Merge "Replace svirt_sandbox_file_t by container_file_t"
This commit is contained in:
Zuul
Gerrit Code Review
commit
b130f78076
|
|
@ -7,13 +7,13 @@
|
||||||
path: "/var/lib/tripleo-config/container-startup-config/{{ step_path }}/"
|
path: "/var/lib/tripleo-config/container-startup-config/{{ step_path }}/"
|
||||||
mode: 0600
|
mode: 0600
|
||||||
recurse: yes
|
recurse: yes
|
||||||
setype: svirt_sandbox_file_t
|
setype: container_file_t
|
||||||
|
|
||||||
- name: "Creating container startup configs for {{ step_path }}"
|
- name: "Creating container startup configs for {{ step_path }}"
|
||||||
copy:
|
copy:
|
||||||
content: "{{ item.value | to_nice_json }}"
|
content: "{{ item.value | to_nice_json }}"
|
||||||
dest: "/var/lib/tripleo-config/container-startup-config/{{ step_path }}/{{ item.key }}.json"
|
dest: "/var/lib/tripleo-config/container-startup-config/{{ step_path }}/{{ item.key }}.json"
|
||||||
setype: svirt_sandbox_file_t
|
setype: container_file_t
|
||||||
mode: 0600
|
mode: 0600
|
||||||
no_log: true
|
no_log: true
|
||||||
loop: "{{ item.1 | dict2items }}"
|
loop: "{{ item.1 | dict2items }}"
|
||||||
|
|
|
||||||
|
|
@ -20,7 +20,7 @@
|
||||||
file:
|
file:
|
||||||
path: /var/lib/tripleo-config
|
path: /var/lib/tripleo-config
|
||||||
state: directory
|
state: directory
|
||||||
setype: svirt_sandbox_file_t
|
setype: container_file_t
|
||||||
selevel: s0
|
selevel: s0
|
||||||
recurse: true
|
recurse: true
|
||||||
tags:
|
tags:
|
||||||
|
|
@ -49,7 +49,7 @@
|
||||||
file:
|
file:
|
||||||
path: /var/lib/tripleo-config/check-mode
|
path: /var/lib/tripleo-config/check-mode
|
||||||
state: directory
|
state: directory
|
||||||
setype: svirt_sandbox_file_t
|
setype: container_file_t
|
||||||
selevel: s0
|
selevel: s0
|
||||||
recurse: true
|
recurse: true
|
||||||
tags:
|
tags:
|
||||||
|
|
@ -103,7 +103,7 @@
|
||||||
file:
|
file:
|
||||||
path: /var/lib/container-puppet
|
path: /var/lib/container-puppet
|
||||||
state: directory
|
state: directory
|
||||||
setype: svirt_sandbox_file_t
|
setype: container_file_t
|
||||||
selevel: s0
|
selevel: s0
|
||||||
tags:
|
tags:
|
||||||
- container_config
|
- container_config
|
||||||
|
|
@ -124,7 +124,7 @@
|
||||||
file:
|
file:
|
||||||
path: /var/lib/container-puppet/check-mode
|
path: /var/lib/container-puppet/check-mode
|
||||||
state: directory
|
state: directory
|
||||||
setype: svirt_sandbox_file_t
|
setype: container_file_t
|
||||||
selevel: s0
|
selevel: s0
|
||||||
tags:
|
tags:
|
||||||
- container_config
|
- container_config
|
||||||
|
|
@ -171,7 +171,7 @@
|
||||||
file:
|
file:
|
||||||
path: /var/lib/container-config-scripts
|
path: /var/lib/container-config-scripts
|
||||||
state: directory
|
state: directory
|
||||||
setype: svirt_sandbox_file_t
|
setype: container_file_t
|
||||||
tags:
|
tags:
|
||||||
- container_config_scripts
|
- container_config_scripts
|
||||||
|
|
||||||
|
|
@ -201,7 +201,7 @@
|
||||||
dest: "/var/lib/container-config-scripts/{{ item[0] }}"
|
dest: "/var/lib/container-config-scripts/{{ item[0] }}"
|
||||||
force: yes
|
force: yes
|
||||||
mode: "{{ item[1].mode | default('0600', true) }}"
|
mode: "{{ item[1].mode | default('0600', true) }}"
|
||||||
setype: svirt_sandbox_file_t
|
setype: container_file_t
|
||||||
loop: "{{ role_data_container_config_scripts | dictsort }}"
|
loop: "{{ role_data_container_config_scripts | dictsort }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
label: "{{ item[0] }}"
|
label: "{{ item[0] }}"
|
||||||
|
|
@ -254,7 +254,7 @@
|
||||||
file:
|
file:
|
||||||
path: /var/lib/kolla/config_files
|
path: /var/lib/kolla/config_files
|
||||||
state: directory
|
state: directory
|
||||||
setype: svirt_sandbox_file_t
|
setype: container_file_t
|
||||||
selevel: s0
|
selevel: s0
|
||||||
recurse: true
|
recurse: true
|
||||||
tags:
|
tags:
|
||||||
|
|
@ -264,7 +264,7 @@
|
||||||
file:
|
file:
|
||||||
path: /var/lib/config-data
|
path: /var/lib/config-data
|
||||||
state: directory
|
state: directory
|
||||||
setype: svirt_sandbox_file_t
|
setype: container_file_t
|
||||||
selevel: s0
|
selevel: s0
|
||||||
|
|
||||||
- name: Write kolla config json files
|
- name: Write kolla config json files
|
||||||
|
|
@ -274,7 +274,7 @@
|
||||||
dest: "{{ item[0] }}"
|
dest: "{{ item[0] }}"
|
||||||
force: yes
|
force: yes
|
||||||
mode: '0600'
|
mode: '0600'
|
||||||
setype: svirt_sandbox_file_t
|
setype: container_file_t
|
||||||
loop: "{{ lookup('file', tripleo_role_name + '/kolla_config.yaml', errors='ignore') | default([], True) | from_yaml | dictsort }}"
|
loop: "{{ lookup('file', tripleo_role_name + '/kolla_config.yaml', errors='ignore') | default([], True) | from_yaml | dictsort }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
label: "{{ item[0] }}"
|
label: "{{ item[0] }}"
|
||||||
|
|
@ -318,7 +318,7 @@
|
||||||
file:
|
file:
|
||||||
path: /etc/puppet/check-mode/hieradata
|
path: /etc/puppet/check-mode/hieradata
|
||||||
state: directory
|
state: directory
|
||||||
setype: svirt_sandbox_file_t
|
setype: container_file_t
|
||||||
selevel: s0
|
selevel: s0
|
||||||
recurse: true
|
recurse: true
|
||||||
check_mode: no
|
check_mode: no
|
||||||
|
|
|
||||||
|
|
@ -615,7 +615,7 @@ outputs:
|
||||||
file:
|
file:
|
||||||
path: /var/lib/tripleo-config/scripts
|
path: /var/lib/tripleo-config/scripts
|
||||||
state: directory
|
state: directory
|
||||||
setype: svirt_sandbox_file_t
|
setype: container_file_t
|
||||||
selevel: s0
|
selevel: s0
|
||||||
recurse: true
|
recurse: true
|
||||||
|
|
||||||
|
|
@ -1241,7 +1241,7 @@ outputs:
|
||||||
setype: svirt_sandbox_file_t
|
setype: svirt_sandbox_file_t
|
||||||
selevel: s0
|
selevel: s0
|
||||||
- name: ensure we get the right selinux context
|
- name: ensure we get the right selinux context
|
||||||
command: chcon -R -t svirt_sandbox_file_t /var/lib/config-data
|
command: chcon -R -t container_file_t /var/lib/config-data
|
||||||
args:
|
args:
|
||||||
warn: no
|
warn: no
|
||||||
tags:
|
tags:
|
||||||
|
|
@ -1629,7 +1629,7 @@ outputs:
|
||||||
name: Run Fast Forward Upgrade Prep Workarounds for {{role.name}}
|
name: Run Fast Forward Upgrade Prep Workarounds for {{role.name}}
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
- name: Create /var/lib/container-puppet
|
- name: Create /var/lib/container-puppet
|
||||||
file: path=/var/lib/container-puppet state=directory setype=svirt_sandbox_file_t selevel=s0 recurse=true
|
file: path=/var/lib/container-puppet state=directory setype=container_file_t selevel=s0 recurse=true
|
||||||
- name: Write container-puppet.py
|
- name: Write container-puppet.py
|
||||||
no_log: True
|
no_log: True
|
||||||
copy: src=docker_puppet_script.yaml dest=/var/lib/container-puppet/container-puppet.py force=yes mode=0600
|
copy: src=docker_puppet_script.yaml dest=/var/lib/container-puppet/container-puppet.py force=yes mode=0600
|
||||||
|
|
|
||||||
|
|
@ -246,8 +246,8 @@ outputs:
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
state: directory
|
state: directory
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/aodh, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/log/containers/httpd/aodh-api, setype: svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/httpd/aodh-api, setype: container_file_t, 'mode': '0750' }
|
||||||
metadata_settings:
|
metadata_settings:
|
||||||
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
||||||
external_upgrade_tasks:
|
external_upgrade_tasks:
|
||||||
|
|
|
||||||
|
|
@ -114,7 +114,7 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/aodh, 'setype': container_file_t, 'mode': '0750' }
|
||||||
external_upgrade_tasks:
|
external_upgrade_tasks:
|
||||||
- when:
|
- when:
|
||||||
- step|int == 1
|
- step|int == 1
|
||||||
|
|
|
||||||
|
|
@ -114,7 +114,7 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/aodh, 'setype': container_file_t, 'mode': '0750' }
|
||||||
external_upgrade_tasks:
|
external_upgrade_tasks:
|
||||||
- when:
|
- when:
|
||||||
- step|int == 1
|
- step|int == 1
|
||||||
|
|
|
||||||
|
|
@ -114,8 +114,8 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/aodh, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/log/aodh, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/log/aodh, 'setype': container_file_t }
|
||||||
external_upgrade_tasks:
|
external_upgrade_tasks:
|
||||||
- when:
|
- when:
|
||||||
- step|int == 1
|
- step|int == 1
|
||||||
|
|
|
||||||
|
|
@ -172,7 +172,7 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/ceilometer, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/ceilometer, 'setype': container_file_t, 'mode': '0750' }
|
||||||
external_upgrade_tasks:
|
external_upgrade_tasks:
|
||||||
- when:
|
- when:
|
||||||
- step|int == 1
|
- step|int == 1
|
||||||
|
|
|
||||||
|
|
@ -119,7 +119,7 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/ceilometer, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/ceilometer, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- name: enable virt_sandbox_use_netlink for healthcheck
|
- name: enable virt_sandbox_use_netlink for healthcheck
|
||||||
seboolean:
|
seboolean:
|
||||||
name: virt_sandbox_use_netlink
|
name: virt_sandbox_use_netlink
|
||||||
|
|
|
||||||
|
|
@ -137,7 +137,7 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/ceilometer, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/ceilometer, 'setype': container_file_t, 'mode': '0750' }
|
||||||
fast_forward_upgrade_tasks:
|
fast_forward_upgrade_tasks:
|
||||||
- when:
|
- when:
|
||||||
- step|int == 0
|
- step|int == 0
|
||||||
|
|
|
||||||
|
|
@ -124,7 +124,7 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/ceilometer, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/ceilometer, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- name: enable virt_sandbox_use_netlink for healthcheck
|
- name: enable virt_sandbox_use_netlink for healthcheck
|
||||||
seboolean:
|
seboolean:
|
||||||
name: virt_sandbox_use_netlink
|
name: virt_sandbox_use_netlink
|
||||||
|
|
|
||||||
|
|
@ -373,8 +373,8 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/cinder, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/log/containers/httpd/cinder-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/httpd/cinder-api, 'setype': container_file_t, 'mode': '0750' }
|
||||||
external_upgrade_tasks:
|
external_upgrade_tasks:
|
||||||
- when: step|int == 1
|
- when: step|int == 1
|
||||||
block:
|
block:
|
||||||
|
|
|
||||||
|
|
@ -72,8 +72,8 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/cinder, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/lib/cinder, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/lib/cinder, 'setype': container_file_t }
|
||||||
- name: ensure ceph configurations exist
|
- name: ensure ceph configurations exist
|
||||||
file:
|
file:
|
||||||
path: /etc/ceph
|
path: /etc/ceph
|
||||||
|
|
|
||||||
|
|
@ -135,7 +135,7 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/cinder, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- name: enable virt_sandbox_use_netlink for healthcheck
|
- name: enable virt_sandbox_use_netlink for healthcheck
|
||||||
seboolean:
|
seboolean:
|
||||||
name: virt_sandbox_use_netlink
|
name: virt_sandbox_use_netlink
|
||||||
|
|
|
||||||
|
|
@ -250,8 +250,8 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- {'path': /var/log/containers/mysql, 'setype': 'svirt_sandbox_file_t', 'mode': '0750'}
|
- {'path': /var/log/containers/mysql, 'setype': 'container_file_t', 'mode': '0750'}
|
||||||
- {'path': /var/lib/mysql, 'setype': 'svirt_sandbox_file_t'}
|
- {'path': /var/lib/mysql, 'setype': 'container_file_t'}
|
||||||
upgrade_tasks:
|
upgrade_tasks:
|
||||||
# LP 1810136
|
# LP 1810136
|
||||||
# After upgrade, the new mariadb (e.g. 10.3) might not be able
|
# After upgrade, the new mariadb (e.g. 10.3) might not be able
|
||||||
|
|
|
||||||
|
|
@ -313,9 +313,9 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- {'path': /var/log/containers/mysql, 'setype': 'svirt_sandbox_file_t', 'mode': '0750'}
|
- {'path': /var/log/containers/mysql, 'setype': 'container_file_t', 'mode': '0750'}
|
||||||
- {'path': /var/lib/mysql, 'setype': 'svirt_sandbox_file_t'}
|
- {'path': /var/lib/mysql, 'setype': 'container_file_t'}
|
||||||
- {'path': /var/log/mariadb, 'setype': 'svirt_sandbox_file_t', 'mode': '0750'}
|
- {'path': /var/log/mariadb, 'setype': 'container_file_t', 'mode': '0750'}
|
||||||
metadata_settings:
|
metadata_settings:
|
||||||
get_attr: [MysqlBase, role_data, metadata_settings]
|
get_attr: [MysqlBase, role_data, metadata_settings]
|
||||||
deploy_steps_tasks:
|
deploy_steps_tasks:
|
||||||
|
|
|
||||||
|
|
@ -169,7 +169,7 @@ outputs:
|
||||||
restart: always
|
restart: always
|
||||||
systemd_exec_flags:
|
systemd_exec_flags:
|
||||||
RuntimeDirectory: redis
|
RuntimeDirectory: redis
|
||||||
ExecStartPre: /bin/chcon -t svirt_sandbox_file_t /var/run/redis
|
ExecStartPre: /bin/chcon -t container_file_t /var/run/redis
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: /openstack/healthcheck
|
test: /openstack/healthcheck
|
||||||
volumes:
|
volumes:
|
||||||
|
|
@ -219,8 +219,8 @@ outputs:
|
||||||
path: "{{ item.path }}"
|
path: "{{ item.path }}"
|
||||||
state: directory
|
state: directory
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/redis, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/redis, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/run/redis, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/run/redis, 'setype': container_file_t }
|
||||||
- name: ensure /var/run/redis is present upon reboot
|
- name: ensure /var/run/redis is present upon reboot
|
||||||
copy:
|
copy:
|
||||||
dest: /etc/tmpfiles.d/var-run-redis.conf
|
dest: /etc/tmpfiles.d/var-run-redis.conf
|
||||||
|
|
|
||||||
|
|
@ -289,9 +289,9 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/lib/redis, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/lib/redis, 'setype': container_file_t }
|
||||||
- { 'path': /var/log/containers/redis, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/redis, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/run/redis, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/run/redis, 'setype': container_file_t }
|
||||||
- name: ensure /var/run/redis is present upon reboot
|
- name: ensure /var/run/redis is present upon reboot
|
||||||
copy:
|
copy:
|
||||||
dest: /etc/tmpfiles.d/var-run-redis.conf
|
dest: /etc/tmpfiles.d/var-run-redis.conf
|
||||||
|
|
|
||||||
|
|
@ -157,7 +157,7 @@ outputs:
|
||||||
file:
|
file:
|
||||||
path: /var/lib/etcd
|
path: /var/lib/etcd
|
||||||
state: directory
|
state: directory
|
||||||
setype: svirt_sandbox_file_t
|
setype: container_file_t
|
||||||
upgrade_tasks: []
|
upgrade_tasks: []
|
||||||
metadata_settings:
|
metadata_settings:
|
||||||
if:
|
if:
|
||||||
|
|
|
||||||
|
|
@ -165,4 +165,4 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/designate, 'setype': container_file_t, 'mode': '0750' }
|
||||||
|
|
|
||||||
|
|
@ -218,4 +218,4 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/designate, 'setype': container_file_t, 'mode': '0750' }
|
||||||
|
|
|
||||||
|
|
@ -175,5 +175,5 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/designate, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/log/designate, 'setype': container_file_t }
|
||||||
- { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/designate, 'setype': container_file_t, 'mode': '0750' }
|
||||||
|
|
|
||||||
|
|
@ -133,4 +133,4 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/designate, 'setype': container_file_t, 'mode': '0750' }
|
||||||
|
|
|
||||||
|
|
@ -125,4 +125,4 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/designate, 'setype': container_file_t, 'mode': '0750' }
|
||||||
|
|
|
||||||
|
|
@ -226,9 +226,9 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/designate, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- name: create persistent named directory
|
- name: create persistent named directory
|
||||||
file:
|
file:
|
||||||
path: /var/named-persistent
|
path: /var/named-persistent
|
||||||
state: directory
|
state: directory
|
||||||
setype: svirt_sandbox_file_t
|
setype: container_file_t
|
||||||
|
|
|
||||||
|
|
@ -121,7 +121,7 @@ parameters:
|
||||||
Netapp share to mount for image storage (when GlanceNetappNfsEnabled is true)
|
Netapp share to mount for image storage (when GlanceNetappNfsEnabled is true)
|
||||||
type: string
|
type: string
|
||||||
GlanceNfsOptions:
|
GlanceNfsOptions:
|
||||||
default: '_netdev,bg,intr,context=system_u:object_r:svirt_sandbox_file_t:s0'
|
default: '_netdev,bg,intr,context=system_u:object_r:container_file_t:s0'
|
||||||
description: >
|
description: >
|
||||||
NFS mount options for image storage (when GlanceNfsEnabled is true)
|
NFS mount options for image storage (when GlanceNfsEnabled is true)
|
||||||
type: string
|
type: string
|
||||||
|
|
@ -175,7 +175,7 @@ parameters:
|
||||||
URI that specifies the staging location to use when importing images
|
URI that specifies the staging location to use when importing images
|
||||||
type: string
|
type: string
|
||||||
GlanceStagingNfsOptions:
|
GlanceStagingNfsOptions:
|
||||||
default: '_netdev,bg,intr,context=system_u:object_r:svirt_sandbox_file_t:s0'
|
default: '_netdev,bg,intr,context=system_u:object_r:container_file_t:s0'
|
||||||
description: >
|
description: >
|
||||||
NFS mount options for NFS image import staging
|
NFS mount options for NFS image import staging
|
||||||
type: string
|
type: string
|
||||||
|
|
@ -621,7 +621,7 @@ outputs:
|
||||||
file:
|
file:
|
||||||
path: /var/lib/glance
|
path: /var/lib/glance
|
||||||
state: directory
|
state: directory
|
||||||
setype: svirt_sandbox_file_t
|
setype: container_file_t
|
||||||
metadata_settings:
|
metadata_settings:
|
||||||
get_attr: [TLSProxyBase, role_data, metadata_settings]
|
get_attr: [TLSProxyBase, role_data, metadata_settings]
|
||||||
external_upgrade_tasks:
|
external_upgrade_tasks:
|
||||||
|
|
|
||||||
|
|
@ -38,5 +38,5 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/glance, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/glance, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/log/containers/httpd/glance, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/httpd/glance, 'setype': container_file_t, 'mode': '0750' }
|
||||||
|
|
|
||||||
|
|
@ -358,9 +358,9 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/gnocchi, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/gnocchi, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/log/containers/httpd/gnocchi-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/httpd/gnocchi-api, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': {get_param: GnocchiFileBasePath}, 'setype': svirt_sandbox_file_t }
|
- { 'path': {get_param: GnocchiFileBasePath}, 'setype': container_file_t }
|
||||||
- name: ensure ceph configurations exist
|
- name: ensure ceph configurations exist
|
||||||
file:
|
file:
|
||||||
path: /etc/ceph
|
path: /etc/ceph
|
||||||
|
|
|
||||||
|
|
@ -159,12 +159,12 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/gnocchi, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/gnocchi, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- name: create persistent data directory
|
- name: create persistent data directory
|
||||||
file:
|
file:
|
||||||
path: {get_param: GnocchiFileBasePath}
|
path: {get_param: GnocchiFileBasePath}
|
||||||
state: directory
|
state: directory
|
||||||
setype: svirt_sandbox_file_t
|
setype: container_file_t
|
||||||
- name: ensure ceph configurations exist
|
- name: ensure ceph configurations exist
|
||||||
file:
|
file:
|
||||||
path: /etc/ceph
|
path: /etc/ceph
|
||||||
|
|
|
||||||
|
|
@ -151,12 +151,12 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/gnocchi, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/gnocchi, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- name: create persistent data directory
|
- name: create persistent data directory
|
||||||
file:
|
file:
|
||||||
path: {get_param: GnocchiFileBasePath}
|
path: {get_param: GnocchiFileBasePath}
|
||||||
state: directory
|
state: directory
|
||||||
setype: svirt_sandbox_file_t
|
setype: container_file_t
|
||||||
- name: ensure ceph configurations exist
|
- name: ensure ceph configurations exist
|
||||||
file:
|
file:
|
||||||
path: /etc/ceph
|
path: /etc/ceph
|
||||||
|
|
|
||||||
|
|
@ -365,7 +365,7 @@ outputs:
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/haproxy, 'setype': var_log_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/haproxy, 'setype': var_log_t, 'mode': '0750' }
|
||||||
- { 'path': /var/lib/haproxy, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/lib/haproxy, 'setype': container_file_t }
|
||||||
metadata_settings:
|
metadata_settings:
|
||||||
list_concat:
|
list_concat:
|
||||||
- {get_attr: [HAProxyPublicTLS, role_data, metadata_settings]}
|
- {get_attr: [HAProxyPublicTLS, role_data, metadata_settings]}
|
||||||
|
|
|
||||||
|
|
@ -306,8 +306,8 @@ outputs:
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/haproxy, 'setype': var_log_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/haproxy, 'setype': var_log_t, 'mode': '0750' }
|
||||||
- { 'path': /var/lib/haproxy, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/lib/haproxy, 'setype': container_file_t }
|
||||||
- { 'path': /var/log/haproxy, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/log/haproxy, 'setype': container_file_t }
|
||||||
metadata_settings:
|
metadata_settings:
|
||||||
{get_attr: [HAProxyBase, role_data, metadata_settings]}
|
{get_attr: [HAProxyBase, role_data, metadata_settings]}
|
||||||
deploy_steps_tasks:
|
deploy_steps_tasks:
|
||||||
|
|
|
||||||
|
|
@ -318,9 +318,9 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/horizon, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/horizon, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/log/containers/httpd/horizon, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/httpd/horizon, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/www, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/www, 'setype': container_file_t }
|
||||||
upgrade_tasks: []
|
upgrade_tasks: []
|
||||||
external_upgrade_tasks:
|
external_upgrade_tasks:
|
||||||
- when:
|
- when:
|
||||||
|
|
|
||||||
|
|
@ -279,8 +279,8 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/ironic, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/ironic, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/log/containers/httpd/ironic-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/httpd/ironic-api, 'setype': container_file_t, 'mode': '0750' }
|
||||||
external_upgrade_tasks:
|
external_upgrade_tasks:
|
||||||
- when: step|int == 1
|
- when: step|int == 1
|
||||||
block:
|
block:
|
||||||
|
|
|
||||||
|
|
@ -554,8 +554,8 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/ironic, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/ironic, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/lib/ironic, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/lib/ironic, 'setype': container_file_t }
|
||||||
- name: stat /httpboot
|
- name: stat /httpboot
|
||||||
stat: path=/httpboot
|
stat: path=/httpboot
|
||||||
register: stat_httpboot
|
register: stat_httpboot
|
||||||
|
|
|
||||||
|
|
@ -491,9 +491,9 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/ironic-inspector, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/ironic-inspector, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- name: create persistent ironic-inspector dnsmasq dhcp hostsdir
|
- name: create persistent ironic-inspector dnsmasq dhcp hostsdir
|
||||||
file:
|
file:
|
||||||
path: /var/lib/ironic-inspector/dhcp-hostsdir
|
path: /var/lib/ironic-inspector/dhcp-hostsdir
|
||||||
state: directory
|
state: directory
|
||||||
setype: svirt_sandbox_file_t
|
setype: container_file_t
|
||||||
|
|
|
||||||
|
|
@ -166,6 +166,6 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/lib/ironic, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/lib/ironic, 'setype': container_file_t }
|
||||||
- { 'path': /var/log/containers/ironic, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/ironic, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/log/containers/httpd/ironic-pxe, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/httpd/ironic-pxe, 'setype': container_file_t, 'mode': '0750' }
|
||||||
|
|
|
||||||
|
|
@ -99,12 +99,12 @@ outputs:
|
||||||
file:
|
file:
|
||||||
path: /etc/iscsi
|
path: /etc/iscsi
|
||||||
state: directory
|
state: directory
|
||||||
setype: svirt_sandbox_file_t
|
setype: container_file_t
|
||||||
- name: ensure /var/lib/iscsi exists
|
- name: ensure /var/lib/iscsi exists
|
||||||
file:
|
file:
|
||||||
path: /var/lib/iscsi
|
path: /var/lib/iscsi
|
||||||
state: directory
|
state: directory
|
||||||
setype: svirt_sandbox_file_t
|
setype: container_file_t
|
||||||
- name: stat /lib/systemd/system/iscsid.socket
|
- name: stat /lib/systemd/system/iscsid.socket
|
||||||
stat: path=/lib/systemd/system/iscsid.socket
|
stat: path=/lib/systemd/system/iscsid.socket
|
||||||
register: stat_iscsid_socket
|
register: stat_iscsid_socket
|
||||||
|
|
|
||||||
|
|
@ -149,4 +149,4 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/keepalived, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/keepalived, 'setype': container_file_t, 'mode': '0750' }
|
||||||
|
|
|
||||||
|
|
@ -39,5 +39,5 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/barbican, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/barbican, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/log/containers/httpd/barbican-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/httpd/barbican-api, 'setype': container_file_t, 'mode': '0750' }
|
||||||
|
|
|
||||||
|
|
@ -25,5 +25,5 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/heat, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/heat, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/log/containers/httpd/heat-api-cfn, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/httpd/heat-api-cfn, 'setype': container_file_t, 'mode': '0750' }
|
||||||
|
|
|
||||||
|
|
@ -25,5 +25,5 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/heat, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/heat, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/log/containers/httpd/heat-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/httpd/heat-api, 'setype': container_file_t, 'mode': '0750' }
|
||||||
|
|
|
||||||
|
|
@ -40,4 +40,4 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/heat, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/heat, 'setype': container_file_t, 'mode': '0750' }
|
||||||
|
|
|
||||||
|
|
@ -40,5 +40,5 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/keystone, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/keystone, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/log/containers/httpd/keystone, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/httpd/keystone, 'setype': container_file_t, 'mode': '0750' }
|
||||||
|
|
|
||||||
|
|
@ -48,5 +48,5 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/neutron, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/neutron, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/log/containers/httpd/neutron-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/httpd/neutron-api, 'setype': container_file_t, 'mode': '0750' }
|
||||||
|
|
|
||||||
|
|
@ -36,4 +36,4 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/neutron, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/neutron, 'setype': container_file_t, 'mode': '0750' }
|
||||||
|
|
|
||||||
|
|
@ -48,5 +48,5 @@ outputs:
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
state: directory
|
state: directory
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/nova, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/log/containers/httpd/nova-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/httpd/nova-api, 'setype': container_file_t, 'mode': '0750' }
|
||||||
|
|
|
||||||
|
|
@ -68,4 +68,4 @@ outputs:
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
state: directory
|
state: directory
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/nova, 'setype': container_file_t, 'mode': '0750' }
|
||||||
|
|
|
||||||
|
|
@ -38,4 +38,4 @@ outputs:
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
state: directory
|
state: directory
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/libvirt, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/libvirt, 'setype': container_file_t, 'mode': '0750' }
|
||||||
|
|
|
||||||
|
|
@ -37,5 +37,5 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/nova, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/log/containers/httpd/nova-metadata, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/httpd/nova-metadata, 'setype': container_file_t, 'mode': '0750' }
|
||||||
|
|
|
||||||
|
|
@ -37,5 +37,5 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/placement, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/placement, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/log/containers/httpd/placement, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/httpd/placement, 'setype': container_file_t, 'mode': '0750' }
|
||||||
|
|
|
||||||
|
|
@ -221,10 +221,10 @@ outputs:
|
||||||
file:
|
file:
|
||||||
path: /var/log/containers/rsyslog
|
path: /var/log/containers/rsyslog
|
||||||
state: directory
|
state: directory
|
||||||
setype: svirt_sandbox_file_t
|
setype: container_file_t
|
||||||
mode: '0750'
|
mode: '0750'
|
||||||
- name: create persistent state directory for rsyslog
|
- name: create persistent state directory for rsyslog
|
||||||
file:
|
file:
|
||||||
path: /var/lib/rsyslog.container
|
path: /var/lib/rsyslog.container
|
||||||
state: directory
|
state: directory
|
||||||
setype: svirt_sandbox_file_t
|
setype: container_file_t
|
||||||
|
|
|
||||||
|
|
@ -251,8 +251,8 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/manila, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/log/containers/httpd/manila-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/httpd/manila-api, 'setype': container_file_t, 'mode': '0750' }
|
||||||
upgrade_tasks: []
|
upgrade_tasks: []
|
||||||
fast_forward_upgrade_tasks:
|
fast_forward_upgrade_tasks:
|
||||||
- name: Check if manila_api is deployed
|
- name: Check if manila_api is deployed
|
||||||
|
|
|
||||||
|
|
@ -109,7 +109,7 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/manila, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- name: enable virt_sandbox_use_netlink for healthcheck
|
- name: enable virt_sandbox_use_netlink for healthcheck
|
||||||
seboolean:
|
seboolean:
|
||||||
name: virt_sandbox_use_netlink
|
name: virt_sandbox_use_netlink
|
||||||
|
|
|
||||||
|
|
@ -164,8 +164,8 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/manila, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/lib/manila, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/lib/manila, 'setype': container_file_t }
|
||||||
- name: ensure ceph configurations exist
|
- name: ensure ceph configurations exist
|
||||||
file:
|
file:
|
||||||
path: /etc/ceph
|
path: /etc/ceph
|
||||||
|
|
|
||||||
|
|
@ -201,8 +201,8 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/manila, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/lib/manila, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/lib/manila, 'setype': container_file_t }
|
||||||
- name: ensure ceph configurations exist
|
- name: ensure ceph configurations exist
|
||||||
file:
|
file:
|
||||||
path: /etc/ceph
|
path: /etc/ceph
|
||||||
|
|
|
||||||
|
|
@ -149,6 +149,6 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/qdrouterd, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/qdrouterd, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/lib/qdrouterd, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/lib/qdrouterd, 'setype': container_file_t }
|
||||||
metadata_settings: {}
|
metadata_settings: {}
|
||||||
|
|
|
||||||
|
|
@ -681,7 +681,7 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/collectd, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/collectd, 'setype': container_file_t, 'mode': '0750' }
|
||||||
fast_forward_upgrade_tasks:
|
fast_forward_upgrade_tasks:
|
||||||
- when:
|
- when:
|
||||||
- step|int == 0
|
- step|int == 0
|
||||||
|
|
|
||||||
|
|
@ -315,5 +315,5 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/metrics-qdr, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/metrics-qdr, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/lib/metrics-qdr, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/lib/metrics-qdr, 'setype': container_file_t }
|
||||||
|
|
|
||||||
|
|
@ -249,7 +249,7 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/mistral, 'setype': container_file_t, 'mode': '0750' }
|
||||||
deploy_steps_tasks:
|
deploy_steps_tasks:
|
||||||
- name: Copy in action mapping file
|
- name: Copy in action mapping file
|
||||||
when: step|int == 3
|
when: step|int == 3
|
||||||
|
|
|
||||||
|
|
@ -137,7 +137,7 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/mistral, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- name: enable virt_sandbox_use_netlink for healthcheck
|
- name: enable virt_sandbox_use_netlink for healthcheck
|
||||||
seboolean:
|
seboolean:
|
||||||
name: virt_sandbox_use_netlink
|
name: virt_sandbox_use_netlink
|
||||||
|
|
|
||||||
|
|
@ -112,7 +112,7 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/mistral, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- name: enable virt_sandbox_use_netlink for healthcheck
|
- name: enable virt_sandbox_use_netlink for healthcheck
|
||||||
seboolean:
|
seboolean:
|
||||||
name: virt_sandbox_use_netlink
|
name: virt_sandbox_use_netlink
|
||||||
|
|
|
||||||
|
|
@ -218,8 +218,8 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/mistral, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/lib/mistral, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/lib/mistral, 'setype': container_file_t }
|
||||||
- name: create mistral/.ssh directory
|
- name: create mistral/.ssh directory
|
||||||
file:
|
file:
|
||||||
path: /var/lib/mistral/.ssh
|
path: /var/lib/mistral/.ssh
|
||||||
|
|
@ -237,18 +237,18 @@ outputs:
|
||||||
src: "{{ undercloud_cfg_file }}"
|
src: "{{ undercloud_cfg_file }}"
|
||||||
dest: /var/lib/mistral/undercloud.conf
|
dest: /var/lib/mistral/undercloud.conf
|
||||||
mode: 0444
|
mode: 0444
|
||||||
setype: svirt_sandbox_file_t
|
setype: container_file_t
|
||||||
local_follow: true
|
local_follow: true
|
||||||
- name: create ceph-ansible source directory
|
- name: create ceph-ansible source directory
|
||||||
file:
|
file:
|
||||||
path: /usr/share/ceph-ansible
|
path: /usr/share/ceph-ansible
|
||||||
state: directory
|
state: directory
|
||||||
setype: svirt_sandbox_file_t
|
setype: container_file_t
|
||||||
- name: create octavia-amphora-images directory
|
- name: create octavia-amphora-images directory
|
||||||
file:
|
file:
|
||||||
path: /usr/share/openstack-octavia-amphora-images
|
path: /usr/share/openstack-octavia-amphora-images
|
||||||
state: directory
|
state: directory
|
||||||
setype: svirt_sandbox_file_t
|
setype: container_file_t
|
||||||
- name: enable virt_sandbox_use_netlink for healthcheck
|
- name: enable virt_sandbox_use_netlink for healthcheck
|
||||||
seboolean:
|
seboolean:
|
||||||
name: virt_sandbox_use_netlink
|
name: virt_sandbox_use_netlink
|
||||||
|
|
|
||||||
|
|
@ -154,10 +154,10 @@ outputs:
|
||||||
file:
|
file:
|
||||||
path: /etc/multipath
|
path: /etc/multipath
|
||||||
state: directory
|
state: directory
|
||||||
setype: svirt_sandbox_file_t
|
setype: container_file_t
|
||||||
- name: ensure /etc/multipath.conf exists
|
- name: ensure /etc/multipath.conf exists
|
||||||
file:
|
file:
|
||||||
path: /etc/multipath.conf
|
path: /etc/multipath.conf
|
||||||
state: touch
|
state: touch
|
||||||
setype: svirt_sandbox_file_t
|
setype: container_file_t
|
||||||
upgrade_tasks: []
|
upgrade_tasks: []
|
||||||
|
|
|
||||||
|
|
@ -414,7 +414,7 @@ outputs:
|
||||||
file:
|
file:
|
||||||
path: /var/lib/neutron
|
path: /var/lib/neutron
|
||||||
state: directory
|
state: directory
|
||||||
setype: svirt_sandbox_file_t
|
setype: container_file_t
|
||||||
- - name: enable virt_sandbox_use_netlink for healtcheck
|
- - name: enable virt_sandbox_use_netlink for healtcheck
|
||||||
seboolean:
|
seboolean:
|
||||||
name: virt_sandbox_use_netlink
|
name: virt_sandbox_use_netlink
|
||||||
|
|
|
||||||
|
|
@ -370,7 +370,7 @@ outputs:
|
||||||
file:
|
file:
|
||||||
path: /var/lib/neutron
|
path: /var/lib/neutron
|
||||||
state: directory
|
state: directory
|
||||||
setype: svirt_sandbox_file_t
|
setype: container_file_t
|
||||||
- - name: enable virt_sandbox_use_netlink for healtcheck
|
- - name: enable virt_sandbox_use_netlink for healtcheck
|
||||||
seboolean:
|
seboolean:
|
||||||
name: virt_sandbox_use_netlink
|
name: virt_sandbox_use_netlink
|
||||||
|
|
|
||||||
|
|
@ -203,7 +203,7 @@ outputs:
|
||||||
file:
|
file:
|
||||||
path: /var/lib/neutron
|
path: /var/lib/neutron
|
||||||
state: directory
|
state: directory
|
||||||
setype: svirt_sandbox_file_t
|
setype: container_file_t
|
||||||
- - name: enable virt_sandbox_use_netlink for healtcheck
|
- - name: enable virt_sandbox_use_netlink for healtcheck
|
||||||
seboolean:
|
seboolean:
|
||||||
name: virt_sandbox_use_netlink
|
name: virt_sandbox_use_netlink
|
||||||
|
|
|
||||||
|
|
@ -952,9 +952,9 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/lib/nova, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/lib/nova, 'setype': container_file_t }
|
||||||
- { 'path': /var/lib/nova/instances, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/lib/nova/instances, 'setype': container_file_t }
|
||||||
- { 'path': /var/lib/libvirt, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/lib/libvirt, 'setype': container_file_t }
|
||||||
- name: ensure ceph configurations exist
|
- name: ensure ceph configurations exist
|
||||||
file:
|
file:
|
||||||
path: /etc/ceph
|
path: /etc/ceph
|
||||||
|
|
|
||||||
|
|
@ -221,8 +221,8 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/nova, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/lib/nova, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/lib/nova, 'setype': container_file_t }
|
||||||
- name: enable virt_sandbox_use_netlink for healthcheck
|
- name: enable virt_sandbox_use_netlink for healthcheck
|
||||||
seboolean:
|
seboolean:
|
||||||
name: virt_sandbox_use_netlink
|
name: virt_sandbox_use_netlink
|
||||||
|
|
|
||||||
|
|
@ -827,14 +827,14 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /etc/libvirt, 'setype': svirt_sandbox_file_t }
|
- { 'path': /etc/libvirt, 'setype': container_file_t }
|
||||||
- { 'path': /etc/libvirt/secrets, 'setype': svirt_sandbox_file_t }
|
- { 'path': /etc/libvirt/secrets, 'setype': container_file_t }
|
||||||
- { 'path': /etc/libvirt/qemu, 'setype': svirt_sandbox_file_t }
|
- { 'path': /etc/libvirt/qemu, 'setype': container_file_t }
|
||||||
- { 'path': /var/lib/libvirt, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/lib/libvirt, 'setype': container_file_t }
|
||||||
- { 'path': /var/lib/nova, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/lib/nova, 'setype': container_file_t }
|
||||||
- { 'path': /var/run/libvirt, 'setype': virt_var_run_t }
|
- { 'path': /var/run/libvirt, 'setype': virt_var_run_t }
|
||||||
- { 'path': /var/log/libvirt, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/log/libvirt, 'setype': container_file_t }
|
||||||
- { 'path': /var/log/libvirt/qemu, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/log/libvirt/qemu, 'setype': container_file_t }
|
||||||
# qemu user on host will be cretaed by libvirt package install, ensure
|
# qemu user on host will be cretaed by libvirt package install, ensure
|
||||||
# the qemu user created with same uid/gid as like libvirt package.
|
# the qemu user created with same uid/gid as like libvirt package.
|
||||||
# These specific values are required since ovs is running on host.
|
# These specific values are required since ovs is running on host.
|
||||||
|
|
|
||||||
|
|
@ -246,7 +246,7 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/novajoin, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/novajoin, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- name: Enroll to FreeIPA
|
- name: Enroll to FreeIPA
|
||||||
command: ipa-client-install -U --password={{ ipa_otp }}
|
command: ipa-client-install -U --password={{ ipa_otp }}
|
||||||
args:
|
args:
|
||||||
|
|
|
||||||
|
|
@ -350,9 +350,9 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/octavia, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/log/containers/httpd/octavia-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/httpd/octavia-api, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/run/octavia, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/run/octavia, 'setype': container_file_t, 'mode': '0750' }
|
||||||
update_tasks:
|
update_tasks:
|
||||||
- name: Set internal tls variable
|
- name: Set internal tls variable
|
||||||
set_fact:
|
set_fact:
|
||||||
|
|
|
||||||
|
|
@ -155,4 +155,4 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/octavia, 'setype': container_file_t, 'mode': '0750' }
|
||||||
|
|
|
||||||
|
|
@ -154,5 +154,5 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/octavia, 'setype': container_file_t, 'mode': '0750' }
|
||||||
upgrade_tasks: []
|
upgrade_tasks: []
|
||||||
|
|
|
||||||
|
|
@ -141,7 +141,7 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/octavia, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- name: Ensure packages required for configuring octavia are present
|
- name: Ensure packages required for configuring octavia are present
|
||||||
package:
|
package:
|
||||||
name:
|
name:
|
||||||
|
|
|
||||||
|
|
@ -78,4 +78,4 @@ outputs:
|
||||||
file:
|
file:
|
||||||
path: "/var/log/containers/netcontrold"
|
path: "/var/log/containers/netcontrold"
|
||||||
state: directory
|
state: directory
|
||||||
setype: "svirt_sandbox_file_t"
|
setype: "container_file_t"
|
||||||
|
|
|
||||||
|
|
@ -286,8 +286,8 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/openvswitch, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/openvswitch, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/lib/openvswitch/ovn, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/lib/openvswitch/ovn, 'setype': container_file_t }
|
||||||
- name: enable virt_sandbox_use_netlink for healthcheck
|
- name: enable virt_sandbox_use_netlink for healthcheck
|
||||||
seboolean:
|
seboolean:
|
||||||
name: virt_sandbox_use_netlink
|
name: virt_sandbox_use_netlink
|
||||||
|
|
|
||||||
|
|
@ -202,6 +202,6 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/openvswitch, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/openvswitch, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/lib/openvswitch/ovn, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/lib/openvswitch/ovn, 'setype': container_file_t }
|
||||||
upgrade_tasks: []
|
upgrade_tasks: []
|
||||||
|
|
|
||||||
|
|
@ -252,8 +252,8 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/openvswitch, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/openvswitch, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/lib/openvswitch/ovn, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/lib/openvswitch/ovn, 'setype': container_file_t }
|
||||||
deploy_steps_tasks:
|
deploy_steps_tasks:
|
||||||
- name: OVN DBS tag container image for pacemaker
|
- name: OVN DBS tag container image for pacemaker
|
||||||
when: step|int == 1
|
when: step|int == 1
|
||||||
|
|
|
||||||
|
|
@ -370,5 +370,5 @@ outputs:
|
||||||
file:
|
file:
|
||||||
path: /var/lib/neutron
|
path: /var/lib/neutron
|
||||||
state: directory
|
state: directory
|
||||||
setype: svirt_sandbox_file_t
|
setype: container_file_t
|
||||||
upgrade_tasks: []
|
upgrade_tasks: []
|
||||||
|
|
|
||||||
|
|
@ -139,6 +139,6 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/qdrouterd, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/qdrouterd, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/lib/qdrouterd, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/lib/qdrouterd, 'setype': container_file_t }
|
||||||
metadata_settings: {}
|
metadata_settings: {}
|
||||||
|
|
|
||||||
|
|
@ -346,8 +346,8 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/rabbitmq, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/lib/rabbitmq, 'setype': container_file_t }
|
||||||
# TODO: Removal of package
|
# TODO: Removal of package
|
||||||
upgrade_tasks: []
|
upgrade_tasks: []
|
||||||
update_tasks:
|
update_tasks:
|
||||||
|
|
|
||||||
|
|
@ -295,8 +295,8 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/rabbitmq, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/lib/rabbitmq, 'setype': container_file_t }
|
||||||
upgrade_tasks: []
|
upgrade_tasks: []
|
||||||
update_tasks:
|
update_tasks:
|
||||||
# TODO: Are we sure we want to support this. Rolling update
|
# TODO: Are we sure we want to support this. Rolling update
|
||||||
|
|
|
||||||
|
|
@ -245,8 +245,8 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/lib/rabbitmq, 'setype': container_file_t }
|
||||||
- { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/rabbitmq, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- name: stop the Erlang port mapper on the host and make sure it cannot bind to the port used by container
|
- name: stop the Erlang port mapper on the host and make sure it cannot bind to the port used by container
|
||||||
shell: |
|
shell: |
|
||||||
echo 'export ERL_EPMD_ADDRESS=127.0.0.1' > /etc/rabbitmq/rabbitmq-env.conf
|
echo 'export ERL_EPMD_ADDRESS=127.0.0.1' > /etc/rabbitmq/rabbitmq-env.conf
|
||||||
|
|
|
||||||
|
|
@ -245,8 +245,8 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/lib/rabbitmq, 'setype': container_file_t }
|
||||||
- { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/rabbitmq, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- name: stop the Erlang port mapper on the host and make sure it cannot bind to the port used by container
|
- name: stop the Erlang port mapper on the host and make sure it cannot bind to the port used by container
|
||||||
shell: |
|
shell: |
|
||||||
echo 'export ERL_EPMD_ADDRESS=127.0.0.1' > /etc/rabbitmq/rabbitmq-env.conf
|
echo 'export ERL_EPMD_ADDRESS=127.0.0.1' > /etc/rabbitmq/rabbitmq-env.conf
|
||||||
|
|
|
||||||
|
|
@ -290,8 +290,8 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/rabbitmq, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/lib/rabbitmq, 'setype': container_file_t }
|
||||||
upgrade_tasks: []
|
upgrade_tasks: []
|
||||||
update_tasks:
|
update_tasks:
|
||||||
# TODO: Are we sure we want to support this. Rolling update
|
# TODO: Are we sure we want to support this. Rolling update
|
||||||
|
|
|
||||||
|
|
@ -253,8 +253,8 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/lib/rabbitmq, 'setype': container_file_t }
|
||||||
- { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/rabbitmq, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- name: stop the Erlang port mapper on the host and make sure it cannot bind to the port used by container
|
- name: stop the Erlang port mapper on the host and make sure it cannot bind to the port used by container
|
||||||
shell: |
|
shell: |
|
||||||
echo 'export ERL_EPMD_ADDRESS=127.0.0.1' > /etc/rabbitmq/rabbitmq-env.conf
|
echo 'export ERL_EPMD_ADDRESS=127.0.0.1' > /etc/rabbitmq/rabbitmq-env.conf
|
||||||
|
|
|
||||||
|
|
@ -210,8 +210,8 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/sahara, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/sahara, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/lib/sahara, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/lib/sahara, 'setype': container_file_t }
|
||||||
fast_forward_upgrade_tasks:
|
fast_forward_upgrade_tasks:
|
||||||
- when:
|
- when:
|
||||||
- step|int == 0
|
- step|int == 0
|
||||||
|
|
|
||||||
|
|
@ -127,8 +127,8 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/sahara, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/sahara, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/lib/sahara, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/lib/sahara, 'setype': container_file_t }
|
||||||
- name: enable virt_sandbox_use_netlink for healthcheck
|
- name: enable virt_sandbox_use_netlink for healthcheck
|
||||||
seboolean:
|
seboolean:
|
||||||
name: virt_sandbox_use_netlink
|
name: virt_sandbox_use_netlink
|
||||||
|
|
|
||||||
|
|
@ -433,9 +433,9 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /srv/node, 'setype': svirt_sandbox_file_t }
|
- { 'path': /srv/node, 'setype': container_file_t }
|
||||||
- { 'path': /var/log/swift, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/log/swift, 'setype': container_file_t }
|
||||||
- { 'path': /var/log/containers/swift, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/swift, 'setype': container_file_t, 'mode': '0750' }
|
||||||
deploy_steps_tasks:
|
deploy_steps_tasks:
|
||||||
- name: Configure rsyslog for swift-proxy
|
- name: Configure rsyslog for swift-proxy
|
||||||
when: step|int == 1
|
when: step|int == 1
|
||||||
|
|
|
||||||
|
|
@ -596,9 +596,9 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /srv/node, 'setype': svirt_sandbox_file_t }
|
- { 'path': /srv/node, 'setype': container_file_t }
|
||||||
- { 'path': /var/cache/swift, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/cache/swift, 'setype': container_file_t }
|
||||||
- { 'path': /var/log/containers/swift, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/swift, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- name: Set swift_use_local_disks fact
|
- name: Set swift_use_local_disks fact
|
||||||
set_fact:
|
set_fact:
|
||||||
swift_use_local_disks: {get_param: SwiftUseLocalDir}
|
swift_use_local_disks: {get_param: SwiftUseLocalDir}
|
||||||
|
|
|
||||||
|
|
@ -59,9 +59,9 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/tempest, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/tempest, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/lib/tempestdata, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/lib/tempestdata, 'setype': container_file_t }
|
||||||
- { 'path': /var/lib/tempest, 'setype': svirt_sandbox_file_t }
|
- { 'path': /var/lib/tempest, 'setype': container_file_t }
|
||||||
puppet_config:
|
puppet_config:
|
||||||
config_volume: ''
|
config_volume: ''
|
||||||
step_config: ''
|
step_config: ''
|
||||||
|
|
|
||||||
|
|
@ -385,7 +385,7 @@ outputs:
|
||||||
state: directory
|
state: directory
|
||||||
setype: "{{ item.setype }}"
|
setype: "{{ item.setype }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { 'path': /var/log/containers/zaqar, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/zaqar, 'setype': container_file_t, 'mode': '0750' }
|
||||||
- { 'path': /var/log/containers/httpd/zaqar, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
|
- { 'path': /var/log/containers/httpd/zaqar, 'setype': container_file_t, 'mode': '0750' }
|
||||||
metadata_settings:
|
metadata_settings:
|
||||||
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
get_attr: [ApacheServiceBase, role_data, metadata_settings]
|
||||||
|
|
|
||||||
|
|
@ -50,7 +50,7 @@ parameter_defaults:
|
||||||
## e.g. "'[fdd0::1]:/export/glance'")
|
## e.g. "'[fdd0::1]:/export/glance'")
|
||||||
# GlanceNfsShare: ''
|
# GlanceNfsShare: ''
|
||||||
## Mount options for the NFS image storage mount point
|
## Mount options for the NFS image storage mount point
|
||||||
# GlanceNfsOptions: 'intr,context=system_u:object_r:svirt_sandbox_file_t:s0'
|
# GlanceNfsOptions: 'intr,context=system_u:object_r:container_file_t:s0'
|
||||||
|
|
||||||
|
|
||||||
#### NOVA NFS SETTINGS ####
|
#### NOVA NFS SETTINGS ####
|
||||||
|
|
|
||||||
|
|
@ -19,7 +19,7 @@ parameter_defaults:
|
||||||
|
|
||||||
# NFS mount options for image storage (when GlanceNfsEnabled is true)
|
# NFS mount options for image storage (when GlanceNfsEnabled is true)
|
||||||
# Type: string
|
# Type: string
|
||||||
GlanceNfsOptions: _netdev,bg,intr,context=system_u:object_r:svirt_sandbox_file_t:s0
|
GlanceNfsOptions: _netdev,bg,intr,context=system_u:object_r:container_file_t:s0
|
||||||
|
|
||||||
# NFS share to mount for image storage (when GlanceNfsEnabled is true)
|
# NFS share to mount for image storage (when GlanceNfsEnabled is true)
|
||||||
# Type: string
|
# Type: string
|
||||||
|
|
@ -31,7 +31,7 @@ parameter_defaults:
|
||||||
|
|
||||||
# NFS mount options for NFS image import staging
|
# NFS mount options for NFS image import staging
|
||||||
# Type: string
|
# Type: string
|
||||||
GlanceStagingNfsOptions: _netdev,bg,intr,context=system_u:object_r:svirt_sandbox_file_t:s0
|
GlanceStagingNfsOptions: _netdev,bg,intr,context=system_u:object_r:container_file_t:s0
|
||||||
|
|
||||||
# NFS share to mount for image import staging
|
# NFS share to mount for image import staging
|
||||||
# Type: string
|
# Type: string
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
other:
|
||||||
|
- Not a functionnal change, only cosmetics. For better understanding and
|
||||||
|
readability, changing all the svirt_sandbox_file_t to shorter, nicer
|
||||||
|
container_file_t
|
||||||
Loading…
Reference in New Issue