[Users] Help required: Selinux disable for ovirt iso image

David Smith dsmith at mypchelp.com
Wed Feb 19 21:32:03 UTC 2014 

ahh spoke too soon, now after disabling selinux, vdsm isn't loading..
host shows up, but can't assign any VMs..


On Wed, Feb 19, 2014 at 1:16 PM, David Smith <dsmith at mypchelp.com> wrote:

> I managed to dig,dig dig and have finally resolved issue #1 without
> reinstall
>
> steps
> 1.  put host in maintenance mode
> 2, log in to host and:
> 2a. mount -o,rw,remount /run/initramfs/live
>
> 2b. edit /run/initramfs/live/grub2/grub.cfg and add selinux=0 to the end of the kernel line (starts with "linux /vmlinuz0"
>
> 2c. reboot the host
>
> 3. log in and try "getenforce" - selinux says disabled.
>
> 4. I tried to "Activate" the host and the manager returned "non-operational", so I had to remove and re-add the host.
>
>
> Manager version: 3.3.3-2.fc19 and iso ovirt-node-iso-3.0.3-1.1.vdsm.fc19.iso
>
>
>
> On Wed, Feb 19, 2014 at 12:14 PM, David Smith <dsmith at mypchelp.com> wrote:
>
>> side note ,reinstalling the nodes to resolve the selinux issue really
>> isn't a great proposition, its time consuming, an after-the-fact method of
>> editing the grub line and adding selinux=0 or enforcing=0 whichever it may
>> be would be ideal.
>>
>>
>> On Wed, Feb 19, 2014 at 11:05 AM, David Smith <dsmith at mypchelp.com>wrote:
>>
>>> I apologize if this comes off a little brusque, but there's really a lot
>>> of random information out there right now, to the point where i've seen it
>>> confuse not only myself but other new installers. Based on the problems I
>>> still have, I have a suggestion, and I also need some help.  Again, some of
>>> this may come off as a bit of a TLDR Rant but if ovirt is to become
>>> popular, I believe my experience as a hardware engineer, software/hardware
>>> QA director/manager/engineer, may be valuable to this project.
>>>
>>> Two things keep me from getting this system working for me in a useful
>>> manner:
>>> #1, and the most important blocker: Disabling or fixing selinux, using
>>> ovirt-node-iso-3.0.3-1.1.vdsm.fc19.iso.
>>>
>>> #2, getting raritan pdu support
>>>
>>> For issue #1: I've had a lot of people say "disable selinux" or "fix
>>> selinux" all over this user list and in recent replies. This really isn't
>>> fully helpful information. Even stating "edit the /etc/selinux/config" or
>>> use the kernel boot command "selinux=0" or read some other doc on the
>>> internet. These all apply to full fledged releases, not to the ovirt iso
>>> image. The main issue is that SSHD is not being allowed through selinux by
>>> default on this image.  The right thing to do would be to fix the image and
>>> re-release it, and DELETE the broken one that is currently available.
>>> However a simple doc explaining how to persist the selinux disable or
>>> fix the SSHD problem with selinux would be the easiest solution.
>>> Others ran me down the path of "edit the selinux file and persist it"
>>> which didn't work, but gave no productive help on how to make it permanent.
>>> Equally I've been told to edit the grub config and add selinux=0 to the
>>> kernel, however after attempting this, adding it manually at the grub boot
>>> causes the system not to boot, and I haven't found the *right* grub.cfg
>>> file to edit and persist to keep the changes.
>>>
>>> For issue #2: I've hacked up some of the fence-agents scripts and am in
>>> the process of attempting to figure out how to compile/set up my own local
>>> copy to verify the raritan changes. Ideally the fence-agents folks would
>>> add a "generic support" portion, which I may actually do myself as well,
>>> allowing *any* PDU with at least the usual login/password/command/logout
>>> sequence to be used. So you see, I'm not totally useless, I'm helping here.
>>>
>>> Next suggestions:
>>> A) Compatibility list
>>> B) Cleanup of old project crap
>>>
>>> For A)
>>> For each release, I suggest there be a spreadsheet or simple document
>>> that shows which ovirt ISO images are compatible with which manager
>>> versions.
>>> There could be a wiki where people can add references to bug #s that
>>> have been found and links to their solutions. Right now there are ancient
>>> docs all over google searches that send people down paths of days of
>>> turmoil to no avail.
>>>
>>> For B)
>>> When iso images or other releases are superseded because of blocking,
>>> non-operable bugs, they should either be resolved and re-released or a
>>> clear path to making them function be documented.  Once a re-release is
>>> done, the old images should be wiped out or moved to a clearly marked
>>> deprecated folder.
>>>
>>> Thats my 100 cents worth, I really do appreciate the work and effort
>>> that goes into this project, it appears to be a wonderful one, I hope to
>>> make good use of it, but the initial learning curve is a real deal breaker
>>> I'm sure for many others, especially not those willing and able to spend
>>> the time hacking at it like I have for the past week.
>>>
>>> Thanks!
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20140219/8fabf860/attachment-0001.html>

More information about the Users mailing list