On Fri, May 15, 2015 at 03:03:48PM -0500, Jeremy Utley wrote:

Hello all!

Running ovirt 3.5 on CentOS 7 currently, and running into a little problem. All my nodes are currently showing the ovirtmgmt network as unsyncronized. When I try to force them to sync, it fails. Looking at the /var/log/vdsm/supervdsm.log file on one of the nodes, it looks like it has to do with SELinux. See:

http://pastebin.com/NX7yetVW

Which contains a dump of the supervdsm.log file when I tried to force syncronization. Judging from what I'm seeing, after VDSM writes the new network configuration files to /etc/sysconfig/network-scripts/ifcfg-*, it attempts to run a selinux.restorecon function against those files. Since we disable SELinux by default on all our servers, this action is failing with Errno 61 (see lines 66-71 and 86-91 in the above-mentioned pastebin). Is this normal? Is ovirt expecting to run with SELinux enabled? Or am I mis-interpreting this log output?

Thanks for any help or advice you can give me!

The log has ..."ignoring restorecon error in case SElinux is disabled"... meaning that Vdsm decided to allow working with SElinux disabled, but it is recommended, full-heartedly, that you enable SElinux on your hosts. For example, the recent qemu flaw https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/ becomes much limited when SElinux enabled. http://stopdisablingselinux.com/ And now to your networking question: Your log excerpt ends with a successful setSafeNetworkConfig, which means that setupNetwork has succeeded and that Engine knows that. We'd need to dig deeper to understand why the nets keep being out-of-sync. Does engine.log has clues?