OpenStack-Ansible

SELinux error: keepalived reading haproxy pid file

Bug #1702123 reported by Major Hayden on 2017-07-03

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack-Ansible	Fix Released	High	Jean-Philippe Evrard

Bug Description

When keepalived tries to read the haproxy PID file, SELinux denies the access. This should be added into the haproxy role.

See original description

Tags:

Major Hayden (rackerhacker) on 2017-07-03

description:

updated

Revision history for this message

Major Hayden (rackerhacker) wrote on 2017-07-03:

PR made for ansible-keepalived -> https://github.com/evrardjp/ansible-keepalived/pull/47

Jean-Philippe Evrard (jean-philippe-evrard) on 2017-07-11

Changed in openstack-ansible:
status:	New → Fix Released
status:	Fix Released → Confirmed
assignee:	Major Hayden (rackerhacker) → Jean-Philippe Evrard (jean-philippe-evrard)
importance:	Undecided → High

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-08-17: Fix proposed to openstack-ansible (master)

Fix proposed to branch: master
Review: https://review.openstack.org/494468

Changed in openstack-ansible:
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-08-17: Fix merged to openstack-ansible (master)

Reviewed: https://review.openstack.org/494468
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible/commit/?id=2bf2d65c4dcd17219187fd12014ae87e346199b7
Submitter: Jenkins
Branch: master

commit 2bf2d65c4dcd17219187fd12014ae87e346199b7
Author: Jean-Philippe Evrard <email address hidden>
Date: Thu Aug 17 10:08:01 2017 +0000

Allow Keepalived to read haproxy pid file

Keepalived, luckily for us, currently ship an example file of
a SELinux rule to read haproxy pid.

We could simply use this available file to compile the selinux
rules.

Change-Id: I8e6d811bca7553d82591a6c96f4316377d0d1829
Fixes-Bug: #1702123

Changed in openstack-ansible:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-08-17: Fix proposed to openstack-ansible (master)

Fix proposed to branch: master
Review: https://review.openstack.org/494610

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-08-17: Fix proposed to openstack-ansible (stable/ocata)

Fix proposed to branch: stable/ocata
Review: https://review.openstack.org/494612

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-08-18: Fix proposed to openstack-ansible (stable/pike)

Fix proposed to branch: stable/pike
Review: https://review.openstack.org/495303

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-08-21: Change abandoned on openstack-ansible (master)

Change abandoned by Major Hayden (<email address hidden>) on branch: master
Review: https://review.openstack.org/494610
Reason: Well nevermind! Someone bumped OSA master to use ansible-keepalived's master branch. ;)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-08-23: Fix merged to openstack-ansible (stable/pike)

Reviewed: https://review.openstack.org/495303
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible/commit/?id=6c8e2b441d677855769975a771cf08784827b6c2
Submitter: Jenkins
Branch: stable/pike

commit 6c8e2b441d677855769975a771cf08784827b6c2
Author: Major Hayden <email address hidden>
Date: Thu Aug 17 10:37:15 2017 -0500

Bump ansible-keepalived to 3.0.3

This applies the changes that were made in the variable change
from I8e6d811bca7553d82591a6c96f4316377d0d1829.

Closes-Bug: 1702123
Change-Id: I8e87a5285afc52ef6ec9169e1a145b8308f78fcf

tags:

added: in-stable-pike

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-08-23: Fix merged to openstack-ansible (stable/ocata)

Reviewed: https://review.openstack.org/494612
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible/commit/?id=25becb3c09e092001b0789b48d86ea53d20f73bb
Submitter: Jenkins
Branch: stable/ocata

commit 25becb3c09e092001b0789b48d86ea53d20f73bb
Author: Major Hayden <email address hidden>
Date: Thu Aug 17 10:38:46 2017 -0500

Allow Keepalived to read haproxy pid file

    This is a combined backport of the master patch to add a SELinux rule
    that allows keepalived to read haproxy's PID file. It also includes
    a bump of ansible-keepalived to 3.0.2.

Closes-Bug: 1702123
Change-Id: I3e206d0f2de663c9612d15444a827baf166af8d9

tags:

added: in-stable-ocata

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-08-28: Fix included in openstack/openstack-ansible 15.1.8

#10

This issue was fixed in the openstack/openstack-ansible 15.1.8 release.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-09-13: Fix included in openstack/openstack-ansible 16.0.0.0rc2

#11

This issue was fixed in the openstack/openstack-ansible 16.0.0.0rc2 release candidate.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.