fix apparmor profile for non-standard nova home

in cases when non-standard path to nova instances is configured with nova_system_home_folder variable there may be problems with instances spawning due to libvirt virt-aa-helper missing permission in apparmor profile, this commit resolves this

Change-Id: I3d37eb5a9635044570690370dfcbc060ff4d9e49
This commit is contained in:
Aleksandr Chudinov 2024-03-12 15:51:49 +02:00
parent bfa8e12fcc
commit 7bec243c62
2 changed files with 22 additions and 0 deletions

View File

@ -88,3 +88,8 @@
- "venv changed"
- "cert installed"
- "systemd service changed"
- name: Reload apparmor profile
ansible.builtin.service:
name: apparmor.service
state: reloaded

View File

@ -135,6 +135,23 @@
- nova-kvm
- nova-libvirt
- name: Set apparmor config (Ubuntu/Debian)
lineinfile:
dest: "/etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper"
line: " {{ nova_system_home_folder }}/instances/_base/* r,"
backup: true
create: true
owner: "root"
group: "root"
mode: "0644"
when:
- ansible_facts['distribution'] == 'Ubuntu' or ansible_facts['distribution'] == 'Debian'
notify: Reload apparmor profile
tags:
- nova-config
- nova-kvm
- nova-libvirt
- name: Including nova_disable_smt tasks
include_tasks: nova_disable_smt.yml
when: