Merge "Enable CAP_AUDIT_WRITE for some containers/steps"
This commit is contained in:
commit
58a4ee67c7
@ -301,6 +301,8 @@ outputs:
|
||||
step_3:
|
||||
aodh_db_sync:
|
||||
image: *aodh_api_image
|
||||
cap_add:
|
||||
- AUDIT_WRITE
|
||||
net: host
|
||||
privileged: false
|
||||
detach: false
|
||||
|
@ -686,6 +686,8 @@ outputs:
|
||||
- barbican_api_db_sync:
|
||||
start_order: 3
|
||||
image: *barbican_api_image
|
||||
cap_add:
|
||||
- AUDIT_WRITE
|
||||
net: host
|
||||
detach: false
|
||||
user: root
|
||||
|
@ -319,6 +319,8 @@ outputs:
|
||||
step_3:
|
||||
cinder_api_db_sync:
|
||||
image: *cinder_api_image
|
||||
cap_add:
|
||||
- AUDIT_WRITE
|
||||
net: host
|
||||
privileged: false
|
||||
detach: false
|
||||
|
@ -251,6 +251,8 @@ outputs:
|
||||
step_3:
|
||||
designate_db_sync:
|
||||
image: *designate_central_image
|
||||
cap_add:
|
||||
- AUDIT_WRITE
|
||||
net: host
|
||||
privileged: false
|
||||
detach: false
|
||||
|
@ -740,6 +740,8 @@ outputs:
|
||||
step_3:
|
||||
glance_api_db_sync:
|
||||
image: &glance_api_image {get_attr: [RoleParametersValue, value, ContainerGlanceApiImage]}
|
||||
cap_add:
|
||||
- AUDIT_WRITE
|
||||
net: host
|
||||
privileged: false
|
||||
detach: false
|
||||
|
@ -367,6 +367,8 @@ outputs:
|
||||
gnocchi_db_sync:
|
||||
start_order: 0
|
||||
image: *gnocchi_api_image
|
||||
cap_add:
|
||||
- AUDIT_WRITE
|
||||
net: host
|
||||
detach: false
|
||||
privileged: false
|
||||
|
@ -259,6 +259,8 @@ outputs:
|
||||
step_3:
|
||||
heat_engine_db_sync:
|
||||
image: &heat_engine_image {get_attr: [RoleParametersValue, value, ContainerHeatEngineImage]}
|
||||
cap_add:
|
||||
- AUDIT_WRITE
|
||||
net: host
|
||||
privileged: false
|
||||
detach: false
|
||||
|
@ -300,6 +300,8 @@ outputs:
|
||||
ironic_db_sync:
|
||||
start_order: 1
|
||||
image: *ironic_api_image
|
||||
cap_add:
|
||||
- AUDIT_WRITE
|
||||
net: host
|
||||
privileged: false
|
||||
detach: false
|
||||
|
@ -487,6 +487,8 @@ outputs:
|
||||
ironic_inspector_db_sync:
|
||||
start_order: 2
|
||||
image: *ironic_inspector_image
|
||||
cap_add:
|
||||
- AUDIT_WRITE
|
||||
net: host
|
||||
user: root
|
||||
privileged: false
|
||||
|
@ -316,6 +316,8 @@ outputs:
|
||||
manila_api_db_sync:
|
||||
user: root
|
||||
image: *manila_api_image
|
||||
cap_add:
|
||||
- AUDIT_WRITE
|
||||
net: host
|
||||
detach: false
|
||||
volumes:
|
||||
|
@ -534,6 +534,8 @@ outputs:
|
||||
step_3:
|
||||
neutron_db_sync:
|
||||
image: &neutron_api_image {get_attr: [RoleParametersValue, value, ContainerNeutronApiImage]}
|
||||
cap_add:
|
||||
- AUDIT_WRITE
|
||||
net: host
|
||||
privileged: false
|
||||
detach: false
|
||||
|
@ -585,6 +585,8 @@ outputs:
|
||||
nova_api_db_sync:
|
||||
start_order: 0 # Runs before nova-conductor dbsync
|
||||
image: &nova_api_image {get_attr: [RoleParametersValue, value, ContainerNovaApiImage]}
|
||||
cap_add:
|
||||
- AUDIT_WRITE
|
||||
net: host
|
||||
detach: false
|
||||
user: root
|
||||
|
@ -189,6 +189,8 @@ outputs:
|
||||
step_3:
|
||||
nova_db_sync:
|
||||
image: &nova_conductor_image {get_attr: [RoleParametersValue, value, ContainerNovaConductorImage]}
|
||||
cap_add:
|
||||
- AUDIT_WRITE
|
||||
start_order: 3 # Runs after nova-api tasks if installed on this host
|
||||
net: host
|
||||
detach: false
|
||||
|
@ -193,6 +193,8 @@ outputs:
|
||||
step_4:
|
||||
nova_migration_target:
|
||||
image: {get_attr: [RoleParametersValue, value, ContainerNovaComputeImage]}
|
||||
cap_add:
|
||||
- AUDIT_WRITE
|
||||
net: host
|
||||
privileged: true
|
||||
user: root
|
||||
|
@ -383,6 +383,8 @@ outputs:
|
||||
octavia_db_sync:
|
||||
start_order: 0
|
||||
image: *octavia_api_image
|
||||
cap_add:
|
||||
- AUDIT_WRITE
|
||||
net: host
|
||||
privileged: false
|
||||
detach: false
|
||||
|
@ -294,6 +294,8 @@ outputs:
|
||||
placement_api_db_sync:
|
||||
start_order: 1
|
||||
image: &placement_api_image {get_attr: [RoleParametersValue, value, ContainerPlacementImage]}
|
||||
cap_add:
|
||||
- AUDIT_WRITE
|
||||
net: host
|
||||
detach: false
|
||||
user: root
|
||||
|
Loading…
Reference in New Issue
Block a user