 28 13:52:33 cci06-util01.cloud.internal dnsmasq-tftp[1799]: file /tftpboot/pxelinux.cfg/9406 not found
Nov 28 13:52:33 cci06-util01.cloud.internal dnsmasq-tftp[1799]: file /tftpboot/pxelinux.cfg/940 not found
Nov 28 13:52:33 cci06-util01.cloud.internal dnsmasq-tftp[1799]: file /tftpboot/pxelinux.cfg/94 not found
Nov 28 13:52:33 cci06-util01.cloud.internal dnsmasq-tftp[1799]: file /tftpboot/pxelinux.cfg/9 not found
Nov 28 13:52:33 cci06-util01.cloud.internal dnsmasq-tftp[1799]: file /tftpboot/pxelinux.cfg/default not found
Nov 28 14:07:03 cci06-util01.cloud.internal dnsmasq-tftp[1799]: error 0 TFTP Aborted received from 148.6.2.39

Version-Release number of selected component (if applicable):


How reproducible:

Always

Steps to Reproduce:
1. Delete Failed Stack
2. enable selinux 

setenforce 1 

3. Redeploy stack

Actual results:

None of the hosts receive an IP Address. The logs show permission denied as shown above 

Expected results:

All selected nodes get an IP. Deployment succeeds. 

Additional info:

After disabling Selinux the deployment still fails as only two of the requested stack nodes are picked up properly. [3 Controllers + 4 Computes are requested]

As a side node:

This is an already "working" configuration ported to OSPD9. On the ospd8 node we have the same nodes tagged with equal properties. 

As the attached txt file shows. Even after disabling selinux there is still a remaining "file not found message".

Comment 1 Dmitry Tantsur 2017-05-09 10:42:58 UTC

Hi! Is it still a problem? If so, could you try applying similar change to what we had in https://github.com/openstack/instack-undercloud/blob/mitaka-eol/elements/ipxe/post-install.d/86-selinux?

Comment 2 Bob Fournier 2017-08-26 00:48:14 UTC

Hi, any update on this?

Comment 3 Bob Fournier 2017-09-25 21:52:01 UTC

Closing this as no response to request in 5 months.

Note You need to log in before you can comment on or make changes to this bug.