Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Found the problem. Since i hadn't deployed the server myself, i didn't know that the SELinux preferences weren't changed. They were left to enforcing, when everybody from openstack says that it should be set to permissive. Also, found out that it might not hurt to set the static folder so that the owner is apache. Here's the email i sent out to all my colleagues using the same openstack deployment. It includes bugfix and description of the problem:

Compressor.py, a component of Horizon that, when the user requests a website, dynamically generates html, css and js files, compresses them to make the payload smaller and then sends them back to the user, is blocked by SELinux on the server. That happens because SELinux is set to enforce it’s security policies and thus doesn’t allow compressor.py to generate it’s files. That’s why sometimes we get weirdly formatted sites or not working buttons. Openstack docs recommend setting SELinux to permissive (https://openstack.redhat.com/SELinux_issues). All of the guides online on deploying openstack also suggest doing this.

This may also sometimes be caused because the static directory in our server (the directory, that compressor.py saves files to) has wrong permissions and owners. The owner needs to be set to apache, so that the server has access to those files, as suggested by people who adapted WSGI module for Apache (https://code.google.com/p/modwsgi/wiki/ApplicationIssues#Access_Rights_Of_Apache_User ). Here’s how to change those two things.

# start your openstack controller virtual machine.
$ cd /usr/share/openstack-dashboard
# set all of the right ownerships and permissions
$ sudo chmod -R 755 static
$ sudo chown -R apache:apache static
# check if SELinux is enforcing it's policies
$ sestatus
# ”current mode” should be permissive, if it is enforcing, do
$ vim /etc/sysconfig/selinux
# on line 7 change "enforcing" to "permissive"
# and then restart your machine
$ sudo shutdown -r now
# when the machine has restarted and is running, open
# http://192.168.56.101/dashboard/ in your browser and login
# you should be able to access http://192.168.56.101/dashboard/neo/
# without any OSErrors thrown, or weird formatting

This bugfix may stay unapplied, but then you have to be ready for weird formatting (caused by non-generated css) and if your deployment is running in debug mode, then even full on error messages on compressor.py throwing OSErrors, because it isn’t allowed to generate files.