[openstack-dev] Fuel

Roman Sokolkov rsokolkov at mirantis.com
Wed May 7 01:01:34 UTC 2014


Tizy,

Selinux is disabled on all nodes under Fuel.

https://github.com/stackforge/fuel-library/blob/stable/4.0/deployment/puppet/cobbler/templates/kickstart/centos.ks.erb#L32


You could check it by "getenforce" command. It should report "Disabled".

So you could simply pass all steps related to Selinux.

Thank you.


On Tue, May 6, 2014 at 12:51 AM, Tizy Ninan <tizy.elza at gmail.com> wrote:

> Hi
>
> We are trying to integrate the openstack setup with the Microsoft Active
> Directory(LDAP server).
>
> As per openstack documentation,
> http://docs.openstack.org/admin-guide-cloud/content/configuring-keystone-for-ldap-backend.html  in
> order to integrate with an LDAP server, an SELinux Boolean variable
> ‘authlogin_nsswitch_use_ldap’ needs to be set. We tried setting the
> variable using the following command.
> $ setsebool –P authlogin_nsswitch_use_ldap 1
> It returned a message stating SElinux is disabled. We changed the status
> of SElinux to permissive mode and tried setting the boolean variable, but
> it returned a message stating ‘record not found in the database’.
>
> We also tried retrieving all the boolean variables by using the following
> command
> $getsebool –a
> It listed out all the boolean variables, but there was no variable named
> ‘authlogin_nsswitch_use_ldap’ in the list.
> In order to add the variable we needed semanage. When executing the
> ‘semanage’ command it returned ‘command not found’. To install semanage we
> tried installing policycoreutils-python. It showed no package
> policycoreutils-python available.
>
> We are using Mirantis Fuel v4.0. We have an openstack Havana deployment on
> CentOS 6.4 and nova-network network service.
> Can you please help us on why the SELinux boolean variable
> (authlogin_nsswitch_use_ldap) is not available. Is it because the CentOS
> image provided by the Fuel master node  does not provide the SELinux
> settings?  Is there any alternative ways to set this boolean variable?
>
> Kindly help us to resolve this issue.
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>


-- 
Roman Sokolkov,
Deployment Engineer,
Mirantis, Inc.
Skype rsokolkov,
rsokolkov at mirantis.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140506/0786c574/attachment.html>


More information about the OpenStack-dev mailing list