Merge "Add SELinux contexts for nova log directory"

2018-02-19 22:43:34 +00:00 · 2018-02-19 22:43:34 +00:00 · 7cfe329693
commit 7cfe329693
parent b7964d4b49 10fc6d9035
4 changed files with 23 additions and 5 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -60,6 +60,7 @@ nova_system_shell: /bin/bash
 nova_system_comment: nova system user
 nova_system_home_folder: "/var/lib/{{ nova_system_user_name }}"
 nova_libvirt_save_path: "{{ nova_system_home_folder }}/save"
+nova_log_dir: "/var/log/nova"

 nova_lock_path: "/var/lock/nova"

--- a/tasks/nova_pre_install.yml
+++ b/tasks/nova_pre_install.yml
@ -77,9 +77,9 @@

 - name: Test for log directory or link
  shell: |
-    if [ -h "/var/log/nova"  ]; then
-      chown -h {{ nova_system_user_name }}:{{ nova_system_group_name }} "/var/log/nova"
-      chown -R {{ nova_system_user_name }}:{{ nova_system_group_name }} "$(readlink /var/log/nova)"
+    if [ -h "{{ nova_log_dir }}"  ]; then
+      chown -h {{ nova_system_user_name }}:{{ nova_system_group_name }} "{{ nova_log_dir }}"
+      chown -R {{ nova_system_user_name }}:{{ nova_system_group_name }} "$(readlink {{ nova_log_dir }})"
    else
      exit 1
    fi
@ -92,7 +92,7 @@

 - name: Create nova log dir
  file:
-    path: "/var/log/nova"
+    path: "{{ nova_log_dir }}"
    state: directory
    owner: "{{ nova_system_user_name }}"
    group: "{{ nova_system_group_name }}"
--- a/tasks/nova_selinux.yml
+++ b/tasks/nova_selinux.yml
@ -43,6 +43,23 @@
  when:
    - selinux_equivalence | changed or selinux_file_context_ssh_keys | changed

+- name: Stat nova's log directory
+  stat:
+    path: "{{ nova_log_dir }}"
+  register: nova_log_dir_check
+
+- name: Set SELinux file contexts for nova's log directory
+  sefcontext:
+    target: "{{ (nova_log_dir_check.stat.islnk) | ternary(nova_log_dir_check.stat.lnk_target, nova_log_dir) }}(/.*)?"
+    setype: nova_log_t
+    state: present
+  register: selinux_file_context_log_files
+
+- name: Apply updated SELinux contexts on nova log directory
+  command: "restorecon -Rv {{ (nova_log_dir_check.stat.islnk) | ternary(nova_log_dir_check.stat.lnk_target, nova_log_dir) }}"
+  when:
+    - selinux_file_context_log_files | changed
+
 - name: Copy OSA SELinux policy
  copy:
    src: osa-nova.te
--- a/templates/nova.conf.j2
+++ b/templates/nova.conf.j2
@ -6,7 +6,7 @@ use_stderr = False
 # Logs / State
 debug = {{ debug }}
 fatal_deprecations = {{ nova_fatal_deprecations }}
-log_dir = /var/log/nova
+log_dir = {{ nova_log_dir }}
 state_path = {{ nova_system_home_folder }}
 rootwrap_config = /etc/nova/rootwrap.conf
 service_down_time = 120