<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 05/06/2014 09:01 PM, Roman Sokolkov
wrote:<br>
</div>
<blockquote
cite="mid:CADGJUjyF98=cxUhxR0Nb0NMb9Do=TafqdSWuUyzHmRAWW3CMTA@mail.gmail.com"
type="cite">
<div dir="ltr">Tizy,
<div><br>
</div>
<div>Selinux is disabled on all nodes under Fuel.</div>
<div><br>
</div>
<blockquote style="margin:0 0 0 40px;border:none;padding:0px">
<div><a moz-do-not-send="true"
href="https://github.com/stackforge/fuel-library/blob/stable/4.0/deployment/puppet/cobbler/templates/kickstart/centos.ks.erb#L32">https://github.com/stackforge/fuel-library/blob/stable/4.0/deployment/puppet/cobbler/templates/kickstart/centos.ks.erb#L32</a></div>
</blockquote>
<div><br>
</div>
<div>You could check it by "getenforce" command. It should
report "Disabled".</div>
<div><br>
</div>
<div>So you could simply pass all steps related to Selinux.</div>
<div><br>
</div>
<div>Thank you.</div>
</div>
</blockquote>
Yeah, you don't need to deal with SELinux if SELinux is disabled.<br>
<br>
<br>
<blockquote
cite="mid:CADGJUjyF98=cxUhxR0Nb0NMb9Do=TafqdSWuUyzHmRAWW3CMTA@mail.gmail.com"
type="cite">
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Tue, May 6, 2014 at 12:51 AM, Tizy
Ninan <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:tizy.elza@gmail.com" target="_blank">tizy.elza@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hi
<div><br>
</div>
<div><span
style="font-family:arial,sans-serif;font-size:13px">We
are trying to integrate the openstack setup with the
Microsoft Active Directory(LDAP server).</span><br
style="font-family:arial,sans-serif;font-size:13px">
<br style="font-family:arial,sans-serif;font-size:13px">
<span
style="font-family:arial,sans-serif;font-size:13px">As
per openstack documentation, </span><a
moz-do-not-send="true"
href="http://docs.openstack.org/admin-guide-cloud/content/configuring-keystone-for-ldap-backend.html"
style="font-family:arial,sans-serif;font-size:13px"
target="_blank">http://docs.openstack.org/admin-guide-cloud/content/configuring-keystone-for-ldap-backend.html</a><span
style="font-family:arial,sans-serif;font-size:13px"> in
order to integrate with an LDAP server, an SELinux
Boolean variable ‘authlogin_nsswitch_use_ldap’ needs
to be set. We tried setting the variable using the
following command.</span><br
style="font-family:arial,sans-serif;font-size:13px">
<span
style="font-family:arial,sans-serif;font-size:13px">$
setsebool –P authlogin_nsswitch_use_ldap 1</span><br
style="font-family:arial,sans-serif;font-size:13px">
<span
style="font-family:arial,sans-serif;font-size:13px">It
returned a message stating SElinux is disabled. We
changed the status of SElinux to permissive mode and
tried setting the boolean variable, but it returned a
message stating ‘record not found in the database’.</span><br
style="font-family:arial,sans-serif;font-size:13px">
<br style="font-family:arial,sans-serif;font-size:13px">
<span
style="font-family:arial,sans-serif;font-size:13px">We
also tried retrieving all the boolean variables by
using the following command</span><br
style="font-family:arial,sans-serif;font-size:13px">
<span
style="font-family:arial,sans-serif;font-size:13px">$getsebool
–a</span><br
style="font-family:arial,sans-serif;font-size:13px">
<span
style="font-family:arial,sans-serif;font-size:13px">It
listed out all the boolean variables, but there was no
variable named ‘authlogin_nsswitch_use_ldap’ in the
list.</span><br
style="font-family:arial,sans-serif;font-size:13px">
<span
style="font-family:arial,sans-serif;font-size:13px">In
order to add the variable we needed semanage. When
executing the ‘semanage’ command it returned ‘command
not found’. To install semanage we tried installing
policycoreutils-python. It showed no package
policycoreutils-python available.</span><br
style="font-family:arial,sans-serif;font-size:13px">
<br style="font-family:arial,sans-serif;font-size:13px">
<span
style="font-family:arial,sans-serif;font-size:13px">We
are using Mirantis Fuel v4.0. We have an openstack
Havana deployment on CentOS 6.4 and nova-network
network service.</span><br
style="font-family:arial,sans-serif;font-size:13px">
<span
style="font-family:arial,sans-serif;font-size:13px">Can
you please help us on why the SELinux boolean variable
(authlogin_nsswitch_use_ldap) is not available. Is it
because the CentOS image provided by the Fuel master
node does not provide the SELinux settings? Is there
any alternative ways to set this boolean variable?</span><br
style="font-family:arial,sans-serif;font-size:13px">
<br style="font-family:arial,sans-serif;font-size:13px">
<span
style="font-family:arial,sans-serif;font-size:13px">Kindly
help us to resolve this issue.</span><br>
</div>
</div>
<br>
_______________________________________________<br>
OpenStack-dev mailing list<br>
<a moz-do-not-send="true"
href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
<a moz-do-not-send="true"
href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev"
target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div dir="ltr">Roman Sokolkov,
<div>Deployment Engineer,</div>
<div>Mirantis, Inc.<br>
Skype rsokolkov,<br>
<a moz-do-not-send="true"
href="mailto:rsokolkov@mirantis.com" target="_blank">rsokolkov@mirantis.com</a><br>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
OpenStack-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a>
<a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a>
</pre>
</blockquote>
<br>
</body>
</html>