0

On the official article for installing openstack on RHEL/CentOS, it has mentioned at the end that one should also install openstack-selinux “to automatically manage security policies for OpenStack services”. Does the same package works for Rocky Linux? The relevant opensource repo of openstack-selinux only updates its policy until RHEL 7, and it was unclear if there’s update to the policy to accommodate RHEL/CentOS 9 (and thus Rocky Linux).

Install guide on the web only set out that SELinux and firewall should be disabled, it is possible to install openstack on Rocky while keeping firewall enabled and enforcing SELinux policy?

jimmymcheung
  • 3
  • 3

2 Answers2

1

It looks like the RDO project, which has OpenStack packaged for CentOS-9-stream, uses the same repository to which you've linked. If you look at the available packages, they're using openstack-selinux version 0.8.35, which was tagged last August.

That suggests you could use the same package for Rocky 9.

Regarding the firewall, you can of course leave your firewall enabled, but you need to be sure that you don't block ports required by OpenStack and that you don't have rules that conflict with those installed by OpenStack. A good approach is first to set things up with your custom firewall rules disabled and verify that things are working, and then re-introduce your firewall rules and see if anything breaks.

larsks
  • 43,623
  • 14
  • 121
  • 180
  • I’m installing on a fresh system, so the firewall is yet to comfigure, but of course the port for OpenStack service should be left open. I get this question because I was reading various tutorials and most mentioned to set `SELinux` to permissive and to disable firewall, the only few that doesn’t mention this are for CentOS 7. – jimmymcheung May 04 '23 at 22:10
  • From the suffix (`el9s`) it seems this is indeed compatible with Rocky Linux 9, I’ll try that out. I was unable to find this package anywhere on the internet. – jimmymcheung May 04 '23 at 22:16
  • I look more into the repo, and found https://mirror.stream.centos.org/SIGs/9-stream/cloud/x86_64/openstack-antelope/Packages/o/openstack-selinux-0.8.36-1.el9s.noarch.rpm is for the openstack’s latest stable release (2023.1-antelope) which is tagged `0.8.36` – jimmymcheung May 04 '23 at 22:29
0

Some people already played with rocky9 and Openstack please check this link https://forums.rockylinux.org/t/openstack-on-rocky/7016.

For rdo packages you can refer https://repos.fedorapeople.org/repos/openstack/, for rocky9 I believe openstack-yoga and openstack-zed only applicable.

asktyagi
  • 2,860
  • 2
  • 8
  • 25
  • Yes, I went through that post before I asked, but it was mainly about rocky8. And just to correct, for el9 (assuming also rocky9) the openstack-antelope (which is released in March this year) is also supported (and I believe antelope can only be installed in el9) – jimmymcheung May 04 '23 at 22:22