openstack/octavia
Code Issues Proposed changes

Merge "Fix TCP HMs on UDP pools with SELinux" into stable/yoga

Browse Source
This commit is contained in:
Zuul 2023-07-12 17:17:26 +00:00 committed by Gerrit Code Review
commit 2851ee970e
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
elements/amphora-selinux/post-install.d/50-selinux-policies
View File

@ -17,3 +17,6 @@ enable_selinux_bool () {
enable_selinux_bool os_haproxy_enable_nsfs enable_selinux_bool os_haproxy_enable_nsfs
enable_selinux_bool os_haproxy_ping enable_selinux_bool os_haproxy_ping
enable_selinux_bool cluster_use_execmem enable_selinux_bool cluster_use_execmem
# Allows keepalived to connect to any ports (required by TCP-based HMs on UDP
# pools)
enable_selinux_bool keepalived_connect_any

7
releasenotes/notes/fix-selinux-tcp-hm-on-udp-pools-89c3b8db89e359ba.yaml Normal file
View File

@ -0,0 +1,7 @@
---
fixes:
- |
Fixed an SELinux issues with TCP-based health-monitor on UDP pools, some
specific monitoring ports were denied by SELinux. The Amphora image now
enables the ``keepalived_connect_any`` SELinux boolean that allows
connections to any ports.