openstack/openstack-ansible-lxc_hosts
Code Issues Proposed changes
Role lxc_hosts for OpenStack-Ansible
287 Commits 9 Branches 17 Tags 9.7 MiB
Jinja 61.6%
Python 22.9%
Shell 15.3%
Roff 0.2%
d77bbf6d0a
Go to file
Markos Chandras d77bbf6d0a tasks: lxc_install_zypper: Relax apparmor restrictions for dnsmasq 
The default apparmor profile does not allow dnsmasq to read from
/etc/neutron or /var/log/neutron as we see from the following entry
in the audit.log file:

type=AVC msg=audit(1500476274.931:179617): apparmor="DENIED" operation="open" profile="/usr/sbin/dnsmasq"
name="/etc/neutron/dnsmasq-neutron.conf" pid=27503 comm="dnsmasq" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

However, having such access is essential for neutron to work otherwise
dnsmasq fails to start and the VMs have all sorts of network problems.
As such, we create a local profile with the neutron allowances.

Change-Id: I11b1c777fc738f319e0d1c875390522468504050
2017-07-20 17:30:34 +01:00
defaults Add s390x as supported architecture 2017-06-26 15:03:44 +02:00
doc Fix openstackdocstheme settings 2017-07-03 16:12:23 +08:00
examples [DOCS] Create separate example playbook file 2016-08-11 20:21:22 -05:00
files tasks: Set systemd installation prefix 2017-04-25 14:56:33 +01:00
handlers systemd: Set a higher DefaultTasksMax value 2017-06-22 08:51:20 +01:00
meta Add SUSE support 2017-04-25 14:56:33 +01:00
releasenotes Fix openstackdocstheme settings 2017-07-03 16:12:23 +08:00
tasks tasks: lxc_install_zypper: Relax apparmor restrictions for dnsmasq 2017-07-20 17:30:34 +01:00
templates Fix container bridge networking on SUSE 2017-05-08 11:24:12 +01:00
tests Work around bad DNS resolution 2017-07-03 22:44:59 +01:00
vars Revert "Use LXC v2.0.6 on CentOS" 2017-06-14 13:26:41 +00:00
.gitignore Updated from OpenStack Ansible Tests 2017-06-22 15:19:02 +00:00
.gitreview New git dotfiles for independant repository 2015-11-25 20:56:11 +00:00
bindep.txt Updated from OpenStack Ansible Tests 2017-07-06 21:07:52 +00:00
CONTRIBUTING.rst [DOCS] - Removing tags: and category: 2016-08-18 15:16:58 -04:00
LICENSE IRR for lxc_host 2015-11-03 04:22:57 -06:00
manual-test.rc Use centralised test scripts 2016-09-27 16:47:07 +01:00
README.rst Update URLs in documents according to document migration 2017-07-14 09:35:14 +08:00
run_tests.sh Updated from OpenStack Ansible Tests 2017-06-22 15:19:02 +00:00
setup.cfg Update URLs in documents according to document migration 2017-07-14 09:35:14 +08:00
setup.py Updated from global requirements 2017-03-02 11:51:17 +00:00
test-requirements.txt Fix openstackdocstheme settings 2017-07-03 16:12:23 +08:00
tox.ini Ensure that role tests pin pip/setuptools/wheel 2017-06-04 11:18:39 +01:00
Vagrantfile Updated from OpenStack Ansible Tests 2017-07-06 13:02:03 +00:00

README.rst

Team and repository tags

image

OpenStack-Ansible LXC hosts

Ansible role that configures a host for running LXC containers.

Documentation for the project can be found at:

https://docs.openstack.org/openstack-ansible-lxc_hosts/latest

The project home is at:

http://launchpad.net/openstack-ansible