Merge "fix apparmor profile for non-standard nova home"

2024-05-02 13:00:24 +00:00 · 2024-05-02 13:00:24 +00:00 · 4943bab3fd
parent 3c62a72725 7bec243c62
commit 4943bab3fd
2 changed files with 22 additions and 0 deletions
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -88,3 +88,8 @@
    - "venv changed"
    - "cert installed"
    - "systemd service changed"
+
+- name: Reload apparmor profile
+  ansible.builtin.service:
+    name: apparmor.service
+    state: reloaded
--- a/tasks/drivers/kvm/nova_compute_kvm.yml
+++ b/tasks/drivers/kvm/nova_compute_kvm.yml
@ -135,6 +135,23 @@
    - nova-kvm
    - nova-libvirt

+- name: Set apparmor config (Ubuntu/Debian)
+  lineinfile:
+    dest: "/etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper"
+    line: "  {{ nova_system_home_folder }}/instances/_base/* r,"
+    backup: true
+    create: true
+    owner: "root"
+    group: "root"
+    mode: "0644"
+  when:
+    - ansible_facts['distribution'] == 'Ubuntu' or ansible_facts['distribution'] == 'Debian'
+  notify: Reload apparmor profile
+  tags:
+    - nova-config
+    - nova-kvm
+    - nova-libvirt
+
 - name: Including nova_disable_smt tasks
  include_tasks: nova_disable_smt.yml
  when: