Apparmor profiles were limiting queens deployments of neutron-gateway
when aa-profile-mode was set to enforce. It led to failed instance
deployments due to neutron agents failing to execute their necessary
functions.
This change updates the profiles to be Queens ready.
Closes-Bug: #1761536
Change-Id: I2e08a2de9e4ae8139ab8e4be131631883652d029
In newton neutron-lbaas-agent has been renamed neutron-lbaasv2-agent.
The apparmor profile and resource map requires updates to handle this.
Change-Id: Ia8ac50e5e7fa32139528b90d82dfdd1489a2173a
Depends-On: I69b4e3c38b7b24c4ef93010e5612faf377d7a67a
Add support for application of apparmor profiles to
neutron and nova daemons that run on neutron-gateway
units.
By default this is disabled but may be enabled by setting
the aa-profile-mode option to ether 'complain' or 'enforce'.
Note that the apparmor profiles do not try to reproduce the
permissions required for all operations that may be undertaken
using oslo.rootwrap; daemons are granted permission to run
'sudo' without any apparmor based restrictions.
Change-Id: Ibe568a46ee4c1f1148c162f0f0b2907153770efe