1941052 – 16.1z3 to 16.1z4 minor update on Director node causing some Selinux issues.

Bug 1941052 - 16.1z3 to 16.1z4 minor update on Director node causing some Selinux issues.

Summary: 16.1z3 to 16.1z4 minor update on Director node causing some Selinux issues.

Keywords:
Status:	CLOSED DUPLICATE of bug 1941412
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-swift-plugin-swift3
Sub Component:
Version:	16.1 (Train)
Hardware:	Unspecified
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	Pete Zaitcev
QA Contact:	Mike Abrams
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-03-19 20:20 UTC by Shravan Kumar Tiwari
Modified:	2021-03-24 15:34 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-03-24 15:34:12 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Shravan Kumar Tiwari 2021-03-19 20:20:55 UTC

A minor update from OSP16.1 z3 -> z4 started and and started on director node.

The "openstack undercloud upgrade" ran fine.

But further commands like  "openstack overcloud image upload --update-existing --image-path /home/stack/images/" and "openstack overcloud node configure $(openstack baremetal node list -c UUID -f value)" are  not working anymore.


Logs from glance/swift it seems like some permissions are missing.



Additional Information:

When did some comparison between an cloud that is in z3 and z4, a difference in selinux contexts on this path observed as shown below:

On a working z3:
===================
 [root@dir001 stack]# ls -lZ /srv/
total 0
drwxr-xr-x. 3 42445 42445 system_u:object_r:container_file_t:s0 16 Jan 15 12:40 node
 [root@dir001 stack]# ls -lZ /srv/node/
total 0
drwxr-xr-x. 7 42445 42445 system_u:object_r:container_file_t:s0 87 Jan  4 15:53 d1
 [root@dir001 stack]# ls -lZ /srv/node/d1/
total 72
drwxr-xr-x.    5 42445 42445 system_u:object_r:container_file_t:s0    39 Jan  4 14:48 accounts
drwxr-xr-x.    2 42445 42445 system_u:object_r:container_file_t:s0     6 Mar 19 09:21 async_pending
drwxr-xr-x.  925 42445 42445 system_u:object_r:container_file_t:s0 16384 Mar 19 09:10 containers
drwxr-xr-x. 1026 42445 42445 system_u:object_r:container_file_t:s0 20480 Feb  5 12:51 objects
drwxr-xr-x.    2 42445 42445 system_u:object_r:container_file_t:s0     6 Mar 19 09:19 tmp

On a broken z4:
======================
[root@dir001 stack]# ls -lZ /srv/
total 0
drwxr-xr-x. 3 42445 42445 system_u:object_r:container_file_t:s0 16 Mar  2 13:46 node
[root@dir001 stack]# ls -lZ /srv/node/
total 0
drwxr-xr-x. 7 42445 42445 system_u:object_r:swift_data_t:s0 87 Mar  2 15:21 d1
[root@dir001 stack]# ls -lZ /srv/node/d1/
total 56
drwxr-xr-x.    5 42445 42445 system_u:object_r:swift_data_t:s0    39 Mar  2 14:06 accounts
drwxr-xr-x.    2 42445 42445 system_u:object_r:swift_data_t:s0     6 Mar 19 11:25 async_pending
drwxr-xr-x.  469 42445 42445 system_u:object_r:swift_data_t:s0  8192 Mar 19 11:23 containers
drwxr-xr-x. 1026 42445 42445 system_u:object_r:swift_data_t:s0 20480 Mar 18 16:20 objects
drwxr-xr-x.    2 42445 42445 system_u:object_r:swift_data_t:s0     6 Mar 19 11:24 tmp


Tried changing selinux to permissive:
=======================================

Just for a test customer placed selinux to permissive mode to have a look if it solves the issue and it does.
So it looks like the upgrade process has broken some of the selinux permissions.

Comment 2 Pete Zaitcev 2021-03-23 14:17:36 UTC

This appears to be a duplicate of bug 1941412, see comment
https://bugzilla.redhat.com/show_bug.cgi?id=1941412#c3

Comment 3 Laura Marsh 2021-03-24 15:34:12 UTC


*** This bug has been marked as a duplicate of bug 1941412 ***

Note You need to log in before you can comment on or make changes to this bug.