Ask Your Question
1

RDO Juno horizon install fails when SELinux is disabled

asked 2014-12-02 11:40:08 -0500

patrickt33 gravatar image

updated 2014-12-11 12:22:11 -0500

smaffulli gravatar image

I swear, it's a different error every time I run this thing. Today's funness:

    10.5.0.11_horizon.pp:                             [ ERROR ]      
Applying Puppet manifests                         [ ERROR ]

ERROR : Error appeared during Puppet run: 10.5.0.11_horizon.pp
Error: /Stage[main]/Main/Selboolean[httpd_can_network_connect]: Could not evaluate: Execution of '/usr/sbin/getsebool httpd_can_network_connect' returned 1: /usr/sbin/getsebool:  SELinux is disabled
You will find full trace in log /var/tmp/packstack/20141202-172512-kb6QTF/manifests/10.5.0.11_horizon.pp.log
Please check log file /var/tmp/packstack/20141202-172512-kb6QTF/openstack-setup.log for more information

The content of the logs has no additional info that looks useful to me. openstack-setup.log

    2014-12-02 17:27:09::ERROR::run_setup::966::root:: Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/packstack/installer/run_setup.py", line 961, in main
    _main(options,confFile)
  File "/usr/lib/python2.7/site-packages/packstack/installer/run_setup.py", line 619, in _main
    runSequences()
  File "/usr/lib/python2.7/site-packages/packstack/installer/run_setup.py", line 592, in runSequences
    controller.runAllSequences()
  File "/usr/lib/python2.7/site-packages/packstack/installer/setup_controller.py", line 68, in runAllSequences
    sequence.run(config=self.CONF, messages=self.MESSAGES)
  File "/usr/lib/python2.7/site-packages/packstack/installer/core/sequences.py", line 98, in run
    step.run(config=config, messages=messages)
  File "/usr/lib/python2.7/site-packages/packstack/installer/core/sequences.py", line 38, in run
    self.function(config, messages)
  File "/usr/lib/python2.7/site-packages/packstack/plugins/puppet_950.py", line 242, in apply_puppet_manifest
    wait_for_puppet(currently_running, messages)
  File "/usr/lib/python2.7/site-packages/packstack/plugins/puppet_950.py", line 113, in wait_for_puppet
    validate_logfile(log)
  File "/usr/lib/python2.7/site-packages/packstack/modules/puppet.py", line 95, in validate_logfile
    raise PuppetError(message)
PuppetError: Error appeared during Puppet run: 10.5.0.11_horizon.pp
Error: /Stage[main]/Main/Selboolean[httpd_can_network_connect]: Could not evaluate: Execution of '/usr/sbin/getsebool httpd_can_network_connect' returned 1: /usr/sbin/getsebool:  SELinux is disabled^[[0m

/var/tmp/packstack/20141202-172512-kb6QTF/manifests/10.5.0.11_horizon.pp.log

[1;31mError: /Stage[main]/Main/Selboolean[httpd_can_network_connect]: Could not evaluate: Execution of '/usr/sbin/getsebool httpd_can_network_connect' returned 1: /usr/sbin/getsebool:  SELinux is disabled^[[0m
^[[mNotice: /Stage[main]/Apache::Mod::Wsgi/Apache::Mod[wsgi]/File[wsgi.load]/ensure: defined content as '{md5}e1795e051e7aae1f865fde0d3b86a507'^[[0m
^[[mNotice: /Stage[main]/Apache::Mod::Wsgi/File[wsgi.conf]/ensure: defined content as '{md5}16494ba8ce7c39c430f45071456f018c'^[[0m
^[[mNotice: /Stage[main]/Horizon/File[/etc/openstack-dashboard/local_settings]/content: content changed '{md5}b68095c187be600e44c70f6731d925bf' to '{md5}91618b9779d72efa5c975922d745a4c6'^[[0m
^[[mNotice: /Stage[main]/Horizon::Wsgi::Apache/Apache::Vhost[horizon_vhost]/File[15-horizon_vhost.conf]/ensure: created^[[0m
^[[mNotice: /Stage[main]/Horizon::Wsgi::Apache/File[/etc/httpd/conf.d/openstack-dashboard.conf]/ensure: created^[[0m
^[[mNotice: /Stage[main]/Apache::Service/Service[httpd]: Triggered 'refresh' from 4 events^[[0m
^[[mNotice: Finished catalog run in 2.52 seconds^[[0m

So, I figured I would outsmart. I edited out this section in /usr/share/openstack-puppet/modules/openstack/manifests/horizon.pp

#if str2bool($::selinux) {
  #  selboolean{'httpd_can_network_connect':
  #    value      => on,
  #    persistent => true,
  #  }

But when I look at the generated manifests that run during packstack (/var/tmp/packstack ... (more)

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
3

answered 2014-12-02 11:48:45 -0500

mpetason gravatar image

Set it to permissive, see if it has the same issues. If it is checking for enabled/disabled then at least permissive should return a different error. If the error persists after going permissive try turning it on. See if there is a module for SELinux anywhere as well, it may be trying to install the selinux packages for OpenStack.

https://openstack.redhat.com/SELinux_...

edit flag offensive delete link more

Comments

That worked, but I don't get why. What changed?

patrickt33 gravatar imagepatrickt33 ( 2014-12-02 12:15:29 -0500 )edit

Probably hard coded to check for SELinux and then also install the OpenStack SELinux packages. Look over the RDO docs. You could probably get more feedback on it in RDO on IRC as well.

mpetason gravatar imagempetason ( 2014-12-02 12:36:40 -0500 )edit
0

answered 2014-12-11 01:12:45 -0500

cuggiv gravatar image

Please refer to puppet bug #9054

https://groups.google.com/forum/#!msg/puppet-bugs/pvKZ615lJXI/VERoOAxLqQsJ (https://groups.google.com/forum/#!msg...)

https://github.com/seanmil/puppet/tree/selinux/bug/9054_selboolean_fix (https://github.com/seanmil/puppet/tre...)

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2014-12-02 11:40:08 -0500

Seen: 1,281 times

Last updated: Dec 11 '14