On 05/06/2014 09:01 PM, Roman Sokolkov wrote:
Tizy,Selinux is disabled on all nodes under Fuel. https://github.com/stackforge/fuel-library/blob/stable/4.0/deployment/puppet/cobbler/templates/kickstart/centos.ks.erb#L32 You could check it by "getenforce" command. It should report "Disabled". So you could simply pass all steps related to Selinux. Thank you.
Yeah, you don't need to deal with SELinux if SELinux is disabled.
On Tue, May 6, 2014 at 12:51 AM, Tizy Ninan <[email protected] <mailto:[email protected]>> wrote:Hi We are trying to integrate the openstack setup with the Microsoft Active Directory(LDAP server). As per openstack documentation, http://docs.openstack.org/admin-guide-cloud/content/configuring-keystone-for-ldap-backend.html in order to integrate with an LDAP server, an SELinux Boolean variable 'authlogin_nsswitch_use_ldap' needs to be set. We tried setting the variable using the following command. $ setsebool --P authlogin_nsswitch_use_ldap 1 It returned a message stating SElinux is disabled. We changed the status of SElinux to permissive mode and tried setting the boolean variable, but it returned a message stating 'record not found in the database'. We also tried retrieving all the boolean variables by using the following command $getsebool --a It listed out all the boolean variables, but there was no variable named 'authlogin_nsswitch_use_ldap' in the list. In order to add the variable we needed semanage. When executing the 'semanage' command it returned 'command not found'. To install semanage we tried installing policycoreutils-python. It showed no package policycoreutils-python available. We are using Mirantis Fuel v4.0. We have an openstack Havana deployment on CentOS 6.4 and nova-network network service. Can you please help us on why the SELinux boolean variable (authlogin_nsswitch_use_ldap) is not available. Is it because the CentOS image provided by the Fuel master node does not provide the SELinux settings? Is there any alternative ways to set this boolean variable? Kindly help us to resolve this issue. _______________________________________________ OpenStack-dev mailing list [email protected] <mailto:[email protected]> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Roman Sokolkov, Deployment Engineer, Mirantis, Inc. Skype rsokolkov, [email protected] <mailto:[email protected]> _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
_______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
