openstack/tripleo-heat-templates
Code Issues Proposed changes

nova-libvirt: conditionalize selinux bind-mount

Browse Source 
on a F28-based container image nova-libvirt fails to
start in Podman if /sys/fs/selinux is bind-mounted
from the host, with the following logs:

2019-01-16 13:41:35.375+0000: 452430: error : virSecuritySELinuxQEMUInitialize:634 : cannot open SELinux label_handle: No such file or directory
2019-01-16 13:41:35.375+0000: 452430: error : qemuSecurityInit:425 : internal error: Failed to initialize security drivers
2019-01-16 13:41:35.375+0000: 452430: error : virStateInitialize:775 : Initialization of QEMU state driver failed: internal error: Failed to initialize security drivers
2019-01-16 13:41:35.375+0000: 452430: error : daemonRunStateInit:837 : Driver state initialization failed

Perform the bind-mount only when the ContainerCli is set
to 'docker'.

Change-Id: I7a2ca4fb1ff8ea5950fd52774c648af5ef274796
Closes-Bug: #1812013
Co-Authored-By: Michele Baldessari <michele@acksyn.org>
This commit is contained in:
Damien Ciabrini 2019-01-16 15:44:37 +01:00
parent d747625b82
commit 34d0e5b020
1 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
docker/services/nova-libvirt.yaml
View File

@ -134,6 +134,13 @@ parameters:
tags:
- role_specific
ContainerCli:
type: string
default: 'docker'
description: CLI tool used to manage containers.
constraints:
- allowed_values: ['docker', 'podman']
conditions:
use_tls_for_live_migration:
@ -179,6 +186,11 @@ conditions:
- {get_param: QemuMemoryBackingDir}
- ''
docker_enabled:
equals:
- {get_param: ContainerCli}
- 'docker'
resources:
RoleParametersValue:
type: OS::Heat::Value
@ -345,7 +357,12 @@ outputs:
- /var/log/containers/libvirt:/var/log/libvirt:z
- /var/log/libvirt/qemu:/var/log/libvirt/qemu:ro
- /var/lib/vhost_sockets:/var/lib/vhost_sockets:z
- /sys/fs/selinux:/sys/fs/selinux
-
if:
- docker_enabled
-
- /sys/fs/selinux:/sys/fs/selinux
- null
-
if:
- use_tls_for_live_migration