fix apparmor profile for non-standard nova home
in cases when non-standard path to nova instances is configured with nova_system_home_folder variable there may be problems with instances spawning due to libvirt virt-aa-helper missing permission in apparmor profile, this commit resolves this Change-Id: I3d37eb5a9635044570690370dfcbc060ff4d9e49
This commit is contained in:
parent
bfa8e12fcc
commit
7bec243c62
@ -88,3 +88,8 @@
|
||||
- "venv changed"
|
||||
- "cert installed"
|
||||
- "systemd service changed"
|
||||
|
||||
- name: Reload apparmor profile
|
||||
ansible.builtin.service:
|
||||
name: apparmor.service
|
||||
state: reloaded
|
||||
|
@ -135,6 +135,23 @@
|
||||
- nova-kvm
|
||||
- nova-libvirt
|
||||
|
||||
- name: Set apparmor config (Ubuntu/Debian)
|
||||
lineinfile:
|
||||
dest: "/etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper"
|
||||
line: " {{ nova_system_home_folder }}/instances/_base/* r,"
|
||||
backup: true
|
||||
create: true
|
||||
owner: "root"
|
||||
group: "root"
|
||||
mode: "0644"
|
||||
when:
|
||||
- ansible_facts['distribution'] == 'Ubuntu' or ansible_facts['distribution'] == 'Debian'
|
||||
notify: Reload apparmor profile
|
||||
tags:
|
||||
- nova-config
|
||||
- nova-kvm
|
||||
- nova-libvirt
|
||||
|
||||
- name: Including nova_disable_smt tasks
|
||||
include_tasks: nova_disable_smt.yml
|
||||
when:
|
||||
|
Loading…
Reference in New Issue
Block a user