openstack
/
octavia
Code Issues Proposed changes
octavia/octavia/tests/unit/amphorae/backends/agent
History
Cédric Jeanneret edcd6931fc Save the HAProxy state outside of its systemd unit 
By default, SELinux prevents HAProxy context (haproxy_t) to execute
shell context (shell_exec_t) for security reasons.

This prevents HAProxy to actually reload properly, since SELinux will
deny its call to a shell to save its state to a file.

In order to avoid opening a potential security hole in the load-balancer
image, the best way is to generate the state file before the actual
reload.

There are more details about the SELinux denials in the associated Red
Hat Bugzilla.

Resolves: rhbz#2073491
Change-Id: I6b9a5e1e3bafe77ad9f9506b8c0995d8c2a00081
(cherry picked from commit 21d74c373b)
(cherry picked from commit 0a062cd664)
 		2022-04-20 16:35:01 +02:00
..
api_server Save the HAProxy state outside of its systemd unit 2022-04-20 16:35:01 +02:00
__init__.py Add license for empty __init__.py 2018-03-14 07:02:56 +09:00
test_agent_jinja_cfg.py Add generic network interface management in the amphora 2021-08-31 17:21:37 +02:00