Browse Source

Merge "Replace svirt_sandbox_file_t by container_file_t"

tags/12.1.0
Zuul Gerrit Code Review 2 weeks ago
parent
commit
b130f78076
96 changed files with 191 additions and 186 deletions
  1. +2
    -2
      common/container_startup_configs_tasks.yaml
  2. +10
    -10
      common/deploy-steps-tasks-step-1.yaml
  3. +3
    -3
      common/deploy-steps.j2
  4. +2
    -2
      deployment/aodh/aodh-api-container-puppet.yaml
  5. +1
    -1
      deployment/aodh/aodh-evaluator-container-puppet.yaml
  6. +1
    -1
      deployment/aodh/aodh-listener-container-puppet.yaml
  7. +2
    -2
      deployment/aodh/aodh-notifier-container-puppet.yaml
  8. +1
    -1
      deployment/ceilometer/ceilometer-agent-central-container-puppet.yaml
  9. +1
    -1
      deployment/ceilometer/ceilometer-agent-compute-container-puppet.yaml
  10. +1
    -1
      deployment/ceilometer/ceilometer-agent-ipmi-container-puppet.yaml
  11. +1
    -1
      deployment/ceilometer/ceilometer-agent-notification-container-puppet.yaml
  12. +2
    -2
      deployment/cinder/cinder-api-container-puppet.yaml
  13. +2
    -2
      deployment/cinder/cinder-common-container-puppet.yaml
  14. +1
    -1
      deployment/cinder/cinder-scheduler-container-puppet.yaml
  15. +2
    -2
      deployment/database/mysql-container-puppet.yaml
  16. +3
    -3
      deployment/database/mysql-pacemaker-puppet.yaml
  17. +3
    -3
      deployment/database/redis-container-puppet.yaml
  18. +3
    -3
      deployment/database/redis-pacemaker-puppet.yaml
  19. +1
    -1
      deployment/etcd/etcd-container-puppet.yaml
  20. +1
    -1
      deployment/experimental/designate/designate-api-container-puppet.yaml
  21. +1
    -1
      deployment/experimental/designate/designate-central-container-puppet.yaml
  22. +2
    -2
      deployment/experimental/designate/designate-mdns-container-puppet.yaml
  23. +1
    -1
      deployment/experimental/designate/designate-producer-container-puppet.yaml
  24. +1
    -1
      deployment/experimental/designate/designate-sink-container-puppet.yaml
  25. +2
    -2
      deployment/experimental/designate/designate-worker-container-puppet.yaml
  26. +3
    -3
      deployment/glance/glance-api-container-puppet.yaml
  27. +2
    -2
      deployment/glance/glance-api-logging-file-container.yaml
  28. +3
    -3
      deployment/gnocchi/gnocchi-api-container-puppet.yaml
  29. +2
    -2
      deployment/gnocchi/gnocchi-metricd-container-puppet.yaml
  30. +2
    -2
      deployment/gnocchi/gnocchi-statsd-container-puppet.yaml
  31. +1
    -1
      deployment/haproxy/haproxy-container-puppet.yaml
  32. +2
    -2
      deployment/haproxy/haproxy-pacemaker-puppet.yaml
  33. +3
    -3
      deployment/horizon/horizon-container-puppet.yaml
  34. +2
    -2
      deployment/ironic/ironic-api-container-puppet.yaml
  35. +2
    -2
      deployment/ironic/ironic-conductor-container-puppet.yaml
  36. +2
    -2
      deployment/ironic/ironic-inspector-container-puppet.yaml
  37. +3
    -3
      deployment/ironic/ironic-pxe-container-puppet.yaml
  38. +2
    -2
      deployment/iscsid/iscsid-container-puppet.yaml
  39. +1
    -1
      deployment/keepalived/keepalived-container-puppet.yaml
  40. +2
    -2
      deployment/logging/files/barbican-api.yaml
  41. +2
    -2
      deployment/logging/files/heat-api-cfn.yaml
  42. +2
    -2
      deployment/logging/files/heat-api.yaml
  43. +1
    -1
      deployment/logging/files/heat-engine.yaml
  44. +2
    -2
      deployment/logging/files/keystone.yaml
  45. +2
    -2
      deployment/logging/files/neutron-api.yaml
  46. +1
    -1
      deployment/logging/files/neutron-common.yaml
  47. +2
    -2
      deployment/logging/files/nova-api.yaml
  48. +1
    -1
      deployment/logging/files/nova-common.yaml
  49. +1
    -1
      deployment/logging/files/nova-libvirt.yaml
  50. +2
    -2
      deployment/logging/files/nova-metadata.yaml
  51. +2
    -2
      deployment/logging/files/placement-api.yaml
  52. +2
    -2
      deployment/logging/rsyslog-container-puppet.yaml
  53. +2
    -2
      deployment/manila/manila-api-container-puppet.yaml
  54. +1
    -1
      deployment/manila/manila-scheduler-container-puppet.yaml
  55. +2
    -2
      deployment/manila/manila-share-container-puppet.yaml
  56. +2
    -2
      deployment/manila/manila-share-pacemaker-puppet.yaml
  57. +2
    -2
      deployment/messaging/rpc-qdrouterd-container-puppet.yaml
  58. +1
    -1
      deployment/metrics/collectd-container-puppet.yaml
  59. +2
    -2
      deployment/metrics/qdr-container-puppet.yaml
  60. +1
    -1
      deployment/mistral/mistral-api-container-puppet.yaml
  61. +1
    -1
      deployment/mistral/mistral-engine-container-puppet.yaml
  62. +1
    -1
      deployment/mistral/mistral-event-engine-container-puppet.yaml
  63. +5
    -5
      deployment/mistral/mistral-executor-container-puppet.yaml
  64. +2
    -2
      deployment/multipathd/multipathd-container.yaml
  65. +1
    -1
      deployment/neutron/neutron-dhcp-container-puppet.yaml
  66. +1
    -1
      deployment/neutron/neutron-l3-container-puppet.yaml
  67. +1
    -1
      deployment/neutron/neutron-metadata-container-puppet.yaml
  68. +3
    -3
      deployment/nova/nova-compute-container-puppet.yaml
  69. +2
    -2
      deployment/nova/nova-ironic-container-puppet.yaml
  70. +7
    -7
      deployment/nova/nova-libvirt-container-puppet.yaml
  71. +1
    -1
      deployment/nova/novajoin-container-puppet.yaml
  72. +3
    -3
      deployment/octavia/octavia-api-container-puppet.yaml
  73. +1
    -1
      deployment/octavia/octavia-health-manager-container-puppet.yaml
  74. +1
    -1
      deployment/octavia/octavia-housekeeping-container-puppet.yaml
  75. +1
    -1
      deployment/octavia/octavia-worker-container-puppet.yaml
  76. +1
    -1
      deployment/openvswitch/openvswitch-dpdk-netcontrold-container-ansible.yaml
  77. +2
    -2
      deployment/ovn/ovn-controller-container-puppet.yaml
  78. +2
    -2
      deployment/ovn/ovn-dbs-container-puppet.yaml
  79. +2
    -2
      deployment/ovn/ovn-dbs-pacemaker-puppet.yaml
  80. +1
    -1
      deployment/ovn/ovn-metadata-container-puppet.yaml
  81. +2
    -2
      deployment/qdr/qdrouterd-container-puppet.yaml
  82. +2
    -2
      deployment/rabbitmq/rabbitmq-container-puppet.yaml
  83. +2
    -2
      deployment/rabbitmq/rabbitmq-messaging-notify-container-puppet.yaml
  84. +2
    -2
      deployment/rabbitmq/rabbitmq-messaging-notify-pacemaker-puppet.yaml
  85. +2
    -2
      deployment/rabbitmq/rabbitmq-messaging-pacemaker-puppet.yaml
  86. +2
    -2
      deployment/rabbitmq/rabbitmq-messaging-rpc-container-puppet.yaml
  87. +2
    -2
      deployment/rabbitmq/rabbitmq-messaging-rpc-pacemaker-puppet.yaml
  88. +2
    -2
      deployment/sahara/sahara-api-container-puppet.yaml
  89. +2
    -2
      deployment/sahara/sahara-engine-container-puppet.yaml
  90. +3
    -3
      deployment/swift/swift-proxy-container-puppet.yaml
  91. +3
    -3
      deployment/swift/swift-storage-container-puppet.yaml
  92. +3
    -3
      deployment/undercloud/tempest-container-puppet.yaml
  93. +2
    -2
      deployment/zaqar/zaqar-container-puppet.yaml
  94. +1
    -1
      environments/storage-environment.yaml
  95. +2
    -2
      environments/storage/glance-nfs.yaml
  96. +5
    -0
      releasenotes/notes/svirt_sandbox_file_t-to-container_file_t-f4914561f6e9e4c7.yaml

+ 2
- 2
common/container_startup_configs_tasks.yaml View File

@@ -7,13 +7,13 @@
path: "/var/lib/tripleo-config/container-startup-config/{{ step_path }}/"
mode: 0600
recurse: yes
setype: svirt_sandbox_file_t
setype: container_file_t

- name: "Creating container startup configs for {{ step_path }}"
copy:
content: "{{ item.value | to_nice_json }}"
dest: "/var/lib/tripleo-config/container-startup-config/{{ step_path }}/{{ item.key }}.json"
setype: svirt_sandbox_file_t
setype: container_file_t
mode: 0600
no_log: true
loop: "{{ item.1 | dict2items }}"

+ 10
- 10
common/deploy-steps-tasks-step-1.yaml View File

@@ -20,7 +20,7 @@
file:
path: /var/lib/tripleo-config
state: directory
setype: svirt_sandbox_file_t
setype: container_file_t
selevel: s0
recurse: true
tags:
@@ -49,7 +49,7 @@
file:
path: /var/lib/tripleo-config/check-mode
state: directory
setype: svirt_sandbox_file_t
setype: container_file_t
selevel: s0
recurse: true
tags:
@@ -103,7 +103,7 @@
file:
path: /var/lib/container-puppet
state: directory
setype: svirt_sandbox_file_t
setype: container_file_t
selevel: s0
tags:
- container_config
@@ -124,7 +124,7 @@
file:
path: /var/lib/container-puppet/check-mode
state: directory
setype: svirt_sandbox_file_t
setype: container_file_t
selevel: s0
tags:
- container_config
@@ -171,7 +171,7 @@
file:
path: /var/lib/container-config-scripts
state: directory
setype: svirt_sandbox_file_t
setype: container_file_t
tags:
- container_config_scripts

@@ -201,7 +201,7 @@
dest: "/var/lib/container-config-scripts/{{ item[0] }}"
force: yes
mode: "{{ item[1].mode | default('0600', true) }}"
setype: svirt_sandbox_file_t
setype: container_file_t
loop: "{{ role_data_container_config_scripts | dictsort }}"
loop_control:
label: "{{ item[0] }}"
@@ -254,7 +254,7 @@
file:
path: /var/lib/kolla/config_files
state: directory
setype: svirt_sandbox_file_t
setype: container_file_t
selevel: s0
recurse: true
tags:
@@ -264,7 +264,7 @@
file:
path: /var/lib/config-data
state: directory
setype: svirt_sandbox_file_t
setype: container_file_t
selevel: s0

- name: Write kolla config json files
@@ -274,7 +274,7 @@
dest: "{{ item[0] }}"
force: yes
mode: '0600'
setype: svirt_sandbox_file_t
setype: container_file_t
loop: "{{ lookup('file', tripleo_role_name + '/kolla_config.yaml', errors='ignore') | default([], True) | from_yaml | dictsort }}"
loop_control:
label: "{{ item[0] }}"
@@ -318,7 +318,7 @@
file:
path: /etc/puppet/check-mode/hieradata
state: directory
setype: svirt_sandbox_file_t
setype: container_file_t
selevel: s0
recurse: true
check_mode: no


+ 3
- 3
common/deploy-steps.j2 View File

@@ -615,7 +615,7 @@ outputs:
file:
path: /var/lib/tripleo-config/scripts
state: directory
setype: svirt_sandbox_file_t
setype: container_file_t
selevel: s0
recurse: true

@@ -1241,7 +1241,7 @@ outputs:
setype: svirt_sandbox_file_t
selevel: s0
- name: ensure we get the right selinux context
command: chcon -R -t svirt_sandbox_file_t /var/lib/config-data
command: chcon -R -t container_file_t /var/lib/config-data
args:
warn: no
tags:
@@ -1629,7 +1629,7 @@ outputs:
name: Run Fast Forward Upgrade Prep Workarounds for {{role.name}}
{%- endfor %}
- name: Create /var/lib/container-puppet
file: path=/var/lib/container-puppet state=directory setype=svirt_sandbox_file_t selevel=s0 recurse=true
file: path=/var/lib/container-puppet state=directory setype=container_file_t selevel=s0 recurse=true
- name: Write container-puppet.py
no_log: True
copy: src=docker_puppet_script.yaml dest=/var/lib/container-puppet/container-puppet.py force=yes mode=0600


+ 2
- 2
deployment/aodh/aodh-api-container-puppet.yaml View File

@@ -246,8 +246,8 @@ outputs:
setype: "{{ item.setype }}"
state: directory
with_items:
- { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/aodh-api, setype: svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/aodh, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/aodh-api, setype: container_file_t, 'mode': '0750' }
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
external_upgrade_tasks:


+ 1
- 1
deployment/aodh/aodh-evaluator-container-puppet.yaml View File

@@ -114,7 +114,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/aodh, 'setype': container_file_t, 'mode': '0750' }
external_upgrade_tasks:
- when:
- step|int == 1


+ 1
- 1
deployment/aodh/aodh-listener-container-puppet.yaml View File

@@ -114,7 +114,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/aodh, 'setype': container_file_t, 'mode': '0750' }
external_upgrade_tasks:
- when:
- step|int == 1


+ 2
- 2
deployment/aodh/aodh-notifier-container-puppet.yaml View File

@@ -114,8 +114,8 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/aodh, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/aodh, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/log/aodh, 'setype': container_file_t }
external_upgrade_tasks:
- when:
- step|int == 1


+ 1
- 1
deployment/ceilometer/ceilometer-agent-central-container-puppet.yaml View File

@@ -172,7 +172,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/ceilometer, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/ceilometer, 'setype': container_file_t, 'mode': '0750' }
external_upgrade_tasks:
- when:
- step|int == 1


+ 1
- 1
deployment/ceilometer/ceilometer-agent-compute-container-puppet.yaml View File

@@ -119,7 +119,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/ceilometer, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/ceilometer, 'setype': container_file_t, 'mode': '0750' }
- name: enable virt_sandbox_use_netlink for healthcheck
seboolean:
name: virt_sandbox_use_netlink


+ 1
- 1
deployment/ceilometer/ceilometer-agent-ipmi-container-puppet.yaml View File

@@ -137,7 +137,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/ceilometer, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/ceilometer, 'setype': container_file_t, 'mode': '0750' }
fast_forward_upgrade_tasks:
- when:
- step|int == 0


+ 1
- 1
deployment/ceilometer/ceilometer-agent-notification-container-puppet.yaml View File

@@ -124,7 +124,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/ceilometer, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/ceilometer, 'setype': container_file_t, 'mode': '0750' }
- name: enable virt_sandbox_use_netlink for healthcheck
seboolean:
name: virt_sandbox_use_netlink


+ 2
- 2
deployment/cinder/cinder-api-container-puppet.yaml View File

@@ -373,8 +373,8 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/cinder-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/cinder, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/cinder-api, 'setype': container_file_t, 'mode': '0750' }
external_upgrade_tasks:
- when: step|int == 1
block:


+ 2
- 2
deployment/cinder/cinder-common-container-puppet.yaml View File

@@ -72,8 +72,8 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/cinder, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/cinder, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/lib/cinder, 'setype': container_file_t }
- name: ensure ceph configurations exist
file:
path: /etc/ceph


+ 1
- 1
deployment/cinder/cinder-scheduler-container-puppet.yaml View File

@@ -135,7 +135,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/cinder, 'setype': container_file_t, 'mode': '0750' }
- name: enable virt_sandbox_use_netlink for healthcheck
seboolean:
name: virt_sandbox_use_netlink


+ 2
- 2
deployment/database/mysql-container-puppet.yaml View File

@@ -250,8 +250,8 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- {'path': /var/log/containers/mysql, 'setype': 'svirt_sandbox_file_t', 'mode': '0750'}
- {'path': /var/lib/mysql, 'setype': 'svirt_sandbox_file_t'}
- {'path': /var/log/containers/mysql, 'setype': 'container_file_t', 'mode': '0750'}
- {'path': /var/lib/mysql, 'setype': 'container_file_t'}
upgrade_tasks:
# LP 1810136
# After upgrade, the new mariadb (e.g. 10.3) might not be able


+ 3
- 3
deployment/database/mysql-pacemaker-puppet.yaml View File

@@ -313,9 +313,9 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- {'path': /var/log/containers/mysql, 'setype': 'svirt_sandbox_file_t', 'mode': '0750'}
- {'path': /var/lib/mysql, 'setype': 'svirt_sandbox_file_t'}
- {'path': /var/log/mariadb, 'setype': 'svirt_sandbox_file_t', 'mode': '0750'}
- {'path': /var/log/containers/mysql, 'setype': 'container_file_t', 'mode': '0750'}
- {'path': /var/lib/mysql, 'setype': 'container_file_t'}
- {'path': /var/log/mariadb, 'setype': 'container_file_t', 'mode': '0750'}
metadata_settings:
get_attr: [MysqlBase, role_data, metadata_settings]
deploy_steps_tasks:


+ 3
- 3
deployment/database/redis-container-puppet.yaml View File

@@ -169,7 +169,7 @@ outputs:
restart: always
systemd_exec_flags:
RuntimeDirectory: redis
ExecStartPre: /bin/chcon -t svirt_sandbox_file_t /var/run/redis
ExecStartPre: /bin/chcon -t container_file_t /var/run/redis
healthcheck:
test: /openstack/healthcheck
volumes:
@@ -219,8 +219,8 @@ outputs:
path: "{{ item.path }}"
state: directory
with_items:
- { 'path': /var/log/containers/redis, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/run/redis, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/redis, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/run/redis, 'setype': container_file_t }
- name: ensure /var/run/redis is present upon reboot
copy:
dest: /etc/tmpfiles.d/var-run-redis.conf


+ 3
- 3
deployment/database/redis-pacemaker-puppet.yaml View File

@@ -289,9 +289,9 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/lib/redis, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/redis, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/run/redis, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/redis, 'setype': container_file_t }
- { 'path': /var/log/containers/redis, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/run/redis, 'setype': container_file_t }
- name: ensure /var/run/redis is present upon reboot
copy:
dest: /etc/tmpfiles.d/var-run-redis.conf


+ 1
- 1
deployment/etcd/etcd-container-puppet.yaml View File

@@ -157,7 +157,7 @@ outputs:
file:
path: /var/lib/etcd
state: directory
setype: svirt_sandbox_file_t
setype: container_file_t
upgrade_tasks: []
metadata_settings:
if:


+ 1
- 1
deployment/experimental/designate/designate-api-container-puppet.yaml View File

@@ -165,4 +165,4 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/designate, 'setype': container_file_t, 'mode': '0750' }

+ 1
- 1
deployment/experimental/designate/designate-central-container-puppet.yaml View File

@@ -218,4 +218,4 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/designate, 'setype': container_file_t, 'mode': '0750' }

+ 2
- 2
deployment/experimental/designate/designate-mdns-container-puppet.yaml View File

@@ -175,5 +175,5 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/designate, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/designate, 'setype': container_file_t }
- { 'path': /var/log/containers/designate, 'setype': container_file_t, 'mode': '0750' }

+ 1
- 1
deployment/experimental/designate/designate-producer-container-puppet.yaml View File

@@ -133,4 +133,4 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/designate, 'setype': container_file_t, 'mode': '0750' }

+ 1
- 1
deployment/experimental/designate/designate-sink-container-puppet.yaml View File

@@ -125,4 +125,4 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/designate, 'setype': container_file_t, 'mode': '0750' }

+ 2
- 2
deployment/experimental/designate/designate-worker-container-puppet.yaml View File

@@ -226,9 +226,9 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/designate, 'setype': container_file_t, 'mode': '0750' }
- name: create persistent named directory
file:
path: /var/named-persistent
state: directory
setype: svirt_sandbox_file_t
setype: container_file_t

+ 3
- 3
deployment/glance/glance-api-container-puppet.yaml View File

@@ -121,7 +121,7 @@ parameters:
Netapp share to mount for image storage (when GlanceNetappNfsEnabled is true)
type: string
GlanceNfsOptions:
default: '_netdev,bg,intr,context=system_u:object_r:svirt_sandbox_file_t:s0'
default: '_netdev,bg,intr,context=system_u:object_r:container_file_t:s0'
description: >
NFS mount options for image storage (when GlanceNfsEnabled is true)
type: string
@@ -175,7 +175,7 @@ parameters:
URI that specifies the staging location to use when importing images
type: string
GlanceStagingNfsOptions:
default: '_netdev,bg,intr,context=system_u:object_r:svirt_sandbox_file_t:s0'
default: '_netdev,bg,intr,context=system_u:object_r:container_file_t:s0'
description: >
NFS mount options for NFS image import staging
type: string
@@ -621,7 +621,7 @@ outputs:
file:
path: /var/lib/glance
state: directory
setype: svirt_sandbox_file_t
setype: container_file_t
metadata_settings:
get_attr: [TLSProxyBase, role_data, metadata_settings]
external_upgrade_tasks:


+ 2
- 2
deployment/glance/glance-api-logging-file-container.yaml View File

@@ -38,5 +38,5 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/glance, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/glance, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/glance, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/glance, 'setype': container_file_t, 'mode': '0750' }

+ 3
- 3
deployment/gnocchi/gnocchi-api-container-puppet.yaml View File

@@ -358,9 +358,9 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/gnocchi, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/gnocchi-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': {get_param: GnocchiFileBasePath}, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/gnocchi, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/gnocchi-api, 'setype': container_file_t, 'mode': '0750' }
- { 'path': {get_param: GnocchiFileBasePath}, 'setype': container_file_t }
- name: ensure ceph configurations exist
file:
path: /etc/ceph


+ 2
- 2
deployment/gnocchi/gnocchi-metricd-container-puppet.yaml View File

@@ -159,12 +159,12 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/gnocchi, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/gnocchi, 'setype': container_file_t, 'mode': '0750' }
- name: create persistent data directory
file:
path: {get_param: GnocchiFileBasePath}
state: directory
setype: svirt_sandbox_file_t
setype: container_file_t
- name: ensure ceph configurations exist
file:
path: /etc/ceph


+ 2
- 2
deployment/gnocchi/gnocchi-statsd-container-puppet.yaml View File

@@ -151,12 +151,12 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/gnocchi, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/gnocchi, 'setype': container_file_t, 'mode': '0750' }
- name: create persistent data directory
file:
path: {get_param: GnocchiFileBasePath}
state: directory
setype: svirt_sandbox_file_t
setype: container_file_t
- name: ensure ceph configurations exist
file:
path: /etc/ceph


+ 1
- 1
deployment/haproxy/haproxy-container-puppet.yaml View File

@@ -365,7 +365,7 @@ outputs:
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/haproxy, 'setype': var_log_t, 'mode': '0750' }
- { 'path': /var/lib/haproxy, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/haproxy, 'setype': container_file_t }
metadata_settings:
list_concat:
- {get_attr: [HAProxyPublicTLS, role_data, metadata_settings]}


+ 2
- 2
deployment/haproxy/haproxy-pacemaker-puppet.yaml View File

@@ -306,8 +306,8 @@ outputs:
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/haproxy, 'setype': var_log_t, 'mode': '0750' }
- { 'path': /var/lib/haproxy, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/haproxy, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/haproxy, 'setype': container_file_t }
- { 'path': /var/log/haproxy, 'setype': container_file_t }
metadata_settings:
{get_attr: [HAProxyBase, role_data, metadata_settings]}
deploy_steps_tasks:


+ 3
- 3
deployment/horizon/horizon-container-puppet.yaml View File

@@ -318,9 +318,9 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/horizon, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/horizon, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/www, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/horizon, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/horizon, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/www, 'setype': container_file_t }
upgrade_tasks: []
external_upgrade_tasks:
- when:


+ 2
- 2
deployment/ironic/ironic-api-container-puppet.yaml View File

@@ -279,8 +279,8 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/ironic, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/ironic-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/ironic, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/ironic-api, 'setype': container_file_t, 'mode': '0750' }
external_upgrade_tasks:
- when: step|int == 1
block:


+ 2
- 2
deployment/ironic/ironic-conductor-container-puppet.yaml View File

@@ -554,8 +554,8 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/ironic, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/ironic, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/ironic, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/lib/ironic, 'setype': container_file_t }
- name: stat /httpboot
stat: path=/httpboot
register: stat_httpboot


+ 2
- 2
deployment/ironic/ironic-inspector-container-puppet.yaml View File

@@ -491,9 +491,9 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/ironic-inspector, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/ironic-inspector, 'setype': container_file_t, 'mode': '0750' }
- name: create persistent ironic-inspector dnsmasq dhcp hostsdir
file:
path: /var/lib/ironic-inspector/dhcp-hostsdir
state: directory
setype: svirt_sandbox_file_t
setype: container_file_t

+ 3
- 3
deployment/ironic/ironic-pxe-container-puppet.yaml View File

@@ -166,6 +166,6 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/lib/ironic, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/ironic, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/ironic-pxe, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/ironic, 'setype': container_file_t }
- { 'path': /var/log/containers/ironic, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/ironic-pxe, 'setype': container_file_t, 'mode': '0750' }

+ 2
- 2
deployment/iscsid/iscsid-container-puppet.yaml View File

@@ -99,12 +99,12 @@ outputs:
file:
path: /etc/iscsi
state: directory
setype: svirt_sandbox_file_t
setype: container_file_t
- name: ensure /var/lib/iscsi exists
file:
path: /var/lib/iscsi
state: directory
setype: svirt_sandbox_file_t
setype: container_file_t
- name: stat /lib/systemd/system/iscsid.socket
stat: path=/lib/systemd/system/iscsid.socket
register: stat_iscsid_socket


+ 1
- 1
deployment/keepalived/keepalived-container-puppet.yaml View File

@@ -149,4 +149,4 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/keepalived, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/keepalived, 'setype': container_file_t, 'mode': '0750' }

+ 2
- 2
deployment/logging/files/barbican-api.yaml View File

@@ -39,5 +39,5 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/barbican, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/barbican-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/barbican, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/barbican-api, 'setype': container_file_t, 'mode': '0750' }

+ 2
- 2
deployment/logging/files/heat-api-cfn.yaml View File

@@ -25,5 +25,5 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/heat, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/heat-api-cfn, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/heat, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/heat-api-cfn, 'setype': container_file_t, 'mode': '0750' }

+ 2
- 2
deployment/logging/files/heat-api.yaml View File

@@ -25,5 +25,5 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/heat, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/heat-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/heat, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/heat-api, 'setype': container_file_t, 'mode': '0750' }

+ 1
- 1
deployment/logging/files/heat-engine.yaml View File

@@ -40,4 +40,4 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/heat, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/heat, 'setype': container_file_t, 'mode': '0750' }

+ 2
- 2
deployment/logging/files/keystone.yaml View File

@@ -40,5 +40,5 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/keystone, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/keystone, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/keystone, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/keystone, 'setype': container_file_t, 'mode': '0750' }

+ 2
- 2
deployment/logging/files/neutron-api.yaml View File

@@ -48,5 +48,5 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/neutron, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/neutron-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/neutron, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/neutron-api, 'setype': container_file_t, 'mode': '0750' }

+ 1
- 1
deployment/logging/files/neutron-common.yaml View File

@@ -36,4 +36,4 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/neutron, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/neutron, 'setype': container_file_t, 'mode': '0750' }

+ 2
- 2
deployment/logging/files/nova-api.yaml View File

@@ -48,5 +48,5 @@ outputs:
setype: "{{ item.setype }}"
state: directory
with_items:
- { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/nova-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/nova, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/nova-api, 'setype': container_file_t, 'mode': '0750' }

+ 1
- 1
deployment/logging/files/nova-common.yaml View File

@@ -68,4 +68,4 @@ outputs:
setype: "{{ item.setype }}"
state: directory
with_items:
- { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/nova, 'setype': container_file_t, 'mode': '0750' }

+ 1
- 1
deployment/logging/files/nova-libvirt.yaml View File

@@ -38,4 +38,4 @@ outputs:
setype: "{{ item.setype }}"
state: directory
with_items:
- { 'path': /var/log/containers/libvirt, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/libvirt, 'setype': container_file_t, 'mode': '0750' }

+ 2
- 2
deployment/logging/files/nova-metadata.yaml View File

@@ -37,5 +37,5 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/nova-metadata, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/nova, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/nova-metadata, 'setype': container_file_t, 'mode': '0750' }

+ 2
- 2
deployment/logging/files/placement-api.yaml View File

@@ -37,5 +37,5 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/placement, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/placement, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/placement, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/placement, 'setype': container_file_t, 'mode': '0750' }

+ 2
- 2
deployment/logging/rsyslog-container-puppet.yaml View File

@@ -221,10 +221,10 @@ outputs:
file:
path: /var/log/containers/rsyslog
state: directory
setype: svirt_sandbox_file_t
setype: container_file_t
mode: '0750'
- name: create persistent state directory for rsyslog
file:
path: /var/lib/rsyslog.container
state: directory
setype: svirt_sandbox_file_t
setype: container_file_t

+ 2
- 2
deployment/manila/manila-api-container-puppet.yaml View File

@@ -251,8 +251,8 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/manila-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/manila, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/manila-api, 'setype': container_file_t, 'mode': '0750' }
upgrade_tasks: []
fast_forward_upgrade_tasks:
- name: Check if manila_api is deployed


+ 1
- 1
deployment/manila/manila-scheduler-container-puppet.yaml View File

@@ -109,7 +109,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/manila, 'setype': container_file_t, 'mode': '0750' }
- name: enable virt_sandbox_use_netlink for healthcheck
seboolean:
name: virt_sandbox_use_netlink


+ 2
- 2
deployment/manila/manila-share-container-puppet.yaml View File

@@ -164,8 +164,8 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/manila, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/manila, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/lib/manila, 'setype': container_file_t }
- name: ensure ceph configurations exist
file:
path: /etc/ceph


+ 2
- 2
deployment/manila/manila-share-pacemaker-puppet.yaml View File

@@ -201,8 +201,8 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/manila, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/manila, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/lib/manila, 'setype': container_file_t }
- name: ensure ceph configurations exist
file:
path: /etc/ceph


+ 2
- 2
deployment/messaging/rpc-qdrouterd-container-puppet.yaml View File

@@ -149,6 +149,6 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/qdrouterd, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/qdrouterd, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/qdrouterd, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/lib/qdrouterd, 'setype': container_file_t }
metadata_settings: {}

+ 1
- 1
deployment/metrics/collectd-container-puppet.yaml View File

@@ -681,7 +681,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/collectd, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/collectd, 'setype': container_file_t, 'mode': '0750' }
fast_forward_upgrade_tasks:
- when:
- step|int == 0


+ 2
- 2
deployment/metrics/qdr-container-puppet.yaml View File

@@ -315,5 +315,5 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/metrics-qdr, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/metrics-qdr, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/metrics-qdr, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/lib/metrics-qdr, 'setype': container_file_t }

+ 1
- 1
deployment/mistral/mistral-api-container-puppet.yaml View File

@@ -249,7 +249,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/mistral, 'setype': container_file_t, 'mode': '0750' }
deploy_steps_tasks:
- name: Copy in action mapping file
when: step|int == 3


+ 1
- 1
deployment/mistral/mistral-engine-container-puppet.yaml View File

@@ -137,7 +137,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/mistral, 'setype': container_file_t, 'mode': '0750' }
- name: enable virt_sandbox_use_netlink for healthcheck
seboolean:
name: virt_sandbox_use_netlink


+ 1
- 1
deployment/mistral/mistral-event-engine-container-puppet.yaml View File

@@ -112,7 +112,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/mistral, 'setype': container_file_t, 'mode': '0750' }
- name: enable virt_sandbox_use_netlink for healthcheck
seboolean:
name: virt_sandbox_use_netlink


+ 5
- 5
deployment/mistral/mistral-executor-container-puppet.yaml View File

@@ -218,8 +218,8 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/mistral, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/mistral, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/lib/mistral, 'setype': container_file_t }
- name: create mistral/.ssh directory
file:
path: /var/lib/mistral/.ssh
@@ -237,18 +237,18 @@ outputs:
src: "{{ undercloud_cfg_file }}"
dest: /var/lib/mistral/undercloud.conf
mode: 0444
setype: svirt_sandbox_file_t
setype: container_file_t
local_follow: true
- name: create ceph-ansible source directory
file:
path: /usr/share/ceph-ansible
state: directory
setype: svirt_sandbox_file_t
setype: container_file_t
- name: create octavia-amphora-images directory
file:
path: /usr/share/openstack-octavia-amphora-images
state: directory
setype: svirt_sandbox_file_t
setype: container_file_t
- name: enable virt_sandbox_use_netlink for healthcheck
seboolean:
name: virt_sandbox_use_netlink


+ 2
- 2
deployment/multipathd/multipathd-container.yaml View File

@@ -154,10 +154,10 @@ outputs:
file:
path: /etc/multipath
state: directory
setype: svirt_sandbox_file_t
setype: container_file_t
- name: ensure /etc/multipath.conf exists
file:
path: /etc/multipath.conf
state: touch
setype: svirt_sandbox_file_t
setype: container_file_t
upgrade_tasks: []

+ 1
- 1
deployment/neutron/neutron-dhcp-container-puppet.yaml View File

@@ -414,7 +414,7 @@ outputs:
file:
path: /var/lib/neutron
state: directory
setype: svirt_sandbox_file_t
setype: container_file_t
- - name: enable virt_sandbox_use_netlink for healtcheck
seboolean:
name: virt_sandbox_use_netlink


+ 1
- 1
deployment/neutron/neutron-l3-container-puppet.yaml View File

@@ -370,7 +370,7 @@ outputs:
file:
path: /var/lib/neutron
state: directory
setype: svirt_sandbox_file_t
setype: container_file_t
- - name: enable virt_sandbox_use_netlink for healtcheck
seboolean:
name: virt_sandbox_use_netlink


+ 1
- 1
deployment/neutron/neutron-metadata-container-puppet.yaml View File

@@ -203,7 +203,7 @@ outputs:
file:
path: /var/lib/neutron
state: directory
setype: svirt_sandbox_file_t
setype: container_file_t
- - name: enable virt_sandbox_use_netlink for healtcheck
seboolean:
name: virt_sandbox_use_netlink


+ 3
- 3
deployment/nova/nova-compute-container-puppet.yaml View File

@@ -952,9 +952,9 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/lib/nova, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/nova/instances, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/libvirt, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/nova, 'setype': container_file_t }
- { 'path': /var/lib/nova/instances, 'setype': container_file_t }
- { 'path': /var/lib/libvirt, 'setype': container_file_t }
- name: ensure ceph configurations exist
file:
path: /etc/ceph


+ 2
- 2
deployment/nova/nova-ironic-container-puppet.yaml View File

@@ -221,8 +221,8 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/nova, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/nova, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/lib/nova, 'setype': container_file_t }
- name: enable virt_sandbox_use_netlink for healthcheck
seboolean:
name: virt_sandbox_use_netlink


+ 7
- 7
deployment/nova/nova-libvirt-container-puppet.yaml View File

@@ -827,14 +827,14 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /etc/libvirt, 'setype': svirt_sandbox_file_t }
- { 'path': /etc/libvirt/secrets, 'setype': svirt_sandbox_file_t }
- { 'path': /etc/libvirt/qemu, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/libvirt, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/nova, 'setype': svirt_sandbox_file_t }
- { 'path': /etc/libvirt, 'setype': container_file_t }
- { 'path': /etc/libvirt/secrets, 'setype': container_file_t }
- { 'path': /etc/libvirt/qemu, 'setype': container_file_t }
- { 'path': /var/lib/libvirt, 'setype': container_file_t }
- { 'path': /var/lib/nova, 'setype': container_file_t }
- { 'path': /var/run/libvirt, 'setype': virt_var_run_t }
- { 'path': /var/log/libvirt, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/libvirt/qemu, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/libvirt, 'setype': container_file_t }
- { 'path': /var/log/libvirt/qemu, 'setype': container_file_t }
# qemu user on host will be cretaed by libvirt package install, ensure
# the qemu user created with same uid/gid as like libvirt package.
# These specific values are required since ovs is running on host.


+ 1
- 1
deployment/nova/novajoin-container-puppet.yaml View File

@@ -246,7 +246,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/novajoin, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/novajoin, 'setype': container_file_t, 'mode': '0750' }
- name: Enroll to FreeIPA
command: ipa-client-install -U --password={{ ipa_otp }}
args:


+ 3
- 3
deployment/octavia/octavia-api-container-puppet.yaml View File

@@ -350,9 +350,9 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/octavia-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/run/octavia, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/octavia, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/octavia-api, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/run/octavia, 'setype': container_file_t, 'mode': '0750' }
update_tasks:
- name: Set internal tls variable
set_fact:


+ 1
- 1
deployment/octavia/octavia-health-manager-container-puppet.yaml View File

@@ -155,4 +155,4 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/octavia, 'setype': container_file_t, 'mode': '0750' }

+ 1
- 1
deployment/octavia/octavia-housekeeping-container-puppet.yaml View File

@@ -154,5 +154,5 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/octavia, 'setype': container_file_t, 'mode': '0750' }
upgrade_tasks: []

+ 1
- 1
deployment/octavia/octavia-worker-container-puppet.yaml View File

@@ -141,7 +141,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/octavia, 'setype': container_file_t, 'mode': '0750' }
- name: Ensure packages required for configuring octavia are present
package:
name:


+ 1
- 1
deployment/openvswitch/openvswitch-dpdk-netcontrold-container-ansible.yaml View File

@@ -78,4 +78,4 @@ outputs:
file:
path: "/var/log/containers/netcontrold"
state: directory
setype: "svirt_sandbox_file_t"
setype: "container_file_t"

+ 2
- 2
deployment/ovn/ovn-controller-container-puppet.yaml View File

@@ -286,8 +286,8 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/openvswitch, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/openvswitch/ovn, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/openvswitch, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/lib/openvswitch/ovn, 'setype': container_file_t }
- name: enable virt_sandbox_use_netlink for healthcheck
seboolean:
name: virt_sandbox_use_netlink


+ 2
- 2
deployment/ovn/ovn-dbs-container-puppet.yaml View File

@@ -202,6 +202,6 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/openvswitch, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/openvswitch/ovn, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/openvswitch, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/lib/openvswitch/ovn, 'setype': container_file_t }
upgrade_tasks: []

+ 2
- 2
deployment/ovn/ovn-dbs-pacemaker-puppet.yaml View File

@@ -252,8 +252,8 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/openvswitch, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/openvswitch/ovn, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/openvswitch, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/lib/openvswitch/ovn, 'setype': container_file_t }
deploy_steps_tasks:
- name: OVN DBS tag container image for pacemaker
when: step|int == 1


+ 1
- 1
deployment/ovn/ovn-metadata-container-puppet.yaml View File

@@ -370,5 +370,5 @@ outputs:
file:
path: /var/lib/neutron
state: directory
setype: svirt_sandbox_file_t
setype: container_file_t
upgrade_tasks: []

+ 2
- 2
deployment/qdr/qdrouterd-container-puppet.yaml View File

@@ -139,6 +139,6 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/qdrouterd, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/qdrouterd, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/qdrouterd, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/lib/qdrouterd, 'setype': container_file_t }
metadata_settings: {}

+ 2
- 2
deployment/rabbitmq/rabbitmq-container-puppet.yaml View File

@@ -346,8 +346,8 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/rabbitmq, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/lib/rabbitmq, 'setype': container_file_t }
# TODO: Removal of package
upgrade_tasks: []
update_tasks:


+ 2
- 2
deployment/rabbitmq/rabbitmq-messaging-notify-container-puppet.yaml View File

@@ -295,8 +295,8 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/rabbitmq, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/lib/rabbitmq, 'setype': container_file_t }
upgrade_tasks: []
update_tasks:
# TODO: Are we sure we want to support this. Rolling update


+ 2
- 2
deployment/rabbitmq/rabbitmq-messaging-notify-pacemaker-puppet.yaml View File

@@ -245,8 +245,8 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/rabbitmq, 'setype': container_file_t }
- { 'path': /var/log/containers/rabbitmq, 'setype': container_file_t, 'mode': '0750' }
- name: stop the Erlang port mapper on the host and make sure it cannot bind to the port used by container
shell: |
echo 'export ERL_EPMD_ADDRESS=127.0.0.1' > /etc/rabbitmq/rabbitmq-env.conf


+ 2
- 2
deployment/rabbitmq/rabbitmq-messaging-pacemaker-puppet.yaml View File

@@ -245,8 +245,8 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/rabbitmq, 'setype': container_file_t }
- { 'path': /var/log/containers/rabbitmq, 'setype': container_file_t, 'mode': '0750' }
- name: stop the Erlang port mapper on the host and make sure it cannot bind to the port used by container
shell: |
echo 'export ERL_EPMD_ADDRESS=127.0.0.1' > /etc/rabbitmq/rabbitmq-env.conf


+ 2
- 2
deployment/rabbitmq/rabbitmq-messaging-rpc-container-puppet.yaml View File

@@ -290,8 +290,8 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/rabbitmq, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/lib/rabbitmq, 'setype': container_file_t }
upgrade_tasks: []
update_tasks:
# TODO: Are we sure we want to support this. Rolling update


+ 2
- 2
deployment/rabbitmq/rabbitmq-messaging-rpc-pacemaker-puppet.yaml View File

@@ -253,8 +253,8 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/rabbitmq, 'setype': container_file_t }
- { 'path': /var/log/containers/rabbitmq, 'setype': container_file_t, 'mode': '0750' }
- name: stop the Erlang port mapper on the host and make sure it cannot bind to the port used by container
shell: |
echo 'export ERL_EPMD_ADDRESS=127.0.0.1' > /etc/rabbitmq/rabbitmq-env.conf


+ 2
- 2
deployment/sahara/sahara-api-container-puppet.yaml View File

@@ -210,8 +210,8 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/sahara, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/sahara, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/sahara, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/lib/sahara, 'setype': container_file_t }
fast_forward_upgrade_tasks:
- when:
- step|int == 0


+ 2
- 2
deployment/sahara/sahara-engine-container-puppet.yaml View File

@@ -127,8 +127,8 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/sahara, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/sahara, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/sahara, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/lib/sahara, 'setype': container_file_t }
- name: enable virt_sandbox_use_netlink for healthcheck
seboolean:
name: virt_sandbox_use_netlink


+ 3
- 3
deployment/swift/swift-proxy-container-puppet.yaml View File

@@ -433,9 +433,9 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /srv/node, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/swift, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/swift, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /srv/node, 'setype': container_file_t }
- { 'path': /var/log/swift, 'setype': container_file_t }
- { 'path': /var/log/containers/swift, 'setype': container_file_t, 'mode': '0750' }
deploy_steps_tasks:
- name: Configure rsyslog for swift-proxy
when: step|int == 1


+ 3
- 3
deployment/swift/swift-storage-container-puppet.yaml View File

@@ -596,9 +596,9 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /srv/node, 'setype': svirt_sandbox_file_t }
- { 'path': /var/cache/swift, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/swift, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /srv/node, 'setype': container_file_t }
- { 'path': /var/cache/swift, 'setype': container_file_t }
- { 'path': /var/log/containers/swift, 'setype': container_file_t, 'mode': '0750' }
- name: Set swift_use_local_disks fact
set_fact:
swift_use_local_disks: {get_param: SwiftUseLocalDir}


+ 3
- 3
deployment/undercloud/tempest-container-puppet.yaml View File

@@ -59,9 +59,9 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/tempest, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/tempestdata, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/tempest, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/tempest, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/lib/tempestdata, 'setype': container_file_t }
- { 'path': /var/lib/tempest, 'setype': container_file_t }
puppet_config:
config_volume: ''
step_config: ''


+ 2
- 2
deployment/zaqar/zaqar-container-puppet.yaml View File

@@ -385,7 +385,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/zaqar, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/zaqar, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/zaqar, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/zaqar, 'setype': container_file_t, 'mode': '0750' }
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]

+ 1
- 1
environments/storage-environment.yaml View File

@@ -50,7 +50,7 @@ parameter_defaults:
## e.g. "'[fdd0::1]:/export/glance'")
# GlanceNfsShare: ''
## Mount options for the NFS image storage mount point
# GlanceNfsOptions: 'intr,context=system_u:object_r:svirt_sandbox_file_t:s0'
# GlanceNfsOptions: 'intr,context=system_u:object_r:container_file_t:s0'


#### NOVA NFS SETTINGS ####


+ 2
- 2
environments/storage/glance-nfs.yaml View File

@@ -19,7 +19,7 @@ parameter_defaults:

# NFS mount options for image storage (when GlanceNfsEnabled is true)
# Type: string
GlanceNfsOptions: _netdev,bg,intr,context=system_u:object_r:svirt_sandbox_file_t:s0
GlanceNfsOptions: _netdev,bg,intr,context=system_u:object_r:container_file_t:s0

# NFS share to mount for image storage (when GlanceNfsEnabled is true)
# Type: string
@@ -31,7 +31,7 @@ parameter_defaults:

# NFS mount options for NFS image import staging
# Type: string
GlanceStagingNfsOptions: _netdev,bg,intr,context=system_u:object_r:svirt_sandbox_file_t:s0
GlanceStagingNfsOptions: _netdev,bg,intr,context=system_u:object_r:container_file_t:s0

# NFS share to mount for image import staging
# Type: string


+ 5
- 0
releasenotes/notes/svirt_sandbox_file_t-to-container_file_t-f4914561f6e9e4c7.yaml View File

@@ -0,0 +1,5 @@
---
other:
- Not a functionnal change, only cosmetics. For better understanding and
readability, changing all the svirt_sandbox_file_t to shorter, nicer
container_file_t

Loading…
Cancel
Save