Closed ryansb closed 11 years ago
allow_ypbind doesn't exist on Fedora 18 according to 'getsebool -a | grep ypbind' ... I'm not sure why you're getting that error, I've not seen that one before.
[root@broker ~]# setsebool -P allow_ypbind=on
[root@broker ~]# echo $?
0
What's odd is that I also get nothing from getsebool -a | grep ypbind
but I get a good exit code when I setsebool.
When a variable doesn't exist, this is what happens.
[root@broker ~]# setsebool -P nopenopenope=on
libsemanage.dbase_llist_set: record not found in the database (No such file or directory).
libsemanage.dbase_llist_set: could not set record value (No such file or directory).
Could not change boolean nopenopenope
Could not change policy booleans
This leads me to believe that the allow_ypbind variable somehow doesn't show up in getsebool, but is still somehow valid.
Ah, it looks like allow_ypbind was either depricated by or replaced by nis_enabled
$ grep ypbind /etc/selinux/targeted/booleans.subs_dist
allow_ypbind nis_enabled
$ getsebool -a | grep nis_enabled
nis_enabled --> off
So if we set nis_enabled on the broker we should be good, but even still I'm curious if that's actually required or if that's just some depricated check in oo-accept-node. I'll look into that and follow up.
Hm, that's interesting. I'm going to go ahead and do a fresh install of F18 and re-test with the different role name.
Do you know where in openshift that check might be getting run so I can track down what's tossing that error?
Sorry for the radio silence, was out of town and then afk due to a family emergency. I'll be afk again for a few days for some training but I wanted to update this to let you know I haven't forgotten and do still plan to look into this.
Actually I just realized this is completed from the perspective of the deployment, the other end needs a fix from the util in origin-server. Closing this but feel free to re-open if you feel there's more work to be done (but also please let me know what that is because I'll have clearly missed something) :)
When using broker.yml, it does not set the SELinux boolean "allow_ypbind".
I tried correcting it by doing this:
But that errors out because (I suspect) at that point in the config yp (NIS) hasn't been installed. It produces this error.