SELinux context overrides fail for neutron install on metal

Bug #1792050 reported by Jeff Albert on 2018-09-12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Guilherme Steinmuller Pimentel

Bug Description

Non-container hosts on which neutron services are installed fail during neutron installation with an error like the following:

fatal: [host01]: FAILED! => {"changed": false, "failed": true, "msg": "ValueError: File spec /openstack/log/host01-neutron(/.*)? conflicts with equivalency rule '/openstack/log /var/log'; Try adding '/var/log/host01-neutron(/.*)?' instead\n"}

Somewhere earlier in the installation, an SELinux equivalency context rule was set matching /openstack/log with /var/log; that causes this error to arise when the neutron-specific rule conflicts with the equivalency rule.

Manually removing the equivalency rule on the affected hosts after the failure arises allows a successful re-run of the neutron plays.

Mohammed Naser (mnaser) on 2018-09-18
Changed in openstack-ansible:
status: New → Confirmed
importance: Undecided → Medium
assignee: nobody → Guilherme Steinmuller Pimentel (guilhermesp)

Submitter: Zuul
Branch: stable/queens

commit baf17001b8d7afca87907aef47eca4fde4747ca1
Author: Mohammed Naser <email address hidden>
Date: Sun Aug 26 01:21:48 2018 -0400

    Drop SELinux support for CentOS 7

    We do not have a maintainer at the moment for SELinux and hopefully
    we will adopt the upstream openstack-selinux package, but for now
    in order to let deploys in environments where SELinux is set to
    permissive work, we'll have to remove these bits.

    This change can be reverted whenever we have a maintainer that's
    available to do the work required.

    Closes-Bug: 1792050
    Change-Id: I4c7b6a9c0d8ec1458a9396422d047e1327bb4d45
    (cherry picked from commit 084559b8cf7c7fe2b7e6a530e6f6da804d38e056)

tags: added: in-stable-queens
Mohammed Naser (mnaser) wrote :
Changed in openstack-ansible:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers