fuel-dev team mailing list archive

Thread
Date

Re: [openstack-dev] Fuel

To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev@xxxxxxxxxxxxxxxxxxx>, "fuel-dev@xxxxxxxxxxxxxxxxxxx" <fuel-dev@xxxxxxxxxxxxxxxxxxx>
From: Roman Sokolkov <rsokolkov@xxxxxxxxxxxx>
Date: Tue, 6 May 2014 20:01:34 -0500
In-reply-to: <CAF_eEGR=T1+Z9YrqRRBn22sSCF2LFc3cW_VoB=EVGQTyVtreXA@mail.gmail.com>

Tizy,

Selinux is disabled on all nodes under Fuel.

https://github.com/stackforge/fuel-library/blob/stable/4.0/deployment/puppet/cobbler/templates/kickstart/centos.ks.erb#L32


You could check it by "getenforce" command. It should report "Disabled".

So you could simply pass all steps related to Selinux.

Thank you.


On Tue, May 6, 2014 at 12:51 AM, Tizy Ninan <tizy.elza@xxxxxxxxx> wrote:

> Hi
>
> We are trying to integrate the openstack setup with the Microsoft Active
> Directory(LDAP server).
>
> As per openstack documentation,
> http://docs.openstack.org/admin-guide-cloud/content/configuring-keystone-for-ldap-backend.html  in
> order to integrate with an LDAP server, an SELinux Boolean variable
> ‘authlogin_nsswitch_use_ldap’ needs to be set. We tried setting the
> variable using the following command.
> $ setsebool –P authlogin_nsswitch_use_ldap 1
> It returned a message stating SElinux is disabled. We changed the status
> of SElinux to permissive mode and tried setting the boolean variable, but
> it returned a message stating ‘record not found in the database’.
>
> We also tried retrieving all the boolean variables by using the following
> command
> $getsebool –a
> It listed out all the boolean variables, but there was no variable named
> ‘authlogin_nsswitch_use_ldap’ in the list.
> In order to add the variable we needed semanage. When executing the
> ‘semanage’ command it returned ‘command not found’. To install semanage we
> tried installing policycoreutils-python. It showed no package
> policycoreutils-python available.
>
> We are using Mirantis Fuel v4.0. We have an openstack Havana deployment on
> CentOS 6.4 and nova-network network service.
> Can you please help us on why the SELinux boolean variable
> (authlogin_nsswitch_use_ldap) is not available. Is it because the CentOS
> image provided by the Fuel master node  does not provide the SELinux
> settings?  Is there any alternative ways to set this boolean variable?
>
> Kindly help us to resolve this issue.
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev@xxxxxxxxxxxxxxxxxxx
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>


-- 
Roman Sokolkov,
Deployment Engineer,
Mirantis, Inc.
Skype rsokolkov,
rsokolkov@xxxxxxxxxxxx