On Fri, May 15, 2015 at 03:03:48PM -0500, Jeremy Utley wrote:
Hello all!
Running ovirt 3.5 on CentOS 7 currently, and running into a little
problem. All my nodes are currently showing the ovirtmgmt network as
unsyncronized. When I try to force them to sync, it fails. Looking at the
/var/log/vdsm/supervdsm.log file on one of the nodes, it looks like it has
to do with SELinux. See:
http://pastebin.com/NX7yetVW
Which contains a dump of the supervdsm.log file when I tried to force
syncronization. Judging from what I'm seeing, after VDSM writes the new
network configuration files to /etc/sysconfig/network-scripts/ifcfg-*, it
attempts to run a selinux.restorecon function against those files. Since
we disable SELinux by default on all our servers, this action is failing
with Errno 61 (see lines 66-71 and 86-91 in the above-mentioned pastebin).
Is this normal? Is ovirt expecting to run with SELinux enabled? Or am I
mis-interpreting this log output?
Thanks for any help or advice you can give me!
The log has
..."ignoring restorecon error in case SElinux is disabled"...
meaning that Vdsm decided to allow working with SElinux disabled, but it
is recommended, full-heartedly, that you enable SElinux on your hosts.
For example, the recent qemu flaw
https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/
becomes much limited when SElinux enabled.
http://stopdisablingselinux.com/
And now to your networking question:
Your log excerpt ends with a successful setSafeNetworkConfig, which
means that setupNetwork has succeeded and that Engine knows that. We'd
need to dig deeper to understand why the nets keep being out-of-sync.
Does engine.log has clues?