Merge "Enable CAP_AUDIT_WRITE for some containers/steps"

This commit is contained in:
Zuul 2022-10-04 14:05:21 +00:00 committed by Gerrit Code Review
commit 58a4ee67c7
16 changed files with 32 additions and 0 deletions

View File

@ -301,6 +301,8 @@ outputs:
step_3:
aodh_db_sync:
image: *aodh_api_image
cap_add:
- AUDIT_WRITE
net: host
privileged: false
detach: false

View File

@ -686,6 +686,8 @@ outputs:
- barbican_api_db_sync:
start_order: 3
image: *barbican_api_image
cap_add:
- AUDIT_WRITE
net: host
detach: false
user: root

View File

@ -319,6 +319,8 @@ outputs:
step_3:
cinder_api_db_sync:
image: *cinder_api_image
cap_add:
- AUDIT_WRITE
net: host
privileged: false
detach: false

View File

@ -251,6 +251,8 @@ outputs:
step_3:
designate_db_sync:
image: *designate_central_image
cap_add:
- AUDIT_WRITE
net: host
privileged: false
detach: false

View File

@ -740,6 +740,8 @@ outputs:
step_3:
glance_api_db_sync:
image: &glance_api_image {get_attr: [RoleParametersValue, value, ContainerGlanceApiImage]}
cap_add:
- AUDIT_WRITE
net: host
privileged: false
detach: false

View File

@ -367,6 +367,8 @@ outputs:
gnocchi_db_sync:
start_order: 0
image: *gnocchi_api_image
cap_add:
- AUDIT_WRITE
net: host
detach: false
privileged: false

View File

@ -259,6 +259,8 @@ outputs:
step_3:
heat_engine_db_sync:
image: &heat_engine_image {get_attr: [RoleParametersValue, value, ContainerHeatEngineImage]}
cap_add:
- AUDIT_WRITE
net: host
privileged: false
detach: false

View File

@ -300,6 +300,8 @@ outputs:
ironic_db_sync:
start_order: 1
image: *ironic_api_image
cap_add:
- AUDIT_WRITE
net: host
privileged: false
detach: false

View File

@ -487,6 +487,8 @@ outputs:
ironic_inspector_db_sync:
start_order: 2
image: *ironic_inspector_image
cap_add:
- AUDIT_WRITE
net: host
user: root
privileged: false

View File

@ -316,6 +316,8 @@ outputs:
manila_api_db_sync:
user: root
image: *manila_api_image
cap_add:
- AUDIT_WRITE
net: host
detach: false
volumes:

View File

@ -534,6 +534,8 @@ outputs:
step_3:
neutron_db_sync:
image: &neutron_api_image {get_attr: [RoleParametersValue, value, ContainerNeutronApiImage]}
cap_add:
- AUDIT_WRITE
net: host
privileged: false
detach: false

View File

@ -585,6 +585,8 @@ outputs:
nova_api_db_sync:
start_order: 0 # Runs before nova-conductor dbsync
image: &nova_api_image {get_attr: [RoleParametersValue, value, ContainerNovaApiImage]}
cap_add:
- AUDIT_WRITE
net: host
detach: false
user: root

View File

@ -189,6 +189,8 @@ outputs:
step_3:
nova_db_sync:
image: &nova_conductor_image {get_attr: [RoleParametersValue, value, ContainerNovaConductorImage]}
cap_add:
- AUDIT_WRITE
start_order: 3 # Runs after nova-api tasks if installed on this host
net: host
detach: false

View File

@ -193,6 +193,8 @@ outputs:
step_4:
nova_migration_target:
image: {get_attr: [RoleParametersValue, value, ContainerNovaComputeImage]}
cap_add:
- AUDIT_WRITE
net: host
privileged: true
user: root

View File

@ -383,6 +383,8 @@ outputs:
octavia_db_sync:
start_order: 0
image: *octavia_api_image
cap_add:
- AUDIT_WRITE
net: host
privileged: false
detach: false

View File

@ -294,6 +294,8 @@ outputs:
placement_api_db_sync:
start_order: 1
image: &placement_api_image {get_attr: [RoleParametersValue, value, ContainerPlacementImage]}
cap_add:
- AUDIT_WRITE
net: host
detach: false
user: root