I managed to dig,dig dig and have finally resolved issue #1 without
reinstall
steps
1. put host in maintenance mode
2, log in to host and:
2a. mount -o,rw,remount /run/initramfs/live
2b. edit /run/initramfs/live/grub2/grub.cfg and add selinux=0 to the
end of the kernel line (starts with "linux /vmlinuz0"
2c. reboot the host
3. log in and try "getenforce" - selinux says disabled.
4. I tried to "Activate" the host and the manager returned
"non-operational", so I had to remove and re-add the host.
Manager version: 3.3.3-2.fc19 and iso ovirt-node-iso-3.0.3-1.1.vdsm.fc19.iso
On Wed, Feb 19, 2014 at 12:14 PM, David Smith <dsmith(a)mypchelp.com> wrote:
side note ,reinstalling the nodes to resolve the selinux issue
really
isn't a great proposition, its time consuming, an after-the-fact method of
editing the grub line and adding selinux=0 or enforcing=0 whichever it may
be would be ideal.
On Wed, Feb 19, 2014 at 11:05 AM, David Smith <dsmith(a)mypchelp.com> wrote:
> I apologize if this comes off a little brusque, but there's really a lot
> of random information out there right now, to the point where i've seen it
> confuse not only myself but other new installers. Based on the problems I
> still have, I have a suggestion, and I also need some help. Again, some of
> this may come off as a bit of a TLDR Rant but if ovirt is to become
> popular, I believe my experience as a hardware engineer, software/hardware
> QA director/manager/engineer, may be valuable to this project.
>
> Two things keep me from getting this system working for me in a useful
> manner:
> #1, and the most important blocker: Disabling or fixing selinux, using
> ovirt-node-iso-3.0.3-1.1.vdsm.fc19.iso.
>
> #2, getting raritan pdu support
>
> For issue #1: I've had a lot of people say "disable selinux" or
"fix
> selinux" all over this user list and in recent replies. This really isn't
> fully helpful information. Even stating "edit the /etc/selinux/config" or
> use the kernel boot command "selinux=0" or read some other doc on the
> internet. These all apply to full fledged releases, not to the ovirt iso
> image. The main issue is that SSHD is not being allowed through selinux by
> default on this image. The right thing to do would be to fix the image and
> re-release it, and DELETE the broken one that is currently available.
> However a simple doc explaining how to persist the selinux disable or fix
> the SSHD problem with selinux would be the easiest solution.
> Others ran me down the path of "edit the selinux file and persist it"
> which didn't work, but gave no productive help on how to make it permanent.
> Equally I've been told to edit the grub config and add selinux=0 to the
> kernel, however after attempting this, adding it manually at the grub boot
> causes the system not to boot, and I haven't found the *right* grub.cfg
> file to edit and persist to keep the changes.
>
> For issue #2: I've hacked up some of the fence-agents scripts and am in
> the process of attempting to figure out how to compile/set up my own local
> copy to verify the raritan changes. Ideally the fence-agents folks would
> add a "generic support" portion, which I may actually do myself as well,
> allowing *any* PDU with at least the usual login/password/command/logout
> sequence to be used. So you see, I'm not totally useless, I'm helping here.
>
> Next suggestions:
> A) Compatibility list
> B) Cleanup of old project crap
>
> For A)
> For each release, I suggest there be a spreadsheet or simple document
> that shows which ovirt ISO images are compatible with which manager
> versions.
> There could be a wiki where people can add references to bug #s that have
> been found and links to their solutions. Right now there are ancient docs
> all over google searches that send people down paths of days of turmoil to
> no avail.
>
> For B)
> When iso images or other releases are superseded because of blocking,
> non-operable bugs, they should either be resolved and re-released or a
> clear path to making them function be documented. Once a re-release is
> done, the old images should be wiped out or moved to a clearly marked
> deprecated folder.
>
> Thats my 100 cents worth, I really do appreciate the work and effort that
> goes into this project, it appears to be a wonderful one, I hope to make
> good use of it, but the initial learning curve is a real deal breaker I'm
> sure for many others, especially not those willing and able to spend the
> time hacking at it like I have for the past week.
>
> Thanks!
>