openstack/tripleo-heat-templates
Code Issues Proposed changes

Set proper setype for service directories

Browse Source 
This will allow proper access from the containers without any
new SELinux policy

Depends-On: Ie9f5d3b6380caa6824ca940ca48ed0fcf6308608
Change-Id: I284126db5dcf9dc31ee5ee640b2684643ef3a066
This commit is contained in:
Cédric Jeanneret 2018-09-05 17:28:06 +02:00 committed by Emilien Macchi
parent 1badfc470a
commit 3eeece2d29
45 changed files with 179 additions and 141 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
docker/services/aodh-api.yaml
View File

@ -105,8 +105,8 @@ outputs:
image: &aodh_api_image {get_param: DockerAodhApiImage} image: &aodh_api_image {get_param: DockerAodhApiImage}
user: root user: root
volumes: volumes:
- /var/log/containers/aodh:/var/log/aodh - /var/log/containers/aodh:/var/log/aodh:z
- /var/log/containers/httpd/aodh-api:/var/log/httpd - /var/log/containers/httpd/aodh-api:/var/log/httpd:z
command: ['/bin/bash', '-c', 'chown -R aodh:aodh /var/log/aodh'] command: ['/bin/bash', '-c', 'chown -R aodh:aodh /var/log/aodh']
step_3: step_3:
aodh_db_sync: aodh_db_sync:
@ -155,11 +155,12 @@ outputs:
host_prep_tasks: host_prep_tasks:
- name: create persistent logs directory - name: create persistent logs directory
file: file:
path: "{{ item }}" path: "{{ item.path }}"
setype: "{{ item.setype }}"
state: directory state: directory
with_items: with_items:
- /var/log/containers/aodh - { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t }
- /var/log/containers/httpd/aodh-api - { 'path': /var/log/containers/httpd/aodh-api, setype: svirt_sandbox_file_t }
- name: aodh logs readme - name: aodh logs readme
copy: copy:
dest: /var/log/aodh/readme.txt dest: /var/log/aodh/readme.txt

3
docker/services/aodh-evaluator.yaml
View File

@ -106,7 +106,7 @@ outputs:
- -
- /var/lib/kolla/config_files/aodh_evaluator.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/kolla/config_files/aodh_evaluator.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/aodh/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/aodh/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/aodh:/var/log/aodh - /var/log/containers/aodh:/var/log/aodh:z
environment: environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks: host_prep_tasks:
@ -114,6 +114,7 @@ outputs:
file: file:
path: /var/log/containers/aodh path: /var/log/containers/aodh
state: directory state: directory
setype: svirt_sandbox_file_t
- name: aodh logs readme - name: aodh logs readme
copy: copy:
dest: /var/log/aodh/readme.txt dest: /var/log/aodh/readme.txt

3
docker/services/aodh-listener.yaml
View File

@ -113,7 +113,7 @@ outputs:
- -
- /var/lib/kolla/config_files/aodh_listener.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/kolla/config_files/aodh_listener.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/aodh/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/aodh/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/aodh:/var/log/aodh - /var/log/containers/aodh:/var/log/aodh:z
environment: environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks: host_prep_tasks:
@ -121,6 +121,7 @@ outputs:
file: file:
path: /var/log/containers/aodh path: /var/log/containers/aodh
state: directory state: directory
setype: svirt_sandbox_file_t
- name: aodh logs readme - name: aodh logs readme
copy: copy:
dest: /var/log/aodh/readme.txt dest: /var/log/aodh/readme.txt

3
docker/services/aodh-notifier.yaml
View File

@ -113,7 +113,7 @@ outputs:
- -
- /var/lib/kolla/config_files/aodh_notifier.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/kolla/config_files/aodh_notifier.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/aodh/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/aodh/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/aodh:/var/log/aodh - /var/log/containers/aodh:/var/log/aodh:z
environment: environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks: host_prep_tasks:
@ -121,6 +121,7 @@ outputs:
file: file:
path: /var/log/containers/aodh path: /var/log/containers/aodh
state: directory state: directory
setype: svirt_sandbox_file_t
- name: aodh logs readme - name: aodh logs readme
copy: copy:
dest: /var/log/aodh/readme.txt dest: /var/log/aodh/readme.txt

3
docker/services/ceilometer-agent-central.yaml
View File

@ -99,7 +99,7 @@ outputs:
user: root user: root
command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer'] command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer']
volumes: volumes:
- /var/log/containers/ceilometer:/var/log/ceilometer - /var/log/containers/ceilometer:/var/log/ceilometer:z
step_4: step_4:
ceilometer_agent_central: ceilometer_agent_central:
image: *ceilometer_agent_central_image image: *ceilometer_agent_central_image
@ -142,6 +142,7 @@ outputs:
file: file:
path: /var/log/containers/ceilometer path: /var/log/containers/ceilometer
state: directory state: directory
setype: svirt_sandbox_file_t
- name: ceilometer logs readme - name: ceilometer logs readme
copy: copy:
dest: /var/log/ceilometer/readme.txt dest: /var/log/ceilometer/readme.txt

3
docker/services/ceilometer-agent-ipmi.yaml
View File

@ -99,7 +99,7 @@ outputs:
user: root user: root
command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer'] command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer']
volumes: volumes:
- /var/log/containers/ceilometer:/var/log/ceilometer - /var/log/containers/ceilometer:/var/log/ceilometer:z
step_4: step_4:
ceilometer_agent_ipmi: ceilometer_agent_ipmi:
image: *ceilometer_agent_ipmi_image image: *ceilometer_agent_ipmi_image
@ -121,6 +121,7 @@ outputs:
file: file:
path: /var/log/containers/ceilometer path: /var/log/containers/ceilometer
state: directory state: directory
setype: svirt_sandbox_file_t
- name: ceilometer logs readme - name: ceilometer logs readme
copy: copy:
dest: /var/log/ceilometer/readme.txt dest: /var/log/ceilometer/readme.txt

3
docker/services/ceilometer-agent-notification.yaml
View File

@ -107,7 +107,7 @@ outputs:
user: root user: root
command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer'] command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer']
volumes: volumes:
- /var/log/containers/ceilometer:/var/log/ceilometer - /var/log/containers/ceilometer:/var/log/ceilometer:z
step_4: step_4:
ceilometer_agent_notification: ceilometer_agent_notification:
image: *ceilometer_agent_notification_image image: *ceilometer_agent_notification_image
@ -138,6 +138,7 @@ outputs:
file: file:
path: /var/log/containers/ceilometer path: /var/log/containers/ceilometer
state: directory state: directory
setype: svirt_sandbox_file_t
- name: ceilometer logs readme - name: ceilometer logs readme
copy: copy:
dest: /var/log/ceilometer/readme.txt dest: /var/log/ceilometer/readme.txt

11
docker/services/cinder-api.yaml
View File

@ -126,8 +126,8 @@ outputs:
privileged: false privileged: false
user: root user: root
volumes: volumes:
- /var/log/containers/cinder:/var/log/cinder - /var/log/containers/cinder:/var/log/cinder:z
- /var/log/containers/httpd/cinder-api:/var/log/httpd - /var/log/containers/httpd/cinder-api:/var/log/httpd:z
command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder'] command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder']
step_3: step_3:
cinder_api_db_sync: cinder_api_db_sync:
@ -232,11 +232,12 @@ outputs:
host_prep_tasks: host_prep_tasks:
- name: create persistent logs directory - name: create persistent logs directory
file: file:
path: "{{ item }}" path: "{{ item.path }}"
state: directory state: directory
setype: "{{ item.setype }}"
with_items: with_items:
- /var/log/containers/cinder - { 'path': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t }
- /var/log/containers/httpd/cinder-api - { 'path': /var/log/containers/httpd/cinder-api, 'setype': svirt_sandbox_file_t }
- name: cinder logs readme - name: cinder logs readme
copy: copy:
dest: /var/log/cinder/readme.txt dest: /var/log/cinder/readme.txt

7
docker/services/cinder-scheduler.yaml
View File

@ -108,7 +108,7 @@ outputs:
privileged: false privileged: false
user: root user: root
volumes: volumes:
- /var/log/containers/cinder:/var/log/cinder - /var/log/containers/cinder:/var/log/cinder:z
command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder'] command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder']
step_4: step_4:
cinder_scheduler: cinder_scheduler:
@ -137,10 +137,11 @@ outputs:
host_prep_tasks: host_prep_tasks:
- name: create persistent directories - name: create persistent directories
file: file:
path: "{{ item }}" path: "{{ item.path }}"
state: directory state: directory
setype: "{{ item.setype }}"
with_items: with_items:
- /var/log/containers/cinder - { 'path': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t }
- name: cinder logs readme - name: cinder logs readme
copy: copy:
dest: /var/log/cinder/readme.txt dest: /var/log/cinder/readme.txt

9
docker/services/cinder-volume.yaml
View File

@ -157,7 +157,7 @@ outputs:
privileged: false privileged: false
user: root user: root
volumes: volumes:
- /var/log/containers/cinder:/var/log/cinder - /var/log/containers/cinder:/var/log/cinder:z
command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder'] command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder']
step_4: step_4:
cinder_volume: cinder_volume:
@ -181,11 +181,12 @@ outputs:
host_prep_tasks: host_prep_tasks:
- name: create persistent directories - name: create persistent directories
file: file:
path: "{{ item }}" path: "{{ item.path }}"
state: directory state: directory
setype: "{{ item.setype }}"
with_items: with_items:
- /var/log/containers/cinder - { 'path': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t }
- /var/lib/cinder - { 'path': /var/lib/cinder, 'setype': svirt_sandbox_file_t }
- name: cinder logs readme - name: cinder logs readme
copy: copy:
dest: /var/log/cinder/readme.txt dest: /var/log/cinder/readme.txt

11
docker/services/database/mysql.yaml
View File

@ -132,8 +132,8 @@ outputs:
privileged: false privileged: false
user: root user: root
volumes: volumes:
- /var/log/containers/mysql:/var/log/mariadb - /var/log/containers/mysql:/var/log/mariadb:z
- /var/lib/mysql:/var/lib/mysql - /var/lib/mysql:/var/lib/mysql:z
command: ['/bin/bash', '-c', 'chown -R mysql:mysql /var/log/mariadb /var/lib/mysql'] command: ['/bin/bash', '-c', 'chown -R mysql:mysql /var/log/mariadb /var/lib/mysql']
step_2: step_2:
mysql_bootstrap: mysql_bootstrap:
@ -232,11 +232,12 @@ outputs:
host_prep_tasks: host_prep_tasks:
- name: create persistent directories - name: create persistent directories
file: file:
path: "{{ item }}" path: "{{ item.path }}"
state: directory state: directory
setype: "{{ item.setype }}"
with_items: with_items:
- /var/log/containers/mysql - {'path':/var/log/containers/mysql, 'setype': 'svirt_sandbox_file_t'}
- /var/lib/mysql - {'path': /var/lib/mysql, 'setype': 'svirt_sandbox_file_t'}
- name: mysql logs readme - name: mysql logs readme
copy: copy:
dest: /var/log/mariadb/readme.txt dest: /var/log/mariadb/readme.txt

12
docker/services/database/redis.yaml
View File

@ -109,7 +109,7 @@ outputs:
privileged: false privileged: false
user: root user: root
volumes: volumes:
- /var/log/containers/redis:/var/log/redis - /var/log/containers/redis:/var/log/redis:z
command: ['/bin/bash', '-c', 'chown -R redis:redis /var/log/redis'] command: ['/bin/bash', '-c', 'chown -R redis:redis /var/log/redis']
- redis: - redis:
start_order: 1 start_order: 1
@ -124,8 +124,8 @@ outputs:
- /var/lib/kolla/config_files/redis.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/kolla/config_files/redis.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/redis/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/redis/:/var/lib/kolla/config_files/src:ro
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
- /var/log/containers/redis:/var/log/redis - /var/log/containers/redis:/var/log/redis:z
- /var/run/redis:/var/run/redis - /var/run/redis:/var/run/redis:z
environment: environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- if: - if:
@ -154,11 +154,11 @@ outputs:
host_prep_tasks: host_prep_tasks:
- name: create persistent directories - name: create persistent directories
file: file:
path: "{{ item }}" path: "{{ item.path }}"
state: directory state: directory
with_items: with_items:
- /var/log/containers/redis - { 'path': /var/log/containers/redis, 'setype': svirt_sandbox_file_t }
- /var/run/redis - { 'path': /var/run/redis, 'setype': container_var_run_t }
- name: redis logs readme - name: redis logs readme
copy: copy:
dest: /var/log/redis/readme.txt dest: /var/log/redis/readme.txt

4
docker/services/glance-api.yaml
View File

@ -15,6 +15,7 @@ parameters:
default: default:
tag: openstack.glance.api tag: openstack.glance.api
path: /var/log/containers/glance/api.log path: /var/log/containers/glance/api.log
setype: svirt_sandbox_file_t
EndpointMap: EndpointMap:
default: {} default: {}
description: Mapping of service endpoint -> protocol. Typically set description: Mapping of service endpoint -> protocol. Typically set
@ -178,7 +179,7 @@ outputs:
- /var/lib/kolla/config_files/glance_api.json:/var/lib/kolla/config_files/config.json - /var/lib/kolla/config_files/glance_api.json:/var/lib/kolla/config_files/config.json
- /var/lib/config-data/puppet-generated/glance_api/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/glance_api/:/var/lib/kolla/config_files/src:ro
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
- /var/lib/glance:/var/lib/glance:slave - /var/lib/glance:/var/lib/glance:z
- -
if: if:
- cinder_backend_enabled - cinder_backend_enabled
@ -233,6 +234,7 @@ outputs:
file: file:
path: /var/lib/glance path: /var/lib/glance
state: directory state: directory
setype: svirt_sandbox_file_t
upgrade_tasks: upgrade_tasks:
- when: step|int == 0 - when: step|int == 0
tags: common tags: common

11
docker/services/gnocchi-api.yaml
View File

@ -148,8 +148,8 @@ outputs:
image: &gnocchi_api_image {get_param: DockerGnocchiApiImage} image: &gnocchi_api_image {get_param: DockerGnocchiApiImage}
user: root user: root
volumes: volumes:
- /var/log/containers/gnocchi:/var/log/gnocchi - /var/log/containers/gnocchi:/var/log/gnocchi:z
- /var/log/containers/httpd/gnocchi-api:/var/log/httpd - /var/log/containers/httpd/gnocchi-api:/var/log/httpd:z
command: ['/bin/bash', '-c', 'chown -R gnocchi:gnocchi /var/log/gnocchi'] command: ['/bin/bash', '-c', 'chown -R gnocchi:gnocchi /var/log/gnocchi']
gnocchi_init_lib: gnocchi_init_lib:
image: *gnocchi_api_image image: *gnocchi_api_image
@ -221,11 +221,12 @@ outputs:
host_prep_tasks: host_prep_tasks:
- name: create persistent logs directory - name: create persistent logs directory
file: file:
path: "{{ item }}" path: "{{ item.path }}"
state: directory state: directory
setype: "{{ item.setype }}"
with_items: with_items:
- /var/log/containers/gnocchi - { 'path': /var/log/containers/gnocchi, 'setype': svirt_sandbox_file_t }
- /var/log/containers/httpd/gnocchi-api - { 'path': /var/log/containers/httpd/gnocchi-api, 'setype': svirt_sandbox_file_t }
- name: gnocchi logs readme - name: gnocchi logs readme
copy: copy:
dest: /var/log/gnocchi/readme.txt dest: /var/log/gnocchi/readme.txt

3
docker/services/gnocchi-metricd.yaml
View File

@ -130,7 +130,7 @@ outputs:
- -
- /var/lib/kolla/config_files/gnocchi_metricd.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/kolla/config_files/gnocchi_metricd.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/gnocchi:/var/log/gnocchi - /var/log/containers/gnocchi:/var/log/gnocchi:z
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
- str_replace: - str_replace:
template: GNOCCHI_FILE_BASE_PATH:GNOCCHI_FILE_BASE_PATH template: GNOCCHI_FILE_BASE_PATH:GNOCCHI_FILE_BASE_PATH
@ -142,6 +142,7 @@ outputs:
file: file:
path: /var/log/containers/gnocchi path: /var/log/containers/gnocchi
state: directory state: directory
setype: svirt_sandbox_file_t
- name: gnocchi logs readme - name: gnocchi logs readme
copy: copy:
dest: /var/log/gnocchi/readme.txt dest: /var/log/gnocchi/readme.txt

3
docker/services/gnocchi-statsd.yaml
View File

@ -130,7 +130,7 @@ outputs:
- -
- /var/lib/kolla/config_files/gnocchi_statsd.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/kolla/config_files/gnocchi_statsd.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/gnocchi:/var/log/gnocchi - /var/log/containers/gnocchi:/var/log/gnocchi:z
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
- str_replace: - str_replace:
template: GNOCCHI_FILE_BASE_PATH:GNOCCHI_FILE_BASE_PATH template: GNOCCHI_FILE_BASE_PATH:GNOCCHI_FILE_BASE_PATH
@ -142,6 +142,7 @@ outputs:
file: file:
path: /var/log/containers/gnocchi path: /var/log/containers/gnocchi
state: directory state: directory
setype: svirt_sandbox_file_t
- name: gnocchi logs readme - name: gnocchi logs readme
copy: copy:
dest: /var/log/gnocchi/readme.txt dest: /var/log/gnocchi/readme.txt

21
docker/services/haproxy.yaml
View File

@ -155,17 +155,17 @@ outputs:
- ':' - ':'
- - {get_param: DeployedSSLCertificatePath} - - {get_param: DeployedSSLCertificatePath}
- {get_param: DeployedSSLCertificatePath} - {get_param: DeployedSSLCertificatePath}
- 'ro' - 'ro,shared'
- null - null
- if: - if:
- internal_tls_enabled - internal_tls_enabled
- - /etc/pki/tls/certs/haproxy:/etc/pki/tls/certs/haproxy:ro - - /etc/pki/tls/certs/haproxy:/etc/pki/tls/certs/haproxy:ro,shared
- /etc/pki/tls/private/haproxy:/etc/pki/tls/private/haproxy:ro - /etc/pki/tls/private/haproxy:/etc/pki/tls/private/haproxy:ro,shared
- list_join: - list_join:
- ':' - ':'
- - {get_param: InternalTLSCAFile} - - {get_param: InternalTLSCAFile}
- {get_param: InternalTLSCAFile} - {get_param: InternalTLSCAFile}
- 'ro' - 'ro,shared'
- null - null
kolla_config: kolla_config:
/var/lib/kolla/config_files/haproxy.json: /var/lib/kolla/config_files/haproxy.json:
@ -246,12 +246,12 @@ outputs:
- '' - ''
- - /var/lib/kolla/config_files/src-tls/ - - /var/lib/kolla/config_files/src-tls/
- {get_param: DeployedSSLCertificatePath} - {get_param: DeployedSSLCertificatePath}
- 'ro' - 'ro,shared'
- null - null
- if: - if:
- internal_tls_enabled - internal_tls_enabled
- - /etc/pki/tls/certs/haproxy:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/haproxy:ro - - /etc/pki/tls/certs/haproxy:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/haproxy:ro,shared
- /etc/pki/tls/private/haproxy:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/haproxy:ro - /etc/pki/tls/private/haproxy:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/haproxy:ro,shared
- list_join: - list_join:
- ':' - ':'
- - {get_param: InternalTLSCAFile} - - {get_param: InternalTLSCAFile}
@ -293,11 +293,12 @@ outputs:
- {get_attr: [HAProxyBase, role_data, host_prep_tasks]} - {get_attr: [HAProxyBase, role_data, host_prep_tasks]}
- name: create persistent directories - name: create persistent directories
file: file:
path: "{{ item }}" path: "{{ item.path }}"
state: directory state: directory
setype: "{{ item.setype }}"
with_items: with_items:
- /var/log/containers/haproxy - { 'path': /var/log/containers/haproxy, 'setype': svirt_sandbox_file_t }
- /var/lib/haproxy - { 'path': /var/lib/haproxy, 'setype': svirt_sandbox_file_t }
- name: haproxy logs readme - name: haproxy logs readme
copy: copy:
dest: /var/log/haproxy/readme.txt dest: /var/log/haproxy/readme.txt

11
docker/services/ironic-api.yaml
View File

@ -100,8 +100,8 @@ outputs:
privileged: false privileged: false
user: root user: root
volumes: volumes:
- /var/log/containers/ironic:/var/log/ironic - /var/log/containers/ironic:/var/log/ironic:z
- /var/log/containers/httpd/ironic-api:/var/log/httpd - /var/log/containers/httpd/ironic-api:/var/log/httpd:z
command: ['/bin/bash', '-c', 'chown -R ironic:ironic /var/log/ironic'] command: ['/bin/bash', '-c', 'chown -R ironic:ironic /var/log/ironic']
step_3: step_3:
ironic_db_sync: ironic_db_sync:
@ -157,11 +157,12 @@ outputs:
host_prep_tasks: host_prep_tasks:
- name: create persistent logs directory - name: create persistent logs directory
file: file:
path: "{{ item }}" path: "{{ item.path }}"
state: directory state: directory
setype: "{{ item.setype }}"
with_items: with_items:
- /var/log/containers/ironic - { 'path': /var/log/containers/ironic, 'setype': svirt_sandbox_file_t }
- /var/log/containers/httpd/ironic-api - { 'path': /var/log/containers/httpd/ironic-api, 'setype': svirt_sandbox_file_t }
- name: ironic logs readme - name: ironic logs readme
copy: copy:
dest: /var/log/ironic/readme.txt dest: /var/log/ironic/readme.txt

11
docker/services/ironic-conductor.yaml
View File

@ -188,18 +188,19 @@ outputs:
- /sys:/sys - /sys:/sys
- /dev:/dev - /dev:/dev
- /run:/run #shared? - /run:/run #shared?
- /var/lib/ironic:/var/lib/ironic:shared - /var/lib/ironic:/var/lib/ironic:z
- /var/log/containers/ironic:/var/log/ironic - /var/log/containers/ironic:/var/log/ironic:z
environment: environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks: host_prep_tasks:
- name: create persistent directories - name: create persistent directories
file: file:
path: "{{ item }}" path: "{{ item.path }}"
state: directory state: directory
setype: "{{ item.setype }}"
with_items: with_items:
- /var/log/containers/ironic - { 'path': /var/log/containers/ironic, 'setype': svirt_sandbox_file_t }
- /var/lib/ironic - { 'path': /var/lib/ironic, 'setype': svirt_sandbox_file_t }
- name: ironic logs readme - name: ironic logs readme
copy: copy:
dest: /var/log/ironic/readme.txt dest: /var/log/ironic/readme.txt

6
docker/services/ironic-inspector.yaml
View File

@ -89,8 +89,8 @@ outputs:
- {get_attr: [MySQLClient, role_data, step_config]} - {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerIronicInspectorConfigImage} config_image: {get_param: DockerIronicInspectorConfigImage}
volumes: volumes:
- /var/lib/ironic:/var/lib/ironic:shared - /var/lib/ironic:/var/lib/ironic:z
- /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir:shared - /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir:z
kolla_config: kolla_config:
/var/lib/kolla/config_files/ironic_inspector.json: /var/lib/kolla/config_files/ironic_inspector.json:
command: /usr/bin/ironic-inspector --config-file /etc/ironic-inspector/inspector-dist.conf --config-file /etc/ironic-inspector/inspector.conf command: /usr/bin/ironic-inspector --config-file /etc/ironic-inspector/inspector-dist.conf --config-file /etc/ironic-inspector/inspector.conf
@ -224,6 +224,7 @@ outputs:
file: file:
path: /var/log/containers/ironic-inspector path: /var/log/containers/ironic-inspector
state: directory state: directory
setype: svirt_sandbox_file_t
- name: ironic-inspector logs readme - name: ironic-inspector logs readme
copy: copy:
dest: /var/log/ironic-inspector/readme.txt dest: /var/log/ironic-inspector/readme.txt
@ -235,6 +236,7 @@ outputs:
file: file:
path: /var/lib/ironic-inspector/dhcp-hostsdir path: /var/lib/ironic-inspector/dhcp-hostsdir
state: directory state: directory
setype: svirt_sandbox_file_t
upgrade_tasks: upgrade_tasks:
- when: step|int == 0 - when: step|int == 0
tags: common tags: common

15
docker/services/ironic-pxe.yaml
View File

@ -132,10 +132,10 @@ outputs:
- -
- /var/lib/kolla/config_files/ironic_pxe_tftp.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/kolla/config_files/ironic_pxe_tftp.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ironic/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/ironic/:/var/lib/kolla/config_files/src:ro
- /var/lib/ironic:/var/lib/ironic/:shared - /var/lib/ironic:/var/lib/ironic/:z
- /dev/log:/dev/log - /dev/log:/dev/log
- /var/log/containers/ironic:/var/log/ironic - /var/log/containers/ironic:/var/log/ironic:z
- /var/log/containers/httpd/ironic-pxe:/var/log/httpd - /var/log/containers/httpd/ironic-pxe:/var/log/httpd:z
environment: environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
ironic_pxe_http: ironic_pxe_http:
@ -158,12 +158,13 @@ outputs:
host_prep_tasks: host_prep_tasks:
- name: create persistent directories - name: create persistent directories
file: file:
path: "{{ item }}" path: "{{ item.path }}"
state: directory state: directory
setype: "{{ item.setype }}"
with_items: with_items:
- /var/lib/ironic - { 'path': /var/lib/ironic, 'setype': svirt_sandbox_file_t }
- /var/log/containers/ironic - { 'path': /var/log/containers/ironic, 'setype': svirt_sandbox_file_t }
- /var/log/containers/httpd/ironic-pxe - { 'path': /var/log/containers/httpd/ironic-pxe, 'setype': svirt_sandbox_file_t }
- name: ironic logs readme - name: ironic logs readme
copy: copy:
dest: /var/log/ironic/readme.txt dest: /var/log/ironic/readme.txt

3
docker/services/iscsid.yaml
View File

@ -72,7 +72,7 @@ outputs:
# However, overcloud nodes must have a unique IQN. Allow full # However, overcloud nodes must have a unique IQN. Allow full
# (write) access to /etc/iscsi so that puppet ensures the IQN # (write) access to /etc/iscsi so that puppet ensures the IQN
# is unique and is reset once, and only once. # is unique and is reset once, and only once.
- /etc/iscsi:/etc/iscsi - /etc/iscsi:/etc/iscsi:z
kolla_config: kolla_config:
/var/lib/kolla/config_files/iscsid.json: /var/lib/kolla/config_files/iscsid.json:
command: /usr/sbin/iscsid -f command: /usr/sbin/iscsid -f
@ -111,6 +111,7 @@ outputs:
file: file:
path: /etc/iscsi path: /etc/iscsi
state: directory state: directory
setype: svirt_sandbox_file_t
- name: stat /lib/systemd/system/iscsid.socket - name: stat /lib/systemd/system/iscsid.socket
stat: path=/lib/systemd/system/iscsid.socket stat: path=/lib/systemd/system/iscsid.socket
register: stat_iscsid_socket register: stat_iscsid_socket

5
docker/services/keepalived.yaml
View File

@ -98,9 +98,9 @@ outputs:
- -
- /var/lib/kolla/config_files/keepalived.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/kolla/config_files/keepalived.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/keepalived/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/keepalived/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/keepalived/:/var/log/ - /var/log/containers/keepalived/:/var/log/:z
- /lib/modules/:/lib/modules/:ro - /lib/modules/:/lib/modules/:ro
- /var/lib/haproxy/:/var/lib/haproxy/ - /var/lib/haproxy/:/var/lib/haproxy/:z
environment: environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
command: /usr/local/bin/kolla_start command: /usr/local/bin/kolla_start
@ -109,6 +109,7 @@ outputs:
file: file:
path: /var/log/containers/keepalived path: /var/log/containers/keepalived
state: directory state: directory
setype: svirt_sandbox_file_t
- name: keepalived logs readme - name: keepalived logs readme
copy: copy:
dest: /var/log/keepalived-readme.txt dest: /var/log/keepalived-readme.txt

5
docker/services/logging/files/glance-api.yaml
View File

@ -32,10 +32,11 @@ outputs:
value: value:
- name: create persistent logs directory - name: create persistent logs directory
file: file:
path: "{{ item }}" path: "{{ item.path }}"
state: directory state: directory
setype: "{{ item.setype }}"
with_items: with_items:
- /var/log/containers/glance - { 'path': /var/log/containers/glance, 'setype': svirt_sandbox_file_t }
- name: glance logs readme - name: glance logs readme
copy: copy:
dest: /var/log/glance/readme.txt dest: /var/log/glance/readme.txt

7
docker/services/logging/files/keystone.yaml
View File

@ -35,11 +35,12 @@ outputs:
value: value:
- name: create persistent logs directory - name: create persistent logs directory
file: file:
path: "{{ item }}" path: "{{ item.path }}"
state: directory state: directory
setype: "{{ item.setype }}"
with_items: with_items:
- /var/log/containers/keystone - { 'path': /var/log/containers/keystone, 'setype': svirt_sandbox_file_t }
- /var/log/containers/httpd/keystone - { 'path': /var/log/containers/httpd/keystone, 'setype': svirt_sandbox_file_t }
- name: keystone logs readme - name: keystone logs readme
copy: copy:
dest: /var/log/keystone/readme.txt dest: /var/log/keystone/readme.txt

11
docker/services/logging/files/nova-api.yaml
View File

@ -15,8 +15,8 @@ outputs:
volumes: volumes:
description: The volumes needed to log to files in the host. description: The volumes needed to log to files in the host.
value: &nova_api_volumes value: &nova_api_volumes
- /var/log/containers/nova:/var/log/nova - /var/log/containers/nova:/var/log/nova:z
- /var/log/containers/httpd/nova-api:/var/log/httpd - /var/log/containers/httpd/nova-api:/var/log/httpd:z
docker_config: docker_config:
description: Extra containers needed for logging to files in the host. description: Extra containers needed for logging to files in the host.
value: value:
@ -33,11 +33,12 @@ outputs:
value: value:
- name: create persistent logs directory - name: create persistent logs directory
file: file:
path: "{{ item }}" path: "{{ item.path }}"
setype: "{{ item.setype }}"
state: directory state: directory
with_items: with_items:
- /var/log/containers/nova - { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t }
- /var/log/containers/httpd/nova-api - { 'path': /var/log/containers/httpd/nova-api, 'setype': svirt_sandbox_file_t }
- name: nova logs readme - name: nova logs readme
copy: copy:
dest: /var/log/nova/readme.txt dest: /var/log/nova/readme.txt

2
docker/services/logrotate-crond.yaml
View File

@ -99,6 +99,6 @@ outputs:
- /var/run/docker.sock:/var/run/docker.sock:rw - /var/run/docker.sock:/var/run/docker.sock:rw
- /var/lib/kolla/config_files/logrotate-crond.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/kolla/config_files/logrotate-crond.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/crond/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/crond/:/var/lib/kolla/config_files/src:ro
- /var/log/containers:/var/log/containers - /var/log/containers:/var/log/containers:z
environment: environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS

11
docker/services/messaging/notify-rabbitmq.yaml
View File

@ -127,7 +127,7 @@ outputs:
privileged: false privileged: false
user: root user: root
volumes: volumes:
- /var/log/containers/rabbitmq:/var/log/rabbitmq - /var/log/containers/rabbitmq:/var/log/rabbitmq:z
command: ['/bin/bash', '-c', 'chown -R rabbitmq:rabbitmq /var/log/rabbitmq'] command: ['/bin/bash', '-c', 'chown -R rabbitmq:rabbitmq /var/log/rabbitmq']
rabbitmq_bootstrap: rabbitmq_bootstrap:
start_order: 1 start_order: 1
@ -141,7 +141,7 @@ outputs:
- -
- /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq - /var/lib/rabbitmq:/var/lib/rabbitmq:z
- /var/log/containers/rabbitmq:/var/log/rabbitmq - /var/log/containers/rabbitmq:/var/log/rabbitmq
- if: - if:
- internal_tls_enabled - internal_tls_enabled
@ -212,11 +212,12 @@ outputs:
host_prep_tasks: host_prep_tasks:
- name: create persistent directories - name: create persistent directories
file: file:
path: "{{ item }}" path: "{{ item.path }}"
state: directory state: directory
setype: "{{ item.setype }}"
with_items: with_items:
- /var/log/containers/rabbitmq - { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t }
- /var/lib/rabbitmq - { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t }
- name: rabbitmq logs readme - name: rabbitmq logs readme
copy: copy:
dest: /var/log/rabbitmq/readme.txt dest: /var/log/rabbitmq/readme.txt

11
docker/services/messaging/rpc-rabbitmq.yaml
View File

@ -127,7 +127,7 @@ outputs:
privileged: false privileged: false
user: root user: root
volumes: volumes:
- /var/log/containers/rabbitmq:/var/log/rabbitmq - /var/log/containers/rabbitmq:/var/log/rabbitmq:z
command: ['/bin/bash', '-c', 'chown -R rabbitmq:rabbitmq /var/log/rabbitmq'] command: ['/bin/bash', '-c', 'chown -R rabbitmq:rabbitmq /var/log/rabbitmq']
rabbitmq_bootstrap: rabbitmq_bootstrap:
start_order: 1 start_order: 1
@ -141,7 +141,7 @@ outputs:
- -
- /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq - /var/lib/rabbitmq:/var/lib/rabbitmq:z
- /var/log/containers/rabbitmq:/var/log/rabbitmq - /var/log/containers/rabbitmq:/var/log/rabbitmq
- if: - if:
- internal_tls_enabled - internal_tls_enabled
@ -212,11 +212,12 @@ outputs:
host_prep_tasks: host_prep_tasks:
- name: create persistent directories - name: create persistent directories
file: file:
path: "{{ item }}" path: "{{ item.path }}"
state: directory state: directory
setype: "{{ item.setype }}"
with_items: with_items:
- /var/log/containers/rabbitmq - { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t }
- /var/lib/rabbitmq - { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t }
- name: rabbitmq logs readme - name: rabbitmq logs readme
copy: copy:
dest: /var/log/rabbitmq/readme.txt dest: /var/log/rabbitmq/readme.txt

3
docker/services/mistral-api.yaml
View File

@ -99,7 +99,7 @@ outputs:
privileged: false privileged: false
user: root user: root
volumes: volumes:
- /var/log/containers/mistral:/var/log/mistral - /var/log/containers/mistral:/var/log/mistral:z
command: ['/bin/bash', '-c', 'chown -R mistral:mistral /var/log/mistral'] command: ['/bin/bash', '-c', 'chown -R mistral:mistral /var/log/mistral']
step_3: step_3:
mistral_db_sync: mistral_db_sync:
@ -156,6 +156,7 @@ outputs:
file: file:
path: /var/log/containers/mistral path: /var/log/containers/mistral
state: directory state: directory
setype: svirt_sandbox_file_t
- name: mistral logs readme - name: mistral logs readme
copy: copy:
dest: /var/log/mistral/readme.txt dest: /var/log/mistral/readme.txt

3
docker/services/mistral-engine.yaml
View File

@ -115,7 +115,7 @@ outputs:
- /run:/run - /run:/run
- /var/lib/kolla/config_files/mistral_engine.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/kolla/config_files/mistral_engine.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/mistral/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/mistral/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/mistral:/var/log/mistral - /var/log/containers/mistral:/var/log/mistral:z
- /var/lib/mistral:/var/lib/mistral:ro - /var/lib/mistral:/var/lib/mistral:ro
- /usr/share/ansible/:/usr/share/ansible/:ro - /usr/share/ansible/:/usr/share/ansible/:ro
- /usr/share/openstack-tripleo-validations:/usr/share/openstack-tripleo-validations:ro - /usr/share/openstack-tripleo-validations:/usr/share/openstack-tripleo-validations:ro
@ -126,6 +126,7 @@ outputs:
file: file:
path: /var/log/containers/mistral path: /var/log/containers/mistral
state: directory state: directory
setype: svirt_sandbox_file_t
- name: mistral logs readme - name: mistral logs readme
copy: copy:
dest: /var/log/mistral/readme.txt dest: /var/log/mistral/readme.txt

3
docker/services/mistral-event-engine.yaml
View File

@ -115,7 +115,7 @@ outputs:
- /run:/run - /run:/run
- /var/lib/kolla/config_files/mistral_event_engine.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/kolla/config_files/mistral_event_engine.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/mistral/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/mistral/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/mistral:/var/log/mistral - /var/log/containers/mistral:/var/log/mistral:z
- /var/lib/mistral:/var/lib/mistral:ro - /var/lib/mistral:/var/lib/mistral:ro
- /usr/share/ansible/:/usr/share/ansible/:ro - /usr/share/ansible/:/usr/share/ansible/:ro
- /usr/share/openstack-tripleo-validations:/usr/share/openstack-tripleo-validations:ro - /usr/share/openstack-tripleo-validations:/usr/share/openstack-tripleo-validations:ro
@ -126,6 +126,7 @@ outputs:
file: file:
path: /var/log/containers/mistral path: /var/log/containers/mistral
state: directory state: directory
setype: svirt_sandbox_file_t
- name: mistral logs readme - name: mistral logs readme
copy: copy:
dest: /var/log/mistral/readme.txt dest: /var/log/mistral/readme.txt

16
docker/services/mistral-executor.yaml
View File

@ -129,8 +129,8 @@ outputs:
- /var/lib/config-data/puppet-generated/mistral/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/mistral/:/var/lib/kolla/config_files/src:ro
- /run:/run - /run:/run
- /var/run/docker.sock:/var/run/docker.sock:rw - /var/run/docker.sock:/var/run/docker.sock:rw
- /var/log/containers/mistral:/var/log/mistral - /var/log/containers/mistral:/var/log/mistral:z
- /var/lib/mistral:/var/lib/mistral - /var/lib/mistral:/var/lib/mistral:z
- /usr/share/ansible/:/usr/share/ansible/:ro - /usr/share/ansible/:/usr/share/ansible/:ro
- /usr/share/openstack-tripleo-validations:/usr/share/openstack-tripleo-validations:ro - /usr/share/openstack-tripleo-validations:/usr/share/openstack-tripleo-validations:ro
- {get_param: MistralExecutorVolumes} - {get_param: MistralExecutorVolumes}
@ -138,14 +138,14 @@ outputs:
environment: environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks: host_prep_tasks:
- name: create /var/lib/mistral directory - name: create persistent data directory
file: file:
path: /var/lib/mistral path: "{{ item.path }}"
state: directory
- name: create persistent logs directory
file:
path: /var/log/containers/mistral
state: directory state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/mistral, 'setype': svirt_sandbox_file_t }
- name: mistral logs readme - name: mistral logs readme
copy: copy:
dest: /var/log/mistral/readme.txt dest: /var/log/mistral/readme.txt

5
docker/services/neutron-dhcp.yaml
View File

@ -173,8 +173,8 @@ outputs:
list_concat: list_concat:
- {get_attr: [ContainersCommon, docker_puppet_apply_volumes]} - {get_attr: [ContainersCommon, docker_puppet_apply_volumes]}
- -
- /run/openvswitch:/run/openvswitch - /run/openvswitch:/run/openvswitch:z
- /var/lib/neutron:/var/lib/neutron - /var/lib/neutron:/var/lib/neutron:z
step_4: step_4:
neutron_dhcp: neutron_dhcp:
start_order: 10 start_order: 10
@ -237,6 +237,7 @@ outputs:
file: file:
path: /var/lib/neutron path: /var/lib/neutron
state: directory state: directory
setype: svirt_sandbox_file_t
upgrade_tasks: upgrade_tasks:
- when: step|int == 0 - when: step|int == 0
tags: common tags: common

5
docker/services/neutron-l3.yaml
View File

@ -172,8 +172,8 @@ outputs:
list_concat: list_concat:
- {get_attr: [ContainersCommon, docker_puppet_apply_volumes]} - {get_attr: [ContainersCommon, docker_puppet_apply_volumes]}
- -
- /run/openvswitch:/run/openvswitch - /run/openvswitch:/run/openvswitch:z
- /var/lib/neutron:/var/lib/neutron - /var/lib/neutron:/var/lib/neutron:z
step_4: step_4:
neutron_l3_agent: neutron_l3_agent:
start_order: 10 start_order: 10
@ -235,6 +235,7 @@ outputs:
file: file:
path: /var/lib/neutron path: /var/lib/neutron
state: directory state: directory
setype: svirt_sandbox_file_t
upgrade_tasks: upgrade_tasks:
- when: step|int == 0 - when: step|int == 0
tags: common tags: common

3
docker/services/neutron-metadata.yaml
View File

@ -131,7 +131,7 @@ outputs:
- /var/lib/kolla/config_files/neutron_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/kolla/config_files/neutron_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro - /lib/modules:/lib/modules:ro
- /var/lib/neutron:/var/lib/neutron - /var/lib/neutron:/var/lib/neutron:z
environment: environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
metadata_settings: metadata_settings:
@ -143,6 +143,7 @@ outputs:
file: file:
path: /var/lib/neutron path: /var/lib/neutron
state: directory state: directory
setype: svirt_sandbox_file_t
upgrade_tasks: upgrade_tasks:
- when: step|int == 0 - when: step|int == 0
tags: common tags: common

2
docker/services/neutron-ovs-agent.yaml
View File

@ -101,7 +101,7 @@ outputs:
# on the unix domain socket - /run/openvswitch/db.sock # on the unix domain socket - /run/openvswitch/db.sock
volumes: volumes:
- /lib/modules:/lib/modules:ro - /lib/modules:/lib/modules:ro
- /run/openvswitch:/run/openvswitch - /run/openvswitch:/run/openvswitch:z
kolla_config: kolla_config:
/var/lib/kolla/config_files/neutron_ovs_agent.json: /var/lib/kolla/config_files/neutron_ovs_agent.json:
command: /neutron_ovs_agent_launcher.sh command: /neutron_ovs_agent_launcher.sh

2
docker/services/nova-api.yaml
View File

@ -243,7 +243,6 @@ outputs:
- -
- /var/lib/config-data/nova/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro - /var/lib/config-data/nova/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
- /var/log/containers/nova:/var/log/nova
- /var/lib/docker-config-scripts/nova_api_ensure_default_cell.sh:/nova_api_ensure_default_cell.sh:ro - /var/lib/docker-config-scripts/nova_api_ensure_default_cell.sh:/nova_api_ensure_default_cell.sh:ro
user: root user: root
command: "/usr/bin/bootstrap_host_exec nova_api /nova_api_ensure_default_cell.sh" command: "/usr/bin/bootstrap_host_exec nova_api /nova_api_ensure_default_cell.sh"
@ -311,7 +310,6 @@ outputs:
- -
- /var/lib/config-data/nova/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro - /var/lib/config-data/nova/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
- /var/log/containers/nova:/var/log/nova
- /var/lib/docker-config-scripts/nova_api_discover_hosts.sh:/nova_api_discover_hosts.sh:ro - /var/lib/docker-config-scripts/nova_api_discover_hosts.sh:/nova_api_discover_hosts.sh:ro
user: root user: root
command: "/usr/bin/bootstrap_host_exec nova_api /nova_api_discover_hosts.sh" command: "/usr/bin/bootstrap_host_exec nova_api /nova_api_discover_hosts.sh"

9
docker/services/nova-ironic.yaml
View File

@ -111,7 +111,7 @@ outputs:
privileged: false privileged: false
detach: false detach: false
volumes: volumes:
- /var/lib/nova:/var/lib/nova:shared - /var/lib/nova:/var/lib/nova:z
- /var/lib/docker-config-scripts/:/docker-config-scripts/ - /var/lib/docker-config-scripts/:/docker-config-scripts/
command: "/docker-config-scripts/nova_statedir_ownership.py" command: "/docker-config-scripts/nova_statedir_ownership.py"
step_5: step_5:
@ -146,11 +146,12 @@ outputs:
host_prep_tasks: host_prep_tasks:
- name: create persistent directories - name: create persistent directories
file: file:
path: "{{ item }}" path: "{{ item.path }}"
state: directory state: directory
setype: "{{ item.setype }}"
with_items: with_items:
- /var/log/containers/nova - { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t }
- /var/lib/nova - { 'path': /var/lib/nova, 'setype': svirt_sandbox_file_t }
- name: nova logs readme - name: nova logs readme
copy: copy:
dest: /var/log/nova/readme.txt dest: /var/log/nova/readme.txt

2
docker/services/novajoin.yaml
View File

@ -182,7 +182,7 @@ outputs:
- {get_attr: [ContainersCommon, volumes]} - {get_attr: [ContainersCommon, volumes]}
- -
- /var/lib/kolla/config_files/novajoin_server.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/kolla/config_files/novajoin_server.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/novajoin/etc/novajoin/join.conf:/etc/novajoin/join.conf:Z - /var/lib/config-data/novajoin/etc/novajoin/join.conf:/etc/novajoin/join.conf:z
- /etc/ipa/:/etc/ipa/:ro - /etc/ipa/:/etc/ipa/:ro
- /etc/novajoin/krb5.keytab:/etc/novajoin/krb5.keytab:ro - /etc/novajoin/krb5.keytab:/etc/novajoin/krb5.keytab:ro
environment: environment:

11
docker/services/pacemaker/database/mysql.yaml
View File

@ -178,7 +178,7 @@ outputs:
# Kolla does only non-recursive chown # Kolla does only non-recursive chown
command: ['chown', '-R', 'mysql:', '/var/lib/mysql'] command: ['chown', '-R', 'mysql:', '/var/lib/mysql']
volumes: volumes:
- /var/lib/mysql:/var/lib/mysql - /var/lib/mysql:/var/lib/mysql:z
mysql_bootstrap: mysql_bootstrap:
start_order: 1 start_order: 1
detach: false detach: false
@ -294,7 +294,7 @@ outputs:
- {get_attr: [ContainersCommon, docker_puppet_apply_volumes]} - {get_attr: [ContainersCommon, docker_puppet_apply_volumes]}
- - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro - - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
- /dev/shm:/dev/shm:rw - /dev/shm:/dev/shm:rw
- /var/lib/mysql:/var/lib/mysql:rw - /var/lib/mysql:/var/lib/mysql:rw,z
environment: environment:
# NOTE: this should force this container to re-run on each # NOTE: this should force this container to re-run on each
# update (scale-out, etc.) # update (scale-out, etc.)
@ -305,11 +305,12 @@ outputs:
host_prep_tasks: host_prep_tasks:
- name: create persistent directories - name: create persistent directories
file: file:
path: "{{ item }}" path: "{{ item.path }}"
state: directory state: directory
setype: "{{ item.setype }}"
with_items: with_items:
- /var/log/containers/mysql - {'path':/var/log/containers/mysql, 'setype': 'svirt_sandbox_file_t'}
- /var/lib/mysql - {'path': /var/lib/mysql, 'setype': 'svirt_sandbox_file_t'}
- name: mysql logs readme - name: mysql logs readme
copy: copy:
dest: /var/log/mariadb/readme.txt dest: /var/log/mariadb/readme.txt

5
docker/services/pacemaker/haproxy.yaml
View File

@ -299,10 +299,11 @@ outputs:
- {get_attr: [HAProxyBase, role_data, host_prep_tasks]} - {get_attr: [HAProxyBase, role_data, host_prep_tasks]}
- name: create persistent directories - name: create persistent directories
file: file:
path: "{{ item }}" path: "{{ item.path }}"
state: directory state: directory
setype: "{{ item.setype }}"
with_items: with_items:
- /var/lib/haproxy - { 'path': /var/lib/haproxy, 'setype': svirt_sandbox_file_t }
metadata_settings: metadata_settings:
get_attr: [HAProxyBase, role_data, metadata_settings] get_attr: [HAProxyBase, role_data, metadata_settings]
update_tasks: update_tasks:

7
docker/services/swift-proxy.yaml
View File

@ -242,11 +242,12 @@ outputs:
host_prep_tasks: host_prep_tasks:
- name: create persistent directories - name: create persistent directories
file: file:
path: "{{ item }}" path: "{{ item.path }}"
state: directory state: directory
setype: "{{ item.setype }}"
with_items: with_items:
- /srv/node - { 'path': /srv/node, 'setype': svirt_sandbox_file_t }
- /var/log/swift - { 'path': /var/log/swift, 'setype': svirt_sandbox_file_t }
- name: Create swift logging symlink - name: Create swift logging symlink
file: file:
src: /var/log/swift src: /var/log/swift

2
docker/services/swift-ringbuilder.yaml
View File

@ -113,5 +113,5 @@ outputs:
- '-c' - '-c'
- 'cp -v -a -t /etc/swift /swift_ringbuilder/etc/swift/*.gz /swift_ringbuilder/etc/swift/*.builder /swift_ringbuilder/etc/swift/backups' - 'cp -v -a -t /etc/swift /swift_ringbuilder/etc/swift/*.gz /swift_ringbuilder/etc/swift/*.builder /swift_ringbuilder/etc/swift/backups'
volumes: volumes:
- /var/lib/config-data/puppet-generated/swift/etc/swift:/etc/swift:rw - /var/lib/config-data/puppet-generated/swift/etc/swift:/etc/swift:rw,z
- /var/lib/config-data/swift_ringbuilder:/swift_ringbuilder:ro - /var/lib/config-data/swift_ringbuilder:/swift_ringbuilder:ro

23
docker/services/swift-storage.yaml
View File

@ -208,7 +208,7 @@ outputs:
user: root user: root
command: ['chown', '-R', 'swift:', '/srv/node'] command: ['chown', '-R', 'swift:', '/srv/node']
volumes: volumes:
- /srv/node:/srv/node - /srv/node:/srv/node:z
# FIXME (cschwede): remove this once the pid file setting is disabled # FIXME (cschwede): remove this once the pid file setting is disabled
swift_rsync_fix: swift_rsync_fix:
image: {get_param: DockerSwiftObjectImage} image: {get_param: DockerSwiftObjectImage}
@ -217,7 +217,7 @@ outputs:
detach: false detach: false
command: ['/bin/bash', '-c', 'sed -i "/pid file/d" /var/lib/kolla/config_files/src/etc/rsyncd.conf'] command: ['/bin/bash', '-c', 'sed -i "/pid file/d" /var/lib/kolla/config_files/src/etc/rsyncd.conf']
volumes: volumes:
- /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:rw - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:rw,z
step_4: step_4:
swift_account_auditor: swift_account_auditor:
image: *swift_account_image image: *swift_account_image
@ -230,9 +230,9 @@ outputs:
- -
- /var/lib/kolla/config_files/swift_account_auditor.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/kolla/config_files/swift_account_auditor.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro
- /srv/node:/srv/node - /srv/node:/srv/node:z
- /dev:/dev - /dev:/dev
- /var/cache/swift:/var/cache/swift - /var/cache/swift:/var/cache/swift:z
environment: &kolla_env environment: &kolla_env
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
swift_account_reaper: swift_account_reaper:
@ -246,9 +246,9 @@ outputs:
- -
- /var/lib/kolla/config_files/swift_account_reaper.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/kolla/config_files/swift_account_reaper.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro
- /srv/node:/srv/node - /srv/node:/srv/node:z
- /dev:/dev - /dev:/dev
- /var/cache/swift:/var/cache/swift - /var/cache/swift:/var/cache/swift:z
environment: *kolla_env environment: *kolla_env
swift_account_replicator: swift_account_replicator:
image: *swift_account_image image: *swift_account_image
@ -441,13 +441,14 @@ outputs:
host_prep_tasks: host_prep_tasks:
- name: create persistent directories - name: create persistent directories
file: file:
path: "{{ item }}" path: "{{ item.path }}"
state: directory state: directory
setype: "{{ item.setype }}"
with_items: with_items:
- /srv/node - { 'path': /srv/node, 'setype': svirt_sandbox_file_t }
- /var/cache/swift - { 'path': /var/cache/swift, 'setype': svirt_sandbox_file_t }
- /var/log/swift - { 'path': /var/log/swift, 'setype': svirt_sandbox_file_t }
- /var/log/containers - { 'path': /var/log/containers, 'setype': svirt_sandbox_file_t }
- name: Set swift_use_local_disks fact - name: Set swift_use_local_disks fact
set_fact: set_fact:
swift_use_local_disks: {get_param: SwiftUseLocalDir} swift_use_local_disks: {get_param: SwiftUseLocalDir}