From 583a60248f47428542a560a869aab04933512d94 Mon Sep 17 00:00:00 2001 From: James Slagle Date: Wed, 22 Mar 2017 17:04:50 -0400 Subject: [PATCH] Install openstack-selinux for deployed-server No other packages actually require openstack-selinux, so it must be explicity installed. Change-Id: Ic7b39ddfc4cfb28b8a08e9b02043211e4ca4a39a Closes-Bug: #1675170 --- deployed-server/deployed-server-bootstrap-centos.sh | 3 ++- deployed-server/deployed-server-bootstrap-rhel.sh | 3 ++- .../notes/install-openstack-selinux-d14b2e26feb6d04e.yaml | 6 ++++++ 3 files changed, 10 insertions(+), 2 deletions(-) create mode 100644 releasenotes/notes/install-openstack-selinux-d14b2e26feb6d04e.yaml diff --git a/deployed-server/deployed-server-bootstrap-centos.sh b/deployed-server/deployed-server-bootstrap-centos.sh index 7266ca57e6..c86e771cb2 100644 --- a/deployed-server/deployed-server-bootstrap-centos.sh +++ b/deployed-server/deployed-server-bootstrap-centos.sh @@ -8,7 +8,8 @@ yum install -y \ openstack-puppet-modules \ os-net-config \ openvswitch \ - python-heat-agent* + python-heat-agent* \ + openstack-selinux ln -s -f /usr/share/openstack-puppet/modules/* /etc/puppet/modules diff --git a/deployed-server/deployed-server-bootstrap-rhel.sh b/deployed-server/deployed-server-bootstrap-rhel.sh index 36ff00775e..10b4999b91 100644 --- a/deployed-server/deployed-server-bootstrap-rhel.sh +++ b/deployed-server/deployed-server-bootstrap-rhel.sh @@ -8,6 +8,7 @@ yum install -y \ openstack-puppet-modules \ os-net-config \ openvswitch \ - python-heat-agent* + python-heat-agent* \ + openstack-selinux ln -s -f /usr/share/openstack-puppet/modules/* /etc/puppet/modules diff --git a/releasenotes/notes/install-openstack-selinux-d14b2e26feb6d04e.yaml b/releasenotes/notes/install-openstack-selinux-d14b2e26feb6d04e.yaml new file mode 100644 index 0000000000..d2b2eb9442 --- /dev/null +++ b/releasenotes/notes/install-openstack-selinux-d14b2e26feb6d04e.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - openstack-selinux is now installed by the deployed-server + bootstrap scripts. Previously, it was not installed, so + if SELinux was set to enforcing, all OpenStack policy + was missing.