Octavia: set selinux contexts on ansible generated configuration
The octavia external deploy tasks creates several files and directories and care must be taken to ensure they have the proper selinux context. Change-Id: I08be6722a68ce17b7fefc0f9ca3eb8bf9c585418 Closes-Bug: #1812274 (cherry picked from commit67a55866b2
) (cherry picked from commitb743cfaa25
)
This commit is contained in:
parent
34d989f14b
commit
35feb1d6ab
@ -1,15 +1,22 @@
|
||||
---
|
||||
- name: making sure octavia worker configuration directory exists
|
||||
file: path="{{ octavia_confd_prefix }}{{ ca_private_key_path | dirname }}" state=directory
|
||||
file:
|
||||
path: "{{ octavia_confd_prefix }}{{ ca_private_key_path | dirname }}"
|
||||
state: directory
|
||||
selevel: s0
|
||||
setype: svirt_sandbox_file_t
|
||||
become: true
|
||||
- name: Copying key info to octavia if not already there
|
||||
become: true
|
||||
copy: content="{{ private_key_content }}" dest="{{ octavia_confd_prefix }}{{ ca_private_key_path }}"
|
||||
- name: copying ca certificate to octavia
|
||||
become: true
|
||||
copy: content="{{ ca_cert_content }}" dest="{{ octavia_confd_prefix }}{{ ca_cert_path }}"
|
||||
- name: Create pem file with service private key & public certificate
|
||||
become: true
|
||||
copy: content="{{ service_pem_content }}" dest="{{ octavia_confd_prefix }}{{ client_cert_path }}"
|
||||
copy:
|
||||
content: "{{ item.content }}"
|
||||
dest: "{{ octavia_confd_prefix }}{{ item.path }}"
|
||||
selevel: s0
|
||||
setype: svirt_sandbox_file_t
|
||||
no_log: true
|
||||
loop:
|
||||
- { content: private_key_content, path: ca_private_key_path }
|
||||
- { content: ca_cert_content, path: ca_cert_path }
|
||||
- { content: service_pem_content, path: client_cert_path }
|
||||
notify:
|
||||
- octavia config updated
|
||||
|
@ -13,6 +13,10 @@
|
||||
- include_tasks: netport.yml
|
||||
- include_tasks: netinterface.yml
|
||||
- name: making sure octavia common configuration directory exists
|
||||
file: path="{{ octavia_confd_prefix }}/etc/octavia/conf.d/common" state=directory
|
||||
file:
|
||||
path: "{{ octavia_confd_prefix }}/etc/octavia/conf.d/common"
|
||||
state: directory
|
||||
selevel: s0
|
||||
setype: svirt_sandbox_file_t
|
||||
become: true
|
||||
- include_tasks: octavia.yml
|
||||
|
@ -1,6 +1,10 @@
|
||||
---
|
||||
- name: making sure octavia worker configuration directory exists
|
||||
file: path="{{ octavia_confd_prefix }}/etc/octavia/conf.d/octavia-worker" state=directory
|
||||
file:
|
||||
path: "{{ octavia_confd_prefix }}/etc/octavia/conf.d/octavia-worker"
|
||||
state: directory
|
||||
selevel: s0
|
||||
setype: svirt_sandbox_file_t
|
||||
become: true
|
||||
- name: setting [controller_worker]/amp_boot_network_list
|
||||
become: true
|
||||
@ -10,6 +14,8 @@
|
||||
section: controller_worker
|
||||
option: amp_boot_network_list
|
||||
value: "{{ lb_mgmt_net_id }}"
|
||||
selevel: s0
|
||||
setype: svirt_sandbox_file_t
|
||||
- name: setting [controller_worker]/amp_secgroup_list
|
||||
become: true
|
||||
become_user: root
|
||||
@ -18,8 +24,14 @@
|
||||
section: controller_worker
|
||||
option: amp_secgroup_list
|
||||
value: "{{ lb_mgmt_secgroup_id }}"
|
||||
selevel: s0
|
||||
setype: svirt_sandbox_file_t
|
||||
- name: making sure octavia health manager configuration directory exists
|
||||
file: path="{{octavia_confd_prefix}}/etc/octavia/conf.d/octavia-health-manager" state=directory
|
||||
file:
|
||||
path: "{{octavia_confd_prefix}}/etc/octavia/conf.d/octavia-health-manager"
|
||||
state: directory
|
||||
selevel: s0
|
||||
setype: svirt_sandbox_file_t
|
||||
become: true
|
||||
- name: create octavia health manager configuration file
|
||||
become: true
|
||||
@ -27,6 +39,8 @@
|
||||
template:
|
||||
dest: "{{octavia_confd_prefix}}/etc/octavia/conf.d/octavia-health-manager/manager-post-deploy.conf"
|
||||
src: "manager-post-deploy.conf.j2"
|
||||
selevel: s0
|
||||
setype: svirt_sandbox_file_t
|
||||
- name: gather facts about the service project
|
||||
shell: |
|
||||
openstack project show "{{ auth_project_name }}" -c id -f value
|
||||
|
@ -35,6 +35,8 @@
|
||||
option: "controller_ip_port_list"
|
||||
value: "{{ o_hm_ip_list }}"
|
||||
path: "{{octavia_confd_prefix}}/etc/octavia/conf.d/octavia-worker/worker-post-deploy.conf"
|
||||
selevel: s0
|
||||
setype: svirt_sandbox_file_t
|
||||
when: octavia_config_updated
|
||||
|
||||
- name: restart octavia containers
|
||||
|
Loading…
Reference in New Issue
Block a user