Replace svirt_sandbox_file_t by container_file_t
While they are, at SELinux level, exactly the same (one is an alias to the other), the "container_file_t" name is easier to understand (and shorter to write). A second pass in a couple of days or weeks will be needed in order to change files that were merged after this first pass. Change-Id: Ib4b3e65dbaeb5894403301251866b9817240a9d5
This commit is contained in:
Cédric Jeanneret
parent
0ccca0e362
commit
0875895553
common
deployment
aodh
aodh-api-container-puppet.yamlaodh-evaluator-container-puppet.yamlaodh-listener-container-puppet.yamlaodh-notifier-container-puppet.yaml
ceilometer
ceilometer-agent-central-container-puppet.yamlceilometer-agent-compute-container-puppet.yamlceilometer-agent-ipmi-container-puppet.yamlceilometer-agent-notification-container-puppet.yaml
cinder
cinder-api-container-puppet.yamlcinder-common-container-puppet.yamlcinder-scheduler-container-puppet.yaml
database
mysql-container-puppet.yamlmysql-pacemaker-puppet.yamlredis-container-puppet.yamlredis-pacemaker-puppet.yaml
etcd
experimental/designate
designate-api-container-puppet.yamldesignate-central-container-puppet.yamldesignate-mdns-container-puppet.yamldesignate-producer-container-puppet.yamldesignate-sink-container-puppet.yamldesignate-worker-container-puppet.yaml
glance
gnocchi
gnocchi-api-container-puppet.yamlgnocchi-metricd-container-puppet.yamlgnocchi-statsd-container-puppet.yaml
haproxy
horizon
ironic
ironic-api-container-puppet.yamlironic-conductor-container-puppet.yamlironic-inspector-container-puppet.yamlironic-pxe-container-puppet.yaml
iscsid
keepalived
logging
files
barbican-api.yamlheat-api-cfn.yamlheat-api.yamlheat-engine.yamlkeystone.yamlneutron-api.yamlneutron-common.yamlnova-api.yamlnova-common.yamlnova-libvirt.yamlnova-metadata.yamlplacement-api.yaml
rsyslog-container-puppet.yamlmanila
manila-api-container-puppet.yamlmanila-scheduler-container-puppet.yamlmanila-share-container-puppet.yamlmanila-share-pacemaker-puppet.yaml
messaging
metrics
mistral
mistral-api-container-puppet.yamlmistral-engine-container-puppet.yamlmistral-event-engine-container-puppet.yamlmistral-executor-container-puppet.yaml
multipathd
neutron
neutron-dhcp-container-puppet.yamlneutron-l3-container-puppet.yamlneutron-metadata-container-puppet.yaml
nova
nova-compute-container-puppet.yamlnova-ironic-container-puppet.yamlnova-libvirt-container-puppet.yamlnovajoin-container-puppet.yaml
octavia
octavia-api-container-puppet.yamloctavia-health-manager-container-puppet.yamloctavia-housekeeping-container-puppet.yamloctavia-worker-container-puppet.yaml
openvswitch
ovn
ovn-controller-container-puppet.yamlovn-dbs-container-puppet.yamlovn-dbs-pacemaker-puppet.yamlovn-metadata-container-puppet.yaml
qdr
rabbitmq
rabbitmq-container-puppet.yamlrabbitmq-messaging-notify-container-puppet.yamlrabbitmq-messaging-notify-pacemaker-puppet.yamlrabbitmq-messaging-pacemaker-puppet.yamlrabbitmq-messaging-rpc-container-puppet.yamlrabbitmq-messaging-rpc-pacemaker-puppet.yaml
sahara
swift
undercloud
zaqar
environments
releasenotes/notes
@ -7,13 +7,13 @@
|
||||
path: "/var/lib/tripleo-config/container-startup-config/{{ step_path }}/"
|
||||
mode: 0600
|
||||
recurse: yes
|
||||
setype: svirt_sandbox_file_t
|
||||
setype: container_file_t
|
||||
|
||||
- name: "Creating container startup configs for {{ step_path }}"
|
||||
copy:
|
||||
content: "{{ item.value | to_nice_json }}"
|
||||
dest: "/var/lib/tripleo-config/container-startup-config/{{ step_path }}/{{ item.key }}.json"
|
||||
setype: svirt_sandbox_file_t
|
||||
setype: container_file_t
|
||||
mode: 0600
|
||||
no_log: true
|
||||
loop: "{{ item.1 | dict2items }}"
|
||||
|
||||
@ -20,7 +20,7 @@
|
||||
file:
|
||||
path: /var/lib/tripleo-config
|
||||
state: directory
|
||||
setype: svirt_sandbox_file_t
|
||||
setype: container_file_t
|
||||
selevel: s0
|
||||
recurse: true
|
||||
tags:
|
||||
@ -49,7 +49,7 @@
|
||||
file:
|
||||
path: /var/lib/tripleo-config/check-mode
|
||||
state: directory
|
||||
setype: svirt_sandbox_file_t
|
||||
setype: container_file_t
|
||||
selevel: s0
|
||||
recurse: true
|
||||
tags:
|
||||
@ -103,7 +103,7 @@
|
||||
file:
|
||||
path: /var/lib/container-puppet
|
||||
state: directory
|
||||
setype: svirt_sandbox_file_t
|
||||
setype: container_file_t
|
||||
selevel: s0
|
||||
tags:
|
||||
- container_config
|
||||
@ -124,7 +124,7 @@
|
||||
file:
|
||||
path: /var/lib/container-puppet/check-mode
|
||||
state: directory
|
||||
setype: svirt_sandbox_file_t
|
||||
setype: container_file_t
|
||||
selevel: s0
|
||||
tags:
|
||||
- container_config
|
||||
@ -171,7 +171,7 @@
|
||||
file:
|
||||
path: /var/lib/container-config-scripts
|
||||
state: directory
|
||||
setype: svirt_sandbox_file_t
|
||||
setype: container_file_t
|
||||
tags:
|
||||
- container_config_scripts
|
||||
|
||||
@ -201,7 +201,7 @@
|
||||
dest: "/var/lib/container-config-scripts/{{ item[0] }}"
|
||||
force: yes
|
||||
mode: "{{ item[1].mode | default('0600', true) }}"
|
||||
setype: svirt_sandbox_file_t
|
||||
setype: container_file_t
|
||||
loop: "{{ role_data_container_config_scripts | dictsort }}"
|
||||
loop_control:
|
||||
label: "{{ item[0] }}"
|
||||
@ -254,7 +254,7 @@
|
||||
file:
|
||||
path: /var/lib/kolla/config_files
|
||||
state: directory
|
||||
setype: svirt_sandbox_file_t
|
||||
setype: container_file_t
|
||||
selevel: s0
|
||||
recurse: true
|
||||
tags:
|
||||
@ -264,7 +264,7 @@
|
||||
file:
|
||||
path: /var/lib/config-data
|
||||
state: directory
|
||||
setype: svirt_sandbox_file_t
|
||||
setype: container_file_t
|
||||
selevel: s0
|
||||
|
||||
- name: Write kolla config json files
|
||||
@ -274,7 +274,7 @@
|
||||
dest: "{{ item[0] }}"
|
||||
force: yes
|
||||
mode: '0600'
|
||||
setype: svirt_sandbox_file_t
|
||||
setype: container_file_t
|
||||
loop: "{{ lookup('file', tripleo_role_name + '/kolla_config.yaml', errors='ignore') | default([], True) | from_yaml | dictsort }}"
|
||||
loop_control:
|
||||
label: "{{ item[0] }}"
|
||||
@ -318,7 +318,7 @@
|
||||
file:
|
||||
path: /etc/puppet/check-mode/hieradata
|
||||
state: directory
|
||||
setype: svirt_sandbox_file_t
|
||||
setype: container_file_t
|
||||
selevel: s0
|
||||
recurse: true
|
||||
check_mode: no
|
||||
|
||||
@ -615,7 +615,7 @@ outputs:
|
||||
file:
|
||||
path: /var/lib/tripleo-config/scripts
|
||||
state: directory
|
||||
setype: svirt_sandbox_file_t
|
||||
setype: container_file_t
|
||||
selevel: s0
|
||||
recurse: true
|
||||
|
||||
@ -1235,7 +1235,7 @@ outputs:
|
||||
- include_vars: global_vars.yaml
|
||||
no_log: true
|
||||
- name: ensure we get the right selinux context
|
||||
command: chcon -R -t svirt_sandbox_file_t /var/lib/config-data
|
||||
command: chcon -R -t container_file_t /var/lib/config-data
|
||||
args:
|
||||
warn: no
|
||||
tags:
|
||||
@ -1623,7 +1623,7 @@ outputs:
|
||||
name: Run Fast Forward Upgrade Prep Workarounds for {{role.name}}
|
||||
{%- endfor %}
|
||||
- name: Create /var/lib/container-puppet
|
||||
file: path=/var/lib/container-puppet state=directory setype=svirt_sandbox_file_t selevel=s0 recurse=true
|
||||
file: path=/var/lib/container-puppet state=directory setype=container_file_t selevel=s0 recurse=true
|
||||
- name: Write container-puppet.py
|
||||
no_log: True
|
||||
copy: src=docker_puppet_script.yaml dest=/var/lib/container-puppet/container-puppet.py force=yes mode=0600
|
||||
|
||||
@ -248,8 +248,8 @@ outputs:
|
||||
setype: "{{ item.setype }}"
|
||||
state: directory
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/httpd/aodh-api, setype: svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/aodh, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/httpd/aodh-api, setype: container_file_t, 'mode': '0750' }
|
||||
metadata_settings:
|
||||
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
||||
external_upgrade_tasks:
|
||||
|
||||
@ -114,7 +114,7 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/aodh, 'setype': container_file_t, 'mode': '0750' }
|
||||
external_upgrade_tasks:
|
||||
- when:
|
||||
- step|int == 1
|
||||
|
||||
@ -114,7 +114,7 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/aodh, 'setype': container_file_t, 'mode': '0750' }
|
||||
external_upgrade_tasks:
|
||||
- when:
|
||||
- step|int == 1
|
||||
|
||||
@ -114,8 +114,8 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/aodh, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/containers/aodh, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/aodh, 'setype': container_file_t }
|
||||
external_upgrade_tasks:
|
||||
- when:
|
||||
- step|int == 1
|
||||
|
||||
@ -172,7 +172,7 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/ceilometer, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/ceilometer, 'setype': container_file_t, 'mode': '0750' }
|
||||
external_upgrade_tasks:
|
||||
- when:
|
||||
- step|int == 1
|
||||
|
||||
@ -119,7 +119,7 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/ceilometer, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/ceilometer, 'setype': container_file_t, 'mode': '0750' }
|
||||
- name: enable virt_sandbox_use_netlink for healthcheck
|
||||
seboolean:
|
||||
name: virt_sandbox_use_netlink
|
||||
|
||||
@ -137,7 +137,7 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/ceilometer, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/ceilometer, 'setype': container_file_t, 'mode': '0750' }
|
||||
fast_forward_upgrade_tasks:
|
||||
- when:
|
||||
- step|int == 0
|
||||
|
||||
@ -124,7 +124,7 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/ceilometer, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/ceilometer, 'setype': container_file_t, 'mode': '0750' }
|
||||
- name: enable virt_sandbox_use_netlink for healthcheck
|
||||
seboolean:
|
||||
name: virt_sandbox_use_netlink
|
||||
|
||||
@ -376,8 +376,8 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/httpd/cinder-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/cinder, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/httpd/cinder-api, 'setype': container_file_t, 'mode': '0750' }
|
||||
external_upgrade_tasks:
|
||||
- when: step|int == 1
|
||||
block:
|
||||
|
||||
@ -72,8 +72,8 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/cinder, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/containers/cinder, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/cinder, 'setype': container_file_t }
|
||||
- name: ensure ceph configurations exist
|
||||
file:
|
||||
path: /etc/ceph
|
||||
|
||||
@ -135,7 +135,7 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/cinder, 'setype': container_file_t, 'mode': '0750' }
|
||||
- name: enable virt_sandbox_use_netlink for healthcheck
|
||||
seboolean:
|
||||
name: virt_sandbox_use_netlink
|
||||
|
||||
@ -250,8 +250,8 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- {'path': /var/log/containers/mysql, 'setype': 'svirt_sandbox_file_t', 'mode': '0750'}
|
||||
- {'path': /var/lib/mysql, 'setype': 'svirt_sandbox_file_t'}
|
||||
- {'path': /var/log/containers/mysql, 'setype': 'container_file_t', 'mode': '0750'}
|
||||
- {'path': /var/lib/mysql, 'setype': 'container_file_t'}
|
||||
upgrade_tasks:
|
||||
# LP 1810136
|
||||
# After upgrade, the new mariadb (e.g. 10.3) might not be able
|
||||
|
||||
@ -313,9 +313,9 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- {'path': /var/log/containers/mysql, 'setype': 'svirt_sandbox_file_t', 'mode': '0750'}
|
||||
- {'path': /var/lib/mysql, 'setype': 'svirt_sandbox_file_t'}
|
||||
- {'path': /var/log/mariadb, 'setype': 'svirt_sandbox_file_t', 'mode': '0750'}
|
||||
- {'path': /var/log/containers/mysql, 'setype': 'container_file_t', 'mode': '0750'}
|
||||
- {'path': /var/lib/mysql, 'setype': 'container_file_t'}
|
||||
- {'path': /var/log/mariadb, 'setype': 'container_file_t', 'mode': '0750'}
|
||||
metadata_settings:
|
||||
get_attr: [MysqlBase, role_data, metadata_settings]
|
||||
deploy_steps_tasks:
|
||||
|
||||
@ -169,7 +169,7 @@ outputs:
|
||||
restart: always
|
||||
systemd_exec_flags:
|
||||
RuntimeDirectory: redis
|
||||
ExecStartPre: /bin/chcon -t svirt_sandbox_file_t /var/run/redis
|
||||
ExecStartPre: /bin/chcon -t container_file_t /var/run/redis
|
||||
healthcheck:
|
||||
test: /openstack/healthcheck
|
||||
volumes:
|
||||
@ -219,8 +219,8 @@ outputs:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/redis, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/run/redis, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/containers/redis, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/run/redis, 'setype': container_file_t }
|
||||
- name: ensure /var/run/redis is present upon reboot
|
||||
copy:
|
||||
dest: /etc/tmpfiles.d/var-run-redis.conf
|
||||
|
||||
@ -289,9 +289,9 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/lib/redis, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/containers/redis, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/run/redis, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/lib/redis, 'setype': container_file_t }
|
||||
- { 'path': /var/log/containers/redis, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/run/redis, 'setype': container_file_t }
|
||||
- name: ensure /var/run/redis is present upon reboot
|
||||
copy:
|
||||
dest: /etc/tmpfiles.d/var-run-redis.conf
|
||||
|
||||
@ -157,7 +157,7 @@ outputs:
|
||||
file:
|
||||
path: /var/lib/etcd
|
||||
state: directory
|
||||
setype: svirt_sandbox_file_t
|
||||
setype: container_file_t
|
||||
upgrade_tasks: []
|
||||
metadata_settings:
|
||||
if:
|
||||
|
||||
@ -165,4 +165,4 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/designate, 'setype': container_file_t, 'mode': '0750' }
|
||||
|
||||
@ -218,4 +218,4 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/designate, 'setype': container_file_t, 'mode': '0750' }
|
||||
|
||||
@ -175,5 +175,5 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/designate, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/designate, 'setype': container_file_t }
|
||||
- { 'path': /var/log/containers/designate, 'setype': container_file_t, 'mode': '0750' }
|
||||
|
||||
@ -133,4 +133,4 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/designate, 'setype': container_file_t, 'mode': '0750' }
|
||||
|
||||
@ -125,4 +125,4 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/designate, 'setype': container_file_t, 'mode': '0750' }
|
||||
|
||||
@ -226,9 +226,9 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/designate, 'setype': container_file_t, 'mode': '0750' }
|
||||
- name: create persistent named directory
|
||||
file:
|
||||
path: /var/named-persistent
|
||||
state: directory
|
||||
setype: svirt_sandbox_file_t
|
||||
setype: container_file_t
|
||||
|
||||
@ -121,7 +121,7 @@ parameters:
|
||||
Netapp share to mount for image storage (when GlanceNetappNfsEnabled is true)
|
||||
type: string
|
||||
GlanceNfsOptions:
|
||||
default: '_netdev,bg,intr,context=system_u:object_r:svirt_sandbox_file_t:s0'
|
||||
default: '_netdev,bg,intr,context=system_u:object_r:container_file_t:s0'
|
||||
description: >
|
||||
NFS mount options for image storage (when GlanceNfsEnabled is true)
|
||||
type: string
|
||||
@ -175,7 +175,7 @@ parameters:
|
||||
URI that specifies the staging location to use when importing images
|
||||
type: string
|
||||
GlanceStagingNfsOptions:
|
||||
default: '_netdev,bg,intr,context=system_u:object_r:svirt_sandbox_file_t:s0'
|
||||
default: '_netdev,bg,intr,context=system_u:object_r:container_file_t:s0'
|
||||
description: >
|
||||
NFS mount options for NFS image import staging
|
||||
type: string
|
||||
@ -621,7 +621,7 @@ outputs:
|
||||
file:
|
||||
path: /var/lib/glance
|
||||
state: directory
|
||||
setype: svirt_sandbox_file_t
|
||||
setype: container_file_t
|
||||
metadata_settings:
|
||||
get_attr: [TLSProxyBase, role_data, metadata_settings]
|
||||
external_upgrade_tasks:
|
||||
|
||||
@ -38,5 +38,5 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/glance, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/httpd/glance, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/glance, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/httpd/glance, 'setype': container_file_t, 'mode': '0750' }
|
||||
|
||||
@ -361,9 +361,9 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/gnocchi, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/httpd/gnocchi-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': {get_param: GnocchiFileBasePath}, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/containers/gnocchi, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/httpd/gnocchi-api, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': {get_param: GnocchiFileBasePath}, 'setype': container_file_t }
|
||||
- name: ensure ceph configurations exist
|
||||
file:
|
||||
path: /etc/ceph
|
||||
|
||||
@ -159,12 +159,12 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/gnocchi, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/gnocchi, 'setype': container_file_t, 'mode': '0750' }
|
||||
- name: create persistent data directory
|
||||
file:
|
||||
path: {get_param: GnocchiFileBasePath}
|
||||
state: directory
|
||||
setype: svirt_sandbox_file_t
|
||||
setype: container_file_t
|
||||
- name: ensure ceph configurations exist
|
||||
file:
|
||||
path: /etc/ceph
|
||||
|
||||
@ -151,12 +151,12 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/gnocchi, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/gnocchi, 'setype': container_file_t, 'mode': '0750' }
|
||||
- name: create persistent data directory
|
||||
file:
|
||||
path: {get_param: GnocchiFileBasePath}
|
||||
state: directory
|
||||
setype: svirt_sandbox_file_t
|
||||
setype: container_file_t
|
||||
- name: ensure ceph configurations exist
|
||||
file:
|
||||
path: /etc/ceph
|
||||
|
||||
@ -365,7 +365,7 @@ outputs:
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/haproxy, 'setype': var_log_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/haproxy, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/lib/haproxy, 'setype': container_file_t }
|
||||
metadata_settings:
|
||||
list_concat:
|
||||
- {get_attr: [HAProxyPublicTLS, role_data, metadata_settings]}
|
||||
|
||||
@ -306,8 +306,8 @@ outputs:
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/haproxy, 'setype': var_log_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/haproxy, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/haproxy, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/lib/haproxy, 'setype': container_file_t }
|
||||
- { 'path': /var/log/haproxy, 'setype': container_file_t }
|
||||
metadata_settings:
|
||||
{get_attr: [HAProxyBase, role_data, metadata_settings]}
|
||||
deploy_steps_tasks:
|
||||
|
||||
@ -320,9 +320,9 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/horizon, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/httpd/horizon, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/www, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/containers/horizon, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/httpd/horizon, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/www, 'setype': container_file_t }
|
||||
upgrade_tasks: []
|
||||
external_upgrade_tasks:
|
||||
- when:
|
||||
|
||||
@ -281,8 +281,8 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/ironic, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/httpd/ironic-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/ironic, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/httpd/ironic-api, 'setype': container_file_t, 'mode': '0750' }
|
||||
external_upgrade_tasks:
|
||||
- when: step|int == 1
|
||||
block:
|
||||
|
||||
@ -554,8 +554,8 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/ironic, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/ironic, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/containers/ironic, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/ironic, 'setype': container_file_t }
|
||||
- name: stat /httpboot
|
||||
stat: path=/httpboot
|
||||
register: stat_httpboot
|
||||
|
||||
@ -491,9 +491,9 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/ironic-inspector, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/ironic-inspector, 'setype': container_file_t, 'mode': '0750' }
|
||||
- name: create persistent ironic-inspector dnsmasq dhcp hostsdir
|
||||
file:
|
||||
path: /var/lib/ironic-inspector/dhcp-hostsdir
|
||||
state: directory
|
||||
setype: svirt_sandbox_file_t
|
||||
setype: container_file_t
|
||||
|
||||
@ -166,6 +166,6 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/lib/ironic, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/containers/ironic, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/httpd/ironic-pxe, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/ironic, 'setype': container_file_t }
|
||||
- { 'path': /var/log/containers/ironic, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/httpd/ironic-pxe, 'setype': container_file_t, 'mode': '0750' }
|
||||
|
||||
@ -99,12 +99,12 @@ outputs:
|
||||
file:
|
||||
path: /etc/iscsi
|
||||
state: directory
|
||||
setype: svirt_sandbox_file_t
|
||||
setype: container_file_t
|
||||
- name: ensure /var/lib/iscsi exists
|
||||
file:
|
||||
path: /var/lib/iscsi
|
||||
state: directory
|
||||
setype: svirt_sandbox_file_t
|
||||
setype: container_file_t
|
||||
- name: stat /lib/systemd/system/iscsid.socket
|
||||
stat: path=/lib/systemd/system/iscsid.socket
|
||||
register: stat_iscsid_socket
|
||||
|
||||
@ -149,4 +149,4 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/keepalived, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/keepalived, 'setype': container_file_t, 'mode': '0750' }
|
||||
|
||||
@ -39,5 +39,5 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/barbican, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/httpd/barbican-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/barbican, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/httpd/barbican-api, 'setype': container_file_t, 'mode': '0750' }
|
||||
|
||||
@ -25,5 +25,5 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/heat, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/httpd/heat-api-cfn, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/heat, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/httpd/heat-api-cfn, 'setype': container_file_t, 'mode': '0750' }
|
||||
|
||||
@ -25,5 +25,5 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/heat, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/httpd/heat-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/heat, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/httpd/heat-api, 'setype': container_file_t, 'mode': '0750' }
|
||||
|
||||
@ -40,4 +40,4 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/heat, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/heat, 'setype': container_file_t, 'mode': '0750' }
|
||||
|
||||
@ -40,5 +40,5 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/keystone, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/httpd/keystone, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/keystone, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/httpd/keystone, 'setype': container_file_t, 'mode': '0750' }
|
||||
|
||||
@ -48,5 +48,5 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/neutron, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/httpd/neutron-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/neutron, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/httpd/neutron-api, 'setype': container_file_t, 'mode': '0750' }
|
||||
|
||||
@ -36,4 +36,4 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/neutron, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/neutron, 'setype': container_file_t, 'mode': '0750' }
|
||||
|
||||
@ -48,5 +48,5 @@ outputs:
|
||||
setype: "{{ item.setype }}"
|
||||
state: directory
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/httpd/nova-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/nova, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/httpd/nova-api, 'setype': container_file_t, 'mode': '0750' }
|
||||
|
||||
@ -68,4 +68,4 @@ outputs:
|
||||
setype: "{{ item.setype }}"
|
||||
state: directory
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/nova, 'setype': container_file_t, 'mode': '0750' }
|
||||
|
||||
@ -38,4 +38,4 @@ outputs:
|
||||
setype: "{{ item.setype }}"
|
||||
state: directory
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/libvirt, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/libvirt, 'setype': container_file_t, 'mode': '0750' }
|
||||
|
||||
@ -37,5 +37,5 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/httpd/nova-metadata, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/nova, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/httpd/nova-metadata, 'setype': container_file_t, 'mode': '0750' }
|
||||
|
||||
@ -37,5 +37,5 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/placement, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/httpd/placement, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/placement, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/httpd/placement, 'setype': container_file_t, 'mode': '0750' }
|
||||
|
||||
@ -221,10 +221,10 @@ outputs:
|
||||
file:
|
||||
path: /var/log/containers/rsyslog
|
||||
state: directory
|
||||
setype: svirt_sandbox_file_t
|
||||
setype: container_file_t
|
||||
mode: '0750'
|
||||
- name: create persistent state directory for rsyslog
|
||||
file:
|
||||
path: /var/lib/rsyslog.container
|
||||
state: directory
|
||||
setype: svirt_sandbox_file_t
|
||||
setype: container_file_t
|
||||
|
||||
@ -251,8 +251,8 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/httpd/manila-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/manila, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/httpd/manila-api, 'setype': container_file_t, 'mode': '0750' }
|
||||
upgrade_tasks: []
|
||||
fast_forward_upgrade_tasks:
|
||||
- name: Check if manila_api is deployed
|
||||
|
||||
@ -109,7 +109,7 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/manila, 'setype': container_file_t, 'mode': '0750' }
|
||||
- name: enable virt_sandbox_use_netlink for healthcheck
|
||||
seboolean:
|
||||
name: virt_sandbox_use_netlink
|
||||
|
||||
@ -164,8 +164,8 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/manila, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/containers/manila, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/manila, 'setype': container_file_t }
|
||||
- name: ensure ceph configurations exist
|
||||
file:
|
||||
path: /etc/ceph
|
||||
|
||||
@ -201,8 +201,8 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/manila, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/containers/manila, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/manila, 'setype': container_file_t }
|
||||
- name: ensure ceph configurations exist
|
||||
file:
|
||||
path: /etc/ceph
|
||||
|
||||
@ -149,6 +149,6 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/qdrouterd, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/qdrouterd, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/containers/qdrouterd, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/qdrouterd, 'setype': container_file_t }
|
||||
metadata_settings: {}
|
||||
|
||||
@ -681,7 +681,7 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/collectd, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/collectd, 'setype': container_file_t, 'mode': '0750' }
|
||||
fast_forward_upgrade_tasks:
|
||||
- when:
|
||||
- step|int == 0
|
||||
|
||||
@ -315,5 +315,5 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/metrics-qdr, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/metrics-qdr, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/containers/metrics-qdr, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/metrics-qdr, 'setype': container_file_t }
|
||||
|
||||
@ -249,7 +249,7 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/mistral, 'setype': container_file_t, 'mode': '0750' }
|
||||
deploy_steps_tasks:
|
||||
- name: Copy in action mapping file
|
||||
when: step|int == 3
|
||||
|
||||
@ -137,7 +137,7 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/mistral, 'setype': container_file_t, 'mode': '0750' }
|
||||
- name: enable virt_sandbox_use_netlink for healthcheck
|
||||
seboolean:
|
||||
name: virt_sandbox_use_netlink
|
||||
|
||||
@ -112,7 +112,7 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/mistral, 'setype': container_file_t, 'mode': '0750' }
|
||||
- name: enable virt_sandbox_use_netlink for healthcheck
|
||||
seboolean:
|
||||
name: virt_sandbox_use_netlink
|
||||
|
||||
@ -218,8 +218,8 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/mistral, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/containers/mistral, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/mistral, 'setype': container_file_t }
|
||||
- name: create mistral/.ssh directory
|
||||
file:
|
||||
path: /var/lib/mistral/.ssh
|
||||
@ -237,18 +237,18 @@ outputs:
|
||||
src: "{{ undercloud_cfg_file }}"
|
||||
dest: /var/lib/mistral/undercloud.conf
|
||||
mode: 0444
|
||||
setype: svirt_sandbox_file_t
|
||||
setype: container_file_t
|
||||
local_follow: true
|
||||
- name: create ceph-ansible source directory
|
||||
file:
|
||||
path: /usr/share/ceph-ansible
|
||||
state: directory
|
||||
setype: svirt_sandbox_file_t
|
||||
setype: container_file_t
|
||||
- name: create octavia-amphora-images directory
|
||||
file:
|
||||
path: /usr/share/openstack-octavia-amphora-images
|
||||
state: directory
|
||||
setype: svirt_sandbox_file_t
|
||||
setype: container_file_t
|
||||
- name: enable virt_sandbox_use_netlink for healthcheck
|
||||
seboolean:
|
||||
name: virt_sandbox_use_netlink
|
||||
|
||||
@ -154,10 +154,10 @@ outputs:
|
||||
file:
|
||||
path: /etc/multipath
|
||||
state: directory
|
||||
setype: svirt_sandbox_file_t
|
||||
setype: container_file_t
|
||||
- name: ensure /etc/multipath.conf exists
|
||||
file:
|
||||
path: /etc/multipath.conf
|
||||
state: touch
|
||||
setype: svirt_sandbox_file_t
|
||||
setype: container_file_t
|
||||
upgrade_tasks: []
|
||||
|
||||
@ -414,7 +414,7 @@ outputs:
|
||||
file:
|
||||
path: /var/lib/neutron
|
||||
state: directory
|
||||
setype: svirt_sandbox_file_t
|
||||
setype: container_file_t
|
||||
- - name: enable virt_sandbox_use_netlink for healtcheck
|
||||
seboolean:
|
||||
name: virt_sandbox_use_netlink
|
||||
|
||||
@ -370,7 +370,7 @@ outputs:
|
||||
file:
|
||||
path: /var/lib/neutron
|
||||
state: directory
|
||||
setype: svirt_sandbox_file_t
|
||||
setype: container_file_t
|
||||
- - name: enable virt_sandbox_use_netlink for healtcheck
|
||||
seboolean:
|
||||
name: virt_sandbox_use_netlink
|
||||
|
||||
@ -203,7 +203,7 @@ outputs:
|
||||
file:
|
||||
path: /var/lib/neutron
|
||||
state: directory
|
||||
setype: svirt_sandbox_file_t
|
||||
setype: container_file_t
|
||||
- - name: enable virt_sandbox_use_netlink for healtcheck
|
||||
seboolean:
|
||||
name: virt_sandbox_use_netlink
|
||||
|
||||
@ -953,9 +953,9 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/lib/nova, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/lib/nova/instances, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/lib/libvirt, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/lib/nova, 'setype': container_file_t }
|
||||
- { 'path': /var/lib/nova/instances, 'setype': container_file_t }
|
||||
- { 'path': /var/lib/libvirt, 'setype': container_file_t }
|
||||
- name: ensure ceph configurations exist
|
||||
file:
|
||||
path: /etc/ceph
|
||||
|
||||
@ -221,8 +221,8 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/nova, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/containers/nova, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/nova, 'setype': container_file_t }
|
||||
- name: enable virt_sandbox_use_netlink for healthcheck
|
||||
seboolean:
|
||||
name: virt_sandbox_use_netlink
|
||||
|
||||
@ -827,14 +827,14 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /etc/libvirt, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /etc/libvirt/secrets, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /etc/libvirt/qemu, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/lib/libvirt, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/lib/nova, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /etc/libvirt, 'setype': container_file_t }
|
||||
- { 'path': /etc/libvirt/secrets, 'setype': container_file_t }
|
||||
- { 'path': /etc/libvirt/qemu, 'setype': container_file_t }
|
||||
- { 'path': /var/lib/libvirt, 'setype': container_file_t }
|
||||
- { 'path': /var/lib/nova, 'setype': container_file_t }
|
||||
- { 'path': /var/run/libvirt, 'setype': virt_var_run_t }
|
||||
- { 'path': /var/log/libvirt, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/libvirt/qemu, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/libvirt, 'setype': container_file_t }
|
||||
- { 'path': /var/log/libvirt/qemu, 'setype': container_file_t }
|
||||
# qemu user on host will be cretaed by libvirt package install, ensure
|
||||
# the qemu user created with same uid/gid as like libvirt package.
|
||||
# These specific values are required since ovs is running on host.
|
||||
|
||||
@ -246,7 +246,7 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/novajoin, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/novajoin, 'setype': container_file_t, 'mode': '0750' }
|
||||
- name: Enroll to FreeIPA
|
||||
command: ipa-client-install -U --password={{ ipa_otp }}
|
||||
args:
|
||||
|
||||
@ -353,9 +353,9 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/httpd/octavia-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/run/octavia, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/octavia, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/httpd/octavia-api, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/run/octavia, 'setype': container_file_t, 'mode': '0750' }
|
||||
update_tasks:
|
||||
- name: Set internal tls variable
|
||||
set_fact:
|
||||
|
||||
@ -155,4 +155,4 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/octavia, 'setype': container_file_t, 'mode': '0750' }
|
||||
|
||||
@ -154,5 +154,5 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/octavia, 'setype': container_file_t, 'mode': '0750' }
|
||||
upgrade_tasks: []
|
||||
|
||||
@ -141,7 +141,7 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/octavia, 'setype': container_file_t, 'mode': '0750' }
|
||||
- name: Ensure packages required for configuring octavia are present
|
||||
package:
|
||||
name:
|
||||
|
||||
@ -78,4 +78,4 @@ outputs:
|
||||
file:
|
||||
path: "/var/log/containers/netcontrold"
|
||||
state: directory
|
||||
setype: "svirt_sandbox_file_t"
|
||||
setype: "container_file_t"
|
||||
|
||||
@ -286,8 +286,8 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/openvswitch, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/openvswitch/ovn, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/containers/openvswitch, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/openvswitch/ovn, 'setype': container_file_t }
|
||||
- name: enable virt_sandbox_use_netlink for healthcheck
|
||||
seboolean:
|
||||
name: virt_sandbox_use_netlink
|
||||
|
||||
@ -202,6 +202,6 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/openvswitch, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/openvswitch/ovn, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/containers/openvswitch, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/openvswitch/ovn, 'setype': container_file_t }
|
||||
upgrade_tasks: []
|
||||
|
||||
@ -252,8 +252,8 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/openvswitch, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/openvswitch/ovn, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/containers/openvswitch, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/openvswitch/ovn, 'setype': container_file_t }
|
||||
deploy_steps_tasks:
|
||||
- name: OVN DBS tag container image for pacemaker
|
||||
when: step|int == 1
|
||||
|
||||
@ -370,5 +370,5 @@ outputs:
|
||||
file:
|
||||
path: /var/lib/neutron
|
||||
state: directory
|
||||
setype: svirt_sandbox_file_t
|
||||
setype: container_file_t
|
||||
upgrade_tasks: []
|
||||
|
||||
@ -139,6 +139,6 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/qdrouterd, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/qdrouterd, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/containers/qdrouterd, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/qdrouterd, 'setype': container_file_t }
|
||||
metadata_settings: {}
|
||||
|
||||
@ -346,8 +346,8 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/containers/rabbitmq, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/rabbitmq, 'setype': container_file_t }
|
||||
# TODO: Removal of package
|
||||
upgrade_tasks: []
|
||||
update_tasks:
|
||||
|
||||
@ -295,8 +295,8 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/containers/rabbitmq, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/rabbitmq, 'setype': container_file_t }
|
||||
upgrade_tasks: []
|
||||
update_tasks:
|
||||
# TODO: Are we sure we want to support this. Rolling update
|
||||
|
||||
@ -245,8 +245,8 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/rabbitmq, 'setype': container_file_t }
|
||||
- { 'path': /var/log/containers/rabbitmq, 'setype': container_file_t, 'mode': '0750' }
|
||||
- name: stop the Erlang port mapper on the host and make sure it cannot bind to the port used by container
|
||||
shell: |
|
||||
echo 'export ERL_EPMD_ADDRESS=127.0.0.1' > /etc/rabbitmq/rabbitmq-env.conf
|
||||
|
||||
@ -245,8 +245,8 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/rabbitmq, 'setype': container_file_t }
|
||||
- { 'path': /var/log/containers/rabbitmq, 'setype': container_file_t, 'mode': '0750' }
|
||||
- name: stop the Erlang port mapper on the host and make sure it cannot bind to the port used by container
|
||||
shell: |
|
||||
echo 'export ERL_EPMD_ADDRESS=127.0.0.1' > /etc/rabbitmq/rabbitmq-env.conf
|
||||
|
||||
@ -290,8 +290,8 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/containers/rabbitmq, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/rabbitmq, 'setype': container_file_t }
|
||||
upgrade_tasks: []
|
||||
update_tasks:
|
||||
# TODO: Are we sure we want to support this. Rolling update
|
||||
|
||||
@ -253,8 +253,8 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/rabbitmq, 'setype': container_file_t }
|
||||
- { 'path': /var/log/containers/rabbitmq, 'setype': container_file_t, 'mode': '0750' }
|
||||
- name: stop the Erlang port mapper on the host and make sure it cannot bind to the port used by container
|
||||
shell: |
|
||||
echo 'export ERL_EPMD_ADDRESS=127.0.0.1' > /etc/rabbitmq/rabbitmq-env.conf
|
||||
|
||||
@ -210,8 +210,8 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/sahara, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/sahara, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/containers/sahara, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/sahara, 'setype': container_file_t }
|
||||
fast_forward_upgrade_tasks:
|
||||
- when:
|
||||
- step|int == 0
|
||||
|
||||
@ -127,8 +127,8 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/sahara, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/sahara, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/containers/sahara, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/sahara, 'setype': container_file_t }
|
||||
- name: enable virt_sandbox_use_netlink for healthcheck
|
||||
seboolean:
|
||||
name: virt_sandbox_use_netlink
|
||||
|
||||
@ -433,9 +433,9 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /srv/node, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/swift, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/containers/swift, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /srv/node, 'setype': container_file_t }
|
||||
- { 'path': /var/log/swift, 'setype': container_file_t }
|
||||
- { 'path': /var/log/containers/swift, 'setype': container_file_t, 'mode': '0750' }
|
||||
deploy_steps_tasks:
|
||||
- name: Configure rsyslog for swift-proxy
|
||||
when: step|int == 1
|
||||
|
||||
@ -596,9 +596,9 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /srv/node, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/cache/swift, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/containers/swift, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /srv/node, 'setype': container_file_t }
|
||||
- { 'path': /var/cache/swift, 'setype': container_file_t }
|
||||
- { 'path': /var/log/containers/swift, 'setype': container_file_t, 'mode': '0750' }
|
||||
- name: Set swift_use_local_disks fact
|
||||
set_fact:
|
||||
swift_use_local_disks: {get_param: SwiftUseLocalDir}
|
||||
|
||||
@ -59,9 +59,9 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/tempest, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/tempestdata, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/lib/tempest, 'setype': svirt_sandbox_file_t }
|
||||
- { 'path': /var/log/containers/tempest, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/lib/tempestdata, 'setype': container_file_t }
|
||||
- { 'path': /var/lib/tempest, 'setype': container_file_t }
|
||||
puppet_config:
|
||||
config_volume: ''
|
||||
step_config: ''
|
||||
|
||||
@ -388,7 +388,7 @@ outputs:
|
||||
state: directory
|
||||
setype: "{{ item.setype }}"
|
||||
with_items:
|
||||
- { 'path': /var/log/containers/zaqar, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/httpd/zaqar, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/zaqar, 'setype': container_file_t, 'mode': '0750' }
|
||||
- { 'path': /var/log/containers/httpd/zaqar, 'setype': container_file_t, 'mode': '0750' }
|
||||
metadata_settings:
|
||||
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
||||
|
||||
@ -50,7 +50,7 @@ parameter_defaults:
|
||||
## e.g. "'[fdd0::1]:/export/glance'")
|
||||
# GlanceNfsShare: ''
|
||||
## Mount options for the NFS image storage mount point
|
||||
# GlanceNfsOptions: 'intr,context=system_u:object_r:svirt_sandbox_file_t:s0'
|
||||
# GlanceNfsOptions: 'intr,context=system_u:object_r:container_file_t:s0'
|
||||
|
||||
|
||||
#### NOVA NFS SETTINGS ####
|
||||
|
||||
@ -19,7 +19,7 @@ parameter_defaults:
|
||||
|
||||
# NFS mount options for image storage (when GlanceNfsEnabled is true)
|
||||
# Type: string
|
||||
GlanceNfsOptions: _netdev,bg,intr,context=system_u:object_r:svirt_sandbox_file_t:s0
|
||||
GlanceNfsOptions: _netdev,bg,intr,context=system_u:object_r:container_file_t:s0
|
||||
|
||||
# NFS share to mount for image storage (when GlanceNfsEnabled is true)
|
||||
# Type: string
|
||||
@ -31,7 +31,7 @@ parameter_defaults:
|
||||
|
||||
# NFS mount options for NFS image import staging
|
||||
# Type: string
|
||||
GlanceStagingNfsOptions: _netdev,bg,intr,context=system_u:object_r:svirt_sandbox_file_t:s0
|
||||
GlanceStagingNfsOptions: _netdev,bg,intr,context=system_u:object_r:container_file_t:s0
|
||||
|
||||
# NFS share to mount for image import staging
|
||||
# Type: string
|
||||
|
||||
@ -0,0 +1,5 @@
|
||||
---
|
||||
other:
|
||||
- Not a functionnal change, only cosmetics. For better understanding and
|
||||
readability, changing all the svirt_sandbox_file_t to shorter, nicer
|
||||
container_file_t
|
||||
Loading…
x
Reference in New Issue
Block a user