tripleo

Disabling selinux for the overcloud will disable it on the undercloud

Bug #1874828 reported by Alex Schultz
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
Medium
Alex Schultz
tripleo ussuri-rc1 "tripleo ussuri-rc1"

Bug Description

'overcloud deploy' overrides any change made to the selinux configuration on the undercloud and reverts it to whatever is in the overcloud templates.

Reproducer:

1. deploy undercloud with undercloud_enable_selinux = false in the [DEFAULT] section of undercloud.conf
2. verify selinux is in permissive mode
3. deploy/redeploy the overcloud
4. verify selinux is back to enforcing

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (master)

Fix proposed to branch: master
Review: https://review.opendev.org/722812

Changed in tripleo:
assignee: nobody → Alex Schultz (alex-schultz)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (master)

Reviewed: https://review.opendev.org/722812
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=07106c501e9e6a8db835a260cdd11fe3945115c1
Submitter: Zuul
Branch: master

commit 07106c501e9e6a8db835a260cdd11fe3945115c1
Author: Alex Schultz <email address hidden>
Date: Fri Apr 24 08:54:30 2020 -0600

    Split out selinux management

    Currently if you have selinux enabled on the undercloud but disable it
    for the overcloud, selinux is disabled on the undercloud during the
    deployment. This can be resolved by only managing the selinux setting
    for the deployment target hosts rather than the all.

    Change-Id: I94b81ea0b954cdba7704720a145b752fa58d4308
    Closes-Bug: #1874828

Changed in tripleo:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (stable/train)

Fix proposed to branch: stable/train
Review: https://review.opendev.org/724195

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (stable/train)

Reviewed: https://review.opendev.org/724195
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=0e2426423ad2be736e17bff7406b3854903c32f1
Submitter: Zuul
Branch: stable/train

commit 0e2426423ad2be736e17bff7406b3854903c32f1
Author: Alex Schultz <email address hidden>
Date: Fri Apr 24 08:54:30 2020 -0600

    Split out selinux management

    Currently if you have selinux enabled on the undercloud but disable it
    for the overcloud, selinux is disabled on the undercloud during the
    deployment. This can be resolved by only managing the selinux setting
    for the deployment target hosts rather than the all.

    Change-Id: I94b81ea0b954cdba7704720a145b752fa58d4308
    Closes-Bug: #1874828
    (cherry picked from commit 07106c501e9e6a8db835a260cdd11fe3945115c1)

tags: added: in-stable-train
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-heat-templates 11.4.0

This issue was fixed in the openstack/tripleo-heat-templates 11.4.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.