RETIRED, Lightweight composition layer for Puppet TripleO

Go to file

Cédric Jeanneret 848f2acd5b Add missing "z" flag for specific mounts Depending on the host history, it may happen some directory content don't have the correct SELinux type. This has been seen with OVN service, during a Queens -> Train FFU: while the /var/lib/openvswitch/ovn directory had the correct container_file_t type, some files in this location were typed with openvswitch_var_lib_t, leading to errors during the deploy part of the upgrade (after the OS upgrade, when the deploy is running on the cleaned host). The specific issue depends on the actual files with the wrong label, but usually it involves a container crash/error, leading to a deploy error, and a manual intervention in order to correct the SELinux type in the location. This situation may happen when first deployed on Queens, since it was using Docker. For the records, back then Docker Daemon was configured in order to disable the SELinux support, so it didn't really care about labels; but the situation is different with Podman, and we have a full SELinux support at all levels on the OS, leading to the issue. For the records, tripleo-heat-templates as well as tripleo-ansible are setting the "setype: container_file_t" on the directories, but we don't use the "recurse: true" in order to avoid performance issues - some locations might be huge, and it would take too much time to relabel everything via ansible. This patch aims to converge all the mounts to the same options, and ensure no SELinux denial can prevent the actual container startup and function. Change-Id: Ic3e427156fc82c524c763d1896937fcc3c49fabb Closes-Bug: #1943459 (cherry picked from commit `e8c4e9304f`)		2021-09-16 06:44:41 +00:00
doc	Switch to newer openstackdocstheme and reno versions	2020-06-03 20:33:05 +02:00
files	Remove puppet-certmonger related puppet-files	2021-04-21 09:56:05 +02:00
lib	Replace deprecated ip functions	2021-08-16 23:41:24 +00:00
manifests	Add missing "z" flag for specific mounts	2021-09-16 06:44:41 +00:00
releasenotes	Add missing "z" flag for specific mounts	2021-09-16 06:44:41 +00:00
spec	Replace deprecated ip functions	2021-08-16 23:41:24 +00:00
templates	[c9] wrappers should start containers with host's cgroupns	2021-09-15 15:18:10 +00:00
zuul.d	Wire up the tripleo-upgrades-wallaby-pipeline	2021-07-08 13:42:53 +03:00
.gitignore	Dissuade .gitignore references to personal tools	2018-10-08 11:47:08 +08:00
.gitreview	Update .gitreview for stable/wallaby	2021-05-05 15:32:10 +00:00
.sync.yml	Initial msync run for all Puppet OpenStack modules	2015-08-18 14:30:54 +02:00
Gemfile	Use openstack_spec_helper from zuul checkout	2020-08-30 23:06:53 +02:00
LICENSE	Add basic structure for a Puppet module	2015-02-02 11:39:21 -05:00
Puppetfile_extras	Pin puppet-redis to 8.0.0	2021-08-27 13:12:39 +09:00
README.md	Add the missing ':' in README	2018-07-28 07:57:53 +00:00
Rakefile	Composable HA	2017-01-25 19:32:31 +00:00
bindep.txt	Add Puppet package to bindep, for module build	2017-10-27 13:50:15 -07:00
metadata.json	Bump metadata for wallaby tripleo repos release	2021-08-10 18:33:18 +03:00
setup.cfg	Force to use markdown to prevent pypi issue	2019-07-01 20:45:00 +02:00
setup.py	chmod +x setup.py	2017-10-06 12:28:56 -07:00
tox.ini	Update TOX_CONSTRAINTS_FILE for stable/wallaby	2021-05-05 15:32:16 +00:00

README.md

Team and repository tags

puppet-tripleo

Lightweight composition layer for Puppet TripleO.

Contributing

Free software: Apache License (2.0)
Source: http://git.openstack.org/cgit/openstack/puppet-tripleo
Bugs: http://bugs.launchpad.net/tripleo (tag: puppet)
Documentation:
- TripleO: https://docs.openstack.org/tripleo-docs/latest/
- Testing with puppet: https://docs.openstack.org/puppet-openstack-guide/latest/contributor/testing.html
- Release Notes: https://docs.openstack.org/releasenotes/puppet-tripleo