Ensure we get the correct setype for haproxy log dir

Since haproxy logs are managed by rsyslog, we want to ensure this service can actually write in the location. This means we have to ensure haproxy/* is set to var_log_t, and NOT the usual svirt_sandbox_file_t context. Change-Id: Ica897c186268461f8f90cca4d417794d9b7dedad
2019-01-03 16:00:21 +01:00 · 2019-01-03 16:00:21 +01:00 · 44b155eca6
parent 697cefb95e
commit 44b155eca6
1 changed files with 6 additions and 0 deletions
--- a/docker/services/haproxy.yaml
+++ b/docker/services/haproxy.yaml
@ -267,6 +267,12 @@ outputs:
              environment:
                - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
      upgrade_tasks:
+        - name: ensure we have haproxy log dir with the correct setype
+          file:
+            path: /var/log/containers/haproxy
+            state: directory
+            setype: var_log_t
+            recurse: yes
        - when: step|int == 3
          block:
            - name: Set fact for removal of HAproxy package