Allow to run docker-puppet.py with SELinux enabled
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
Undecided
|
Mike Fedosin |
Bug Description
docker-puppet.py for keepalived and haproxy fails after specifying --selinux-enabled in /etc/sysconfig/
We can see that the failure is caused by:
"+ /usr/bin/puppet apply --summarize --detailed-
"Error: Could not create resources for managing Puppet's files and directories in sections [:main, :agent, :ssl]: Permission denied - /usr/share/
"Error: Could not prepare for execution: Could not create resources for managing Puppet's files and directories in sections [:main, :agent, :ssl]: Permission denied - /usr/share/
"Permission denied - /usr/share/
We can also notice the following SElinux denials which appear to be related:
># grep denied /var/log/
type=AVC msg=audit(
type=AVC msg=audit(
Changed in tripleo: | |
status: | Confirmed → In Progress |
summary: |
- Allow to deploy containerized overcloud with SELinux + Allow to run docker-puppet.py with SELinux enabled |
Related bug description: https:/ /bugzilla. redhat. com/show_ bug.cgi? id=1657321