OpenStack-Ansible

SELinux context overrides fail for neutron install on metal

Bug #1792050 reported by Jeff Albert
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack-Ansible
Fix Released
Medium
Guilherme Steinmuller Pimentel

Bug Description

Non-container hosts on which neutron services are installed fail during neutron installation with an error like the following:

fatal: [host01]: FAILED! => {"changed": false, "failed": true, "msg": "ValueError: File spec /openstack/log/host01-neutron(/.*)? conflicts with equivalency rule '/openstack/log /var/log'; Try adding '/var/log/host01-neutron(/.*)?' instead\n"}

Somewhere earlier in the installation, an SELinux equivalency context rule was set matching /openstack/log with /var/log; that causes this error to arise when the neutron-specific rule conflicts with the equivalency rule.

Manually removing the equivalency rule on the affected hosts after the failure arises allows a successful re-run of the neutron plays.

Mohammed Naser (mnaser)
Changed in openstack-ansible:
status: New → Confirmed
importance: Undecided → Medium
assignee: nobody → Guilherme Steinmuller Pimentel (guilhermesp)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible-os_neutron (stable/queens)

Reviewed: https://review.openstack.org/603472
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-os_neutron/commit/?id=baf17001b8d7afca87907aef47eca4fde4747ca1
Submitter: Zuul
Branch: stable/queens

commit baf17001b8d7afca87907aef47eca4fde4747ca1
Author: Mohammed Naser <email address hidden>
Date: Sun Aug 26 01:21:48 2018 -0400

    Drop SELinux support for CentOS 7

    We do not have a maintainer at the moment for SELinux and hopefully
    we will adopt the upstream openstack-selinux package, but for now
    in order to let deploys in environments where SELinux is set to
    permissive work, we'll have to remove these bits.

    This change can be reverted whenever we have a maintainer that's
    available to do the work required.

    Closes-Bug: 1792050
    Change-Id: I4c7b6a9c0d8ec1458a9396422d047e1327bb4d45
    (cherry picked from commit 084559b8cf7c7fe2b7e6a530e6f6da804d38e056)

tags: added: in-stable-queens
Revision history for this message
Mohammed Naser (mnaser) wrote :

resolved in https://review.openstack.org/#/q/I4c7b6a9c0d8ec1458a9396422d047e1327bb4d45

Changed in openstack-ansible:
status: Confirmed → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-os_neutron queens-eol

This issue was fixed in the openstack/openstack-ansible-os_neutron queens-eol release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.