Allow logrotate to access container_file_t files

Since we write logs directly from within containers, logrotate must be able to access them. Change-Id: I2a06cdcda92b2839d74373d6978ef65e7b4dedbd Related-Bug: #1836000
2019-07-10 08:09:10 +02:00 · 2019-07-10 08:09:10 +02:00 · b81bec56f2
parent d61a720177
commit b81bec56f2
1 changed files with 8 additions and 0 deletions
--- a/deployment/logrotate/logrotate-crond-container-puppet.yaml
+++ b/deployment/logrotate/logrotate-crond-container-puppet.yaml
@ -69,6 +69,14 @@ outputs:
        tripleo::profile::base::logging::logrotate::rotation: {get_param: LogrotateRotationInterval}
        tripleo::profile::base::logging::logrotate::rotate: {get_param: LogrotateRotate}
        tripleo::profile::base::logging::logrotate::purge_after_days: {get_param: LogrotatePurgeAfterDays}
+
+      host_prep_tasks:
+        - name: allow logrotate to read inside containers
+          seboolean:
+            name: logrotate_read_inside_containers
+            persistent: yes
+            state: yes
+
      deploy_steps_tasks:
        - name: configure tmpwatch on the host
          when: step|int == 2