Foreman imports packstack-puppet-modules RPM, which do not actually contain all of the puppet code necessary to finish setting up horizon. Namely, it is missing a setsebool that allows httpd to run in ENFORCING mode Fix: add the necessary changes to the foreman installer for proper ENFORCING mode on horizon host
(In reply to Jordan OMara from comment #0) > Foreman imports packstack-puppet-modules RPM, which do not actually contain > all of the puppet code necessary to finish setting up horizon. Namely, it is > missing a setsebool that allows httpd to run in ENFORCING mode > > Fix: add the necessary changes to the foreman installer for proper ENFORCING > mode on horizon host I'm missing some info regarding this fix. 1. Where is this boolean located? (What was added exactly? a file? a line in a file? a package?) 2. Can you provide a URL for the fix commit?
Verified : ruby193-openstack-foreman-installer-0.0.18-2.el6ost.x86_64 [root@virtlab-cloud-13 ~]# getsebool httpd_can_network_connect httpd_can_network_connect --> on && horizon works in ENFORCING mode after policy installation @nir : upstream commit: https://github.com/jsomara/astapor/commit/1de29090a96387a5291c6fef40c248cf321c7a39 uses puppet to manually flip the selinux bool
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1020.html