openstack
/
python-tripleoclient
Code Issues Proposed changes

Allow containerized undercloud deploy with SELinux 

When SELinux is enforcing, use :Z flag for the heat_all
container's volumes. Note, if a volume mount with a Z,
then the label will be specific to the container, and
not be able to be shared between containers.

Partial-bug: #1682179
Related-bug: #1723003

Change-Id: Ib4022e022eb2b757591635c362b572ab06f65ed8
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
This commit is contained in:
Bogdan Dobrelya 2017-10-19 13:16:23 +02:00
parent d8e2ad2694
commit 47ce82003e
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
tripleoclient/heat_launcher.py
View File

@ -114,10 +114,10 @@ class HeatDockerLauncher(HeatBaseLauncher):
'--name', 'heat_all',
'--user', self.user,
'--net', 'host',
'--volume', '%(conf)s:/etc/heat/heat.conf' % {'conf':
self.config_file},
'--volume', '%(inst_tmp)s:%(inst_tmp)s:rw' % {'inst_tmp':
self.install_tmp},
'--volume', '%(conf)s:/etc/heat/heat.conf:Z' % {'conf':
self.config_file},
'--volume', '%(inst_tmp)s:%(inst_tmp)s:Z' % {'inst_tmp':
self.install_tmp},
'--volume', '%(pfile)s:%(pfile)s:ro' % {'pfile':
self.policy_file},
self.container_image, 'heat-all'
@ -130,10 +130,10 @@ class HeatDockerLauncher(HeatBaseLauncher):
cmd = [
'docker', 'run', '--rm',
'--user', self.user,
'--volume', '%(conf)s:/etc/heat/heat.conf' % {'conf':
self.config_file},
'--volume', '%(inst_tmp)s:%(inst_tmp)s:rw' % {'inst_tmp':
self.install_tmp},
'--volume', '%(conf)s:/etc/heat/heat.conf:Z' % {'conf':
self.config_file},
'--volume', '%(inst_tmp)s:%(inst_tmp)s:Z' % {'inst_tmp':
self.install_tmp},
self.container_image,
'heat-manage', 'db_sync']
log.debug(' '.join(cmd))