enable selinux enforcing as an option
Bug #1604525 reported by
wes hayutin
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| tripleo |
Triaged
|
Wishlist
|
Unassigned | ||
Bug Description
all quickstart builds and deployments are running w/ permissive.
We should at least have the option to turn selinux on.
Revision history for this message
| Lars Kellogg-Stedman (larsks) wrote | #1 |
Revision history for this message
| Gabriele Cerami (gcerami) wrote | #2 |
| Changed in tripleo-quickstart: | |
| status: | New → Triaged |
| importance: | Undecided → Low |
| importance: | Low → Wishlist |
Revision history for this message
| John Trowbridge (trown) wrote | #3 |
| Changed in tripleo: | |
| status: | New → Triaged |
| importance: | Undecided → Wishlist |
| milestone: | none → pike-2 |
| no longer affects: | tripleo-quickstart |
| tags: | added: quickstart |
Revision history for this message
| Matt Young (halcyondude) wrote | #4 |
| Changed in tripleo: | |
| milestone: | pike-2 → pike-3 |
| Changed in tripleo: | |
| milestone: | pike-3 → pike-rc1 |
| Changed in tripleo: | |
| milestone: | pike-rc1 → queens-1 |
| Changed in tripleo: | |
| milestone: | queens-1 → queens-2 |
| Changed in tripleo: | |
| milestone: | queens-2 → queens-3 |
| Changed in tripleo: | |
| milestone: | queens-3 → queens-rc1 |
| Changed in tripleo: | |
| milestone: | queens-rc1 → rocky-1 |
| Changed in tripleo: | |
| milestone: | rocky-1 → rocky-2 |
| Changed in tripleo: | |
| milestone: | rocky-2 → rocky-3 |
| Changed in tripleo: | |
| milestone: | rocky-3 → rocky-rc1 |
| Changed in tripleo: | |
| milestone: | rocky-rc1 → stein-1 |
| Changed in tripleo: | |
| milestone: | stein-1 → stein-2 |
| Changed in tripleo: | |
| milestone: | stein-2 → stein-3 |
| Changed in tripleo: | |
| milestone: | stein-3 → train-1 |
| Changed in tripleo: | |
| milestone: | train-1 → train-2 |
| Changed in tripleo: | |
| milestone: | train-2 → train-3 |
| Changed in tripleo: | |
| milestone: | train-3 → ussuri-1 |
| Changed in tripleo: | |
| milestone: | ussuri-1 → ussuri-2 |
| Changed in tripleo: | |
| milestone: | ussuri-2 → ussuri-3 |
| Changed in tripleo: | |
| milestone: | ussuri-3 → ussuri-rc3 |
| Changed in tripleo: | |
| milestone: | ussuri-rc3 → victoria-1 |
| Changed in tripleo: | |
| milestone: | victoria-1 → victoria-3 |
To post a comment you must log in.
We're not currently setting the selinux mode explicitly at all during the quickstart run, which means we're consuming whatever the image build process is producing.
While we already have logic in place to modify the undercloud image (making setting the selinux mode on the undercloud relatively easy), we don't (a) run ansible against the overcloud nodes nor (b) perform any customization of the overcloud images.
This means that there will be a fair amount of work involved in setting this one configuration option if we attempt to do this during a quickstart deployment.