From e7351d44c71c007310db5e6481fce6b0b7bb44dc Mon Sep 17 00:00:00 2001 From: Alex Schultz Date: Mon, 4 Nov 2019 08:48:24 -0700 Subject: [PATCH] [train-squash] Backport legacy log folder and readme cleanups These 3 backports will save a bit of time during train deployments. Ensure service log folder permissions We should ensure that the service folders are 0750. We're setting /var/log/containers but we should also ensure the service folders also have the correct permissions. Change-Id: I28e8017edc7e30a60288adf846da722fd6ab310e (cherry picked from commit f2147c9974c5e4d9fec91e87a2a42a7c0b8c9d5d) Drop legacy log folder and readme We switched to containers a long time ago. This patch drops the management of a /var/log/ directory and the creation of a readme indicating that we've moved to containers which makes the logging available under /var/log/containers/ Change-Id: Ia4e991d5d937031ac3312f639b726a944743dd1e (cherry picked from commit 7906fb43be72a150b5d10e0e18b21b568895b6e0) Readd creation of /var/log/mariadb directory https://review.opendev.org/#/c/692850/ cleaned up the legacy directories, but since then rhel8 jobs fails while starting galera containers with error of missing directory /var/log/mariadb, this patch adds it again. Closes-Bug: #1851847 Change-Id: Iea081ecb3fc021fc796c93631ed6f663fd9580db (cherry picked from commit 189d9b9211a65857cfd9191a00e9d86894af8293) --- deployment/aodh/aodh-api-container-puppet.yaml | 12 ++---------- .../aodh/aodh-evaluator-container-puppet.yaml | 10 +--------- .../aodh/aodh-listener-container-puppet.yaml | 10 +--------- .../aodh/aodh-notifier-container-puppet.yaml | 9 +-------- .../ceilometer-agent-central-container-puppet.yaml | 10 +--------- .../ceilometer-agent-compute-container-puppet.yaml | 10 +--------- .../ceilometer-agent-ipmi-container-puppet.yaml | 10 +--------- ...ometer-agent-notification-container-puppet.yaml | 10 +--------- deployment/cinder/cinder-api-container-puppet.yaml | 12 ++---------- .../cinder/cinder-common-container-puppet.yaml | 10 +--------- .../cinder/cinder-scheduler-container-puppet.yaml | 10 +--------- deployment/database/mysql-container-puppet.yaml | 10 +--------- deployment/database/mysql-pacemaker-puppet.yaml | 11 ++--------- deployment/database/redis-container-puppet.yaml | 10 +--------- deployment/database/redis-pacemaker-puppet.yaml | 10 +--------- .../designate/designate-api-container-puppet.yaml | 10 +--------- .../designate-central-container-puppet.yaml | 10 +--------- .../designate/designate-mdns-container-puppet.yaml | 9 +-------- .../designate-producer-container-puppet.yaml | 10 +--------- .../designate/designate-sink-container-puppet.yaml | 10 +--------- .../designate-worker-container-puppet.yaml | 10 +--------- .../glance/glance-api-logging-file-container.yaml | 10 +--------- .../gnocchi/gnocchi-api-container-puppet.yaml | 12 ++---------- .../gnocchi/gnocchi-metricd-container-puppet.yaml | 10 +--------- .../gnocchi/gnocchi-statsd-container-puppet.yaml | 10 +--------- deployment/haproxy/haproxy-container-puppet.yaml | 10 +--------- deployment/haproxy/haproxy-pacemaker-puppet.yaml | 9 +-------- deployment/horizon/horizon-container-puppet.yaml | 12 ++---------- deployment/ironic/ironic-api-container-puppet.yaml | 12 ++---------- .../ironic/ironic-conductor-container-puppet.yaml | 10 +--------- .../ironic/ironic-inspector-container-puppet.yaml | 10 +--------- deployment/ironic/ironic-pxe-container-puppet.yaml | 12 ++---------- .../keepalived/keepalived-container-puppet.yaml | 10 +--------- deployment/logging/files/barbican-api.yaml | 12 ++---------- deployment/logging/files/heat-api-cfn.yaml | 12 ++---------- deployment/logging/files/heat-api.yaml | 12 ++---------- deployment/logging/files/heat-engine.yaml | 10 +--------- deployment/logging/files/keystone.yaml | 12 ++---------- deployment/logging/files/neutron-api.yaml | 12 ++---------- deployment/logging/files/neutron-common.yaml | 10 +--------- deployment/logging/files/nova-api.yaml | 12 ++---------- deployment/logging/files/nova-common.yaml | 10 +--------- deployment/logging/files/nova-libvirt.yaml | 9 +-------- deployment/logging/files/nova-metadata.yaml | 12 ++---------- deployment/logging/files/placement-api.yaml | 12 ++---------- deployment/logging/rsyslog-container-puppet.yaml | 9 +-------- deployment/manila/manila-api-container-puppet.yaml | 12 ++---------- .../manila/manila-scheduler-container-puppet.yaml | 10 +--------- .../manila/manila-share-container-puppet.yaml | 10 +--------- .../manila/manila-share-pacemaker-puppet.yaml | 10 +--------- .../memcached/memcached-container-puppet.yaml | 14 -------------- .../messaging/rpc-qdrouterd-container-puppet.yaml | 2 +- deployment/metrics/collectd-container-puppet.yaml | 10 +--------- deployment/metrics/qdr-container-puppet.yaml | 9 +-------- .../mistral/mistral-api-container-puppet.yaml | 10 +--------- .../mistral/mistral-engine-container-puppet.yaml | 10 +--------- .../mistral-event-engine-container-puppet.yaml | 10 +--------- .../mistral/mistral-executor-container-puppet.yaml | 10 +--------- deployment/nova/nova-ironic-container-puppet.yaml | 10 +--------- deployment/nova/novajoin-container-puppet.yaml | 10 +--------- .../octavia/octavia-api-container-puppet.yaml | 12 ++---------- .../octavia-health-manager-container-puppet.yaml | 10 +--------- .../octavia-housekeeping-container-puppet.yaml | 10 +--------- .../octavia/octavia-worker-container-puppet.yaml | 10 +--------- .../ovn/ovn-controller-container-puppet.yaml | 10 +--------- deployment/ovn/ovn-dbs-container-puppet.yaml | 10 +--------- deployment/ovn/ovn-dbs-pacemaker-puppet.yaml | 10 +--------- deployment/qdr/qdrouterd-container-puppet.yaml | 10 +--------- deployment/rabbitmq/rabbitmq-container-puppet.yaml | 10 +--------- ...rabbitmq-messaging-notify-container-puppet.yaml | 10 +--------- ...rabbitmq-messaging-notify-pacemaker-puppet.yaml | 10 +--------- .../rabbitmq-messaging-pacemaker-puppet.yaml | 10 +--------- .../rabbitmq-messaging-rpc-container-puppet.yaml | 10 +--------- .../rabbitmq-messaging-rpc-pacemaker-puppet.yaml | 10 +--------- deployment/sahara/sahara-api-container-puppet.yaml | 10 +--------- .../sahara/sahara-engine-container-puppet.yaml | 10 +--------- deployment/swift/swift-proxy-container-puppet.yaml | 2 +- .../swift/swift-storage-container-puppet.yaml | 11 +---------- .../undercloud/tempest-container-puppet.yaml | 10 +--------- deployment/zaqar/zaqar-container-puppet.yaml | 12 ++---------- 80 files changed, 97 insertions(+), 721 deletions(-) diff --git a/deployment/aodh/aodh-api-container-puppet.yaml b/deployment/aodh/aodh-api-container-puppet.yaml index 3a584e4348..8675842114 100644 --- a/deployment/aodh/aodh-api-container-puppet.yaml +++ b/deployment/aodh/aodh-api-container-puppet.yaml @@ -221,16 +221,8 @@ outputs: setype: "{{ item.setype }}" state: directory with_items: - - { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/httpd/aodh-api, setype: svirt_sandbox_file_t } - - { 'path': /var/log/aodh, setype: svirt_sandbox_file_t } - - name: aodh logs readme - copy: - dest: /var/log/aodh/readme.txt - content: | - Log files from aodh containers can be found under - /var/log/containers/aodh and /var/log/containers/httpd/aodh-api. - ignore_errors: true + - { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t, 'mode': '0750' } + - { 'path': /var/log/containers/httpd/aodh-api, setype: svirt_sandbox_file_t, 'mode': '0750' } metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] external_upgrade_tasks: diff --git a/deployment/aodh/aodh-evaluator-container-puppet.yaml b/deployment/aodh/aodh-evaluator-container-puppet.yaml index f4cb753908..592b4d5d55 100644 --- a/deployment/aodh/aodh-evaluator-container-puppet.yaml +++ b/deployment/aodh/aodh-evaluator-container-puppet.yaml @@ -114,15 +114,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/aodh, 'setype': svirt_sandbox_file_t } - - name: aodh logs readme - copy: - dest: /var/log/aodh/readme.txt - content: | - Log files from aodh containers can be found under - /var/log/containers/aodh and /var/log/containers/httpd/aodh-api. - ignore_errors: true + - { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t, 'mode': '0750' } external_upgrade_tasks: - when: - step|int == 1 diff --git a/deployment/aodh/aodh-listener-container-puppet.yaml b/deployment/aodh/aodh-listener-container-puppet.yaml index c93fa25575..9d71fa6330 100644 --- a/deployment/aodh/aodh-listener-container-puppet.yaml +++ b/deployment/aodh/aodh-listener-container-puppet.yaml @@ -114,15 +114,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/aodh, 'setype': svirt_sandbox_file_t } - - name: aodh logs readme - copy: - dest: /var/log/aodh/readme.txt - content: | - Log files from aodh containers can be found under - /var/log/containers/aodh and /var/log/containers/httpd/aodh-api. - ignore_errors: true + - { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t, 'mode': '0750' } external_upgrade_tasks: - when: - step|int == 1 diff --git a/deployment/aodh/aodh-notifier-container-puppet.yaml b/deployment/aodh/aodh-notifier-container-puppet.yaml index b88b87ea5d..077983d6b6 100644 --- a/deployment/aodh/aodh-notifier-container-puppet.yaml +++ b/deployment/aodh/aodh-notifier-container-puppet.yaml @@ -114,15 +114,8 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/aodh, 'setype': svirt_sandbox_file_t } - - name: aodh logs readme - copy: - dest: /var/log/aodh/readme.txt - content: | - Log files from aodh containers can be found under - /var/log/containers/aodh and /var/log/containers/httpd/aodh-api. - ignore_errors: true external_upgrade_tasks: - when: - step|int == 1 diff --git a/deployment/ceilometer/ceilometer-agent-central-container-puppet.yaml b/deployment/ceilometer/ceilometer-agent-central-container-puppet.yaml index 822caf7eed..045a1f0977 100644 --- a/deployment/ceilometer/ceilometer-agent-central-container-puppet.yaml +++ b/deployment/ceilometer/ceilometer-agent-central-container-puppet.yaml @@ -161,15 +161,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/ceilometer, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/ceilometer, 'setype': svirt_sandbox_file_t } - - name: ceilometer logs readme - copy: - dest: /var/log/ceilometer/readme.txt - content: | - Log files from ceilometer containers can be found under - /var/log/containers/ceilometer. - ignore_errors: true + - { 'path': /var/log/containers/ceilometer, 'setype': svirt_sandbox_file_t, 'mode': '0750' } external_upgrade_tasks: - when: - step|int == 1 diff --git a/deployment/ceilometer/ceilometer-agent-compute-container-puppet.yaml b/deployment/ceilometer/ceilometer-agent-compute-container-puppet.yaml index a03902dc25..63230ef118 100644 --- a/deployment/ceilometer/ceilometer-agent-compute-container-puppet.yaml +++ b/deployment/ceilometer/ceilometer-agent-compute-container-puppet.yaml @@ -119,15 +119,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/ceilometer, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/ceilometer, 'setype': svirt_sandbox_file_t } - - name: ceilometer logs readme - copy: - dest: /var/log/ceilometer/readme.txt - content: | - Log files from ceilometer containers can be found under - /var/log/containers/ceilometer. - ignore_errors: true + - { 'path': /var/log/containers/ceilometer, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - name: enable virt_sandbox_use_netlink for healthcheck seboolean: name: virt_sandbox_use_netlink diff --git a/deployment/ceilometer/ceilometer-agent-ipmi-container-puppet.yaml b/deployment/ceilometer/ceilometer-agent-ipmi-container-puppet.yaml index 56282c4819..b910814266 100644 --- a/deployment/ceilometer/ceilometer-agent-ipmi-container-puppet.yaml +++ b/deployment/ceilometer/ceilometer-agent-ipmi-container-puppet.yaml @@ -137,15 +137,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/ceilometer, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/ceilometer, 'setype': svirt_sandbox_file_t } - - name: ceilometer logs readme - copy: - dest: /var/log/ceilometer/readme.txt - content: | - Log files from ceilometer containers can be found under - /var/log/containers/ceilometer. - ignore_errors: true + - { 'path': /var/log/containers/ceilometer, 'setype': svirt_sandbox_file_t, 'mode': '0750' } fast_forward_upgrade_tasks: - when: - step|int == 0 diff --git a/deployment/ceilometer/ceilometer-agent-notification-container-puppet.yaml b/deployment/ceilometer/ceilometer-agent-notification-container-puppet.yaml index bebfeb17fb..648ed8acfc 100644 --- a/deployment/ceilometer/ceilometer-agent-notification-container-puppet.yaml +++ b/deployment/ceilometer/ceilometer-agent-notification-container-puppet.yaml @@ -143,15 +143,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/ceilometer, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/ceilometer, 'setype': svirt_sandbox_file_t } - - name: ceilometer logs readme - copy: - dest: /var/log/ceilometer/readme.txt - content: | - Log files from ceilometer containers can be found under - /var/log/containers/ceilometer. - ignore_errors: true + - { 'path': /var/log/containers/ceilometer, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - name: enable virt_sandbox_use_netlink for healthcheck seboolean: name: virt_sandbox_use_netlink diff --git a/deployment/cinder/cinder-api-container-puppet.yaml b/deployment/cinder/cinder-api-container-puppet.yaml index 17e9880913..b01d581942 100644 --- a/deployment/cinder/cinder-api-container-puppet.yaml +++ b/deployment/cinder/cinder-api-container-puppet.yaml @@ -341,16 +341,8 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/httpd/cinder-api, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/cinder, 'setype': svirt_sandbox_file_t } - - name: cinder logs readme - copy: - dest: /var/log/cinder/readme.txt - content: | - Log files from cinder containers can be found under - /var/log/containers/cinder and /var/log/containers/httpd/cinder-api. - ignore_errors: true + - { 'path': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t, 'mode': '0750' } + - { 'path': /var/log/containers/httpd/cinder-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' } external_upgrade_tasks: - when: step|int == 1 block: diff --git a/deployment/cinder/cinder-common-container-puppet.yaml b/deployment/cinder/cinder-common-container-puppet.yaml index 58d4dc7cd0..b674538813 100644 --- a/deployment/cinder/cinder-common-container-puppet.yaml +++ b/deployment/cinder/cinder-common-container-puppet.yaml @@ -72,16 +72,8 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/lib/cinder, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/cinder, 'setype': svirt_sandbox_file_t } - - name: cinder logs readme - copy: - dest: /var/log/cinder/readme.txt - content: | - Log files from cinder containers can be found under - /var/log/containers/cinder and /var/log/containers/httpd/cinder-api. - ignore_errors: true - name: ensure ceph configurations exist file: path: /etc/ceph diff --git a/deployment/cinder/cinder-scheduler-container-puppet.yaml b/deployment/cinder/cinder-scheduler-container-puppet.yaml index abdbfc8939..82ccb3a946 100644 --- a/deployment/cinder/cinder-scheduler-container-puppet.yaml +++ b/deployment/cinder/cinder-scheduler-container-puppet.yaml @@ -135,15 +135,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/cinder, 'setype': svirt_sandbox_file_t } - - name: cinder logs readme - copy: - dest: /var/log/cinder/readme.txt - content: | - Log files from cinder containers can be found under - /var/log/containers/cinder and /var/log/containers/httpd/cinder-api. - ignore_errors: true + - { 'path': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - name: enable virt_sandbox_use_netlink for healthcheck seboolean: name: virt_sandbox_use_netlink diff --git a/deployment/database/mysql-container-puppet.yaml b/deployment/database/mysql-container-puppet.yaml index b20e93a3fe..2d2914942c 100644 --- a/deployment/database/mysql-container-puppet.yaml +++ b/deployment/database/mysql-container-puppet.yaml @@ -241,16 +241,8 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - {'path': /var/log/containers/mysql, 'setype': 'svirt_sandbox_file_t'} + - {'path': /var/log/containers/mysql, 'setype': 'svirt_sandbox_file_t', 'mode': '0750'} - {'path': /var/lib/mysql, 'setype': 'svirt_sandbox_file_t'} - - {'path': /var/log/mariadb, 'setype': 'svirt_sandbox_file_t'} - - name: mysql logs readme - copy: - dest: /var/log/mariadb/readme.txt - content: | - Log files from mysql containers can be found under - /var/log/containers/mysql. - ignore_errors: true upgrade_tasks: # LP 1810136 # After upgrade, the new mariadb (e.g. 10.3) might not be able diff --git a/deployment/database/mysql-pacemaker-puppet.yaml b/deployment/database/mysql-pacemaker-puppet.yaml index 4368741d7d..396ec76618 100644 --- a/deployment/database/mysql-pacemaker-puppet.yaml +++ b/deployment/database/mysql-pacemaker-puppet.yaml @@ -313,16 +313,9 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - {'path': /var/log/containers/mysql, 'setype': 'svirt_sandbox_file_t'} + - {'path': /var/log/containers/mysql, 'setype': 'svirt_sandbox_file_t', 'mode': '0750'} - {'path': /var/lib/mysql, 'setype': 'svirt_sandbox_file_t'} - - {'path': /var/log/mariadb, 'setype': 'svirt_sandbox_file_t'} - - name: mysql logs readme - copy: - dest: /var/log/mariadb/readme.txt - content: | - Log files from mysql containers can be found under - /var/log/containers/mysql. - ignore_errors: true + - {'path': /var/log/mariadb, 'setype': 'svirt_sandbox_file_t', 'mode': '0750'} metadata_settings: get_attr: [MysqlBase, role_data, metadata_settings] deploy_steps_tasks: diff --git a/deployment/database/redis-container-puppet.yaml b/deployment/database/redis-container-puppet.yaml index 1978bd79c1..479c172490 100644 --- a/deployment/database/redis-container-puppet.yaml +++ b/deployment/database/redis-container-puppet.yaml @@ -219,21 +219,13 @@ outputs: path: "{{ item.path }}" state: directory with_items: - - { 'path': /var/log/containers/redis, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/redis, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/run/redis, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/redis, 'setype': svirt_sandbox_file_t } - name: ensure /var/run/redis is present upon reboot copy: dest: /etc/tmpfiles.d/var-run-redis.conf content: | d /var/run/redis 0755 root root - - - - name: redis logs readme - copy: - dest: /var/log/redis/readme.txt - content: | - Log files from redis containers can be found under - /var/log/containers/redis. - ignore_errors: true update_tasks: - name: Ensure redis is uninstalled on container host when: step|int == 1 diff --git a/deployment/database/redis-pacemaker-puppet.yaml b/deployment/database/redis-pacemaker-puppet.yaml index 3f82ae653f..f73667298f 100644 --- a/deployment/database/redis-pacemaker-puppet.yaml +++ b/deployment/database/redis-pacemaker-puppet.yaml @@ -290,21 +290,13 @@ outputs: setype: "{{ item.setype }}" with_items: - { 'path': /var/lib/redis, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/redis, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/redis, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/run/redis, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/redis, 'setype': svirt_sandbox_file_t } - name: ensure /var/run/redis is present upon reboot copy: dest: /etc/tmpfiles.d/var-run-redis.conf content: | d /var/run/redis 0755 root root - - - - name: redis logs readme - copy: - dest: /var/log/redis/readme.txt - content: | - Log files from redis containers can be found under - /var/log/containers/redis. - ignore_errors: true deploy_steps_tasks: - name: Redis tag container image for pacemaker when: step|int == 1 diff --git a/deployment/experimental/designate/designate-api-container-puppet.yaml b/deployment/experimental/designate/designate-api-container-puppet.yaml index b7ae80a963..7e2ce04a62 100644 --- a/deployment/experimental/designate/designate-api-container-puppet.yaml +++ b/deployment/experimental/designate/designate-api-container-puppet.yaml @@ -160,12 +160,4 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/designate, 'setype': svirt_sandbox_file_t } - - name: designate logs readme - copy: - dest: /var/log/designate/readme.txt - content: | - Log files from designate containers can be found under - /var/log/containers/designate. - ignore_errors: true + - { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t, 'mode': '0750' } diff --git a/deployment/experimental/designate/designate-central-container-puppet.yaml b/deployment/experimental/designate/designate-central-container-puppet.yaml index 9b5e151bde..e7a951a9bf 100644 --- a/deployment/experimental/designate/designate-central-container-puppet.yaml +++ b/deployment/experimental/designate/designate-central-container-puppet.yaml @@ -194,12 +194,4 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/designate, 'setype': svirt_sandbox_file_t } - - name: designate logs readme - copy: - dest: /var/log/designate/readme.txt - content: | - Log files from designate containers can be found under - /var/log/containers/designate. - ignore_errors: true + - { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t, 'mode': '0750' } diff --git a/deployment/experimental/designate/designate-mdns-container-puppet.yaml b/deployment/experimental/designate/designate-mdns-container-puppet.yaml index f6e248ebe2..2b55a70d6d 100644 --- a/deployment/experimental/designate/designate-mdns-container-puppet.yaml +++ b/deployment/experimental/designate/designate-mdns-container-puppet.yaml @@ -161,11 +161,4 @@ outputs: setype: "{{ item.setype }}" with_items: - { 'path': /var/log/designate, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t } - - name: designate logs readme - copy: - dest: /var/log/designate/readme.txt - content: | - Log files from designate containers can be found under - /var/log/containers/designate. - ignore_errors: true + - { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t, 'mode': '0750' } diff --git a/deployment/experimental/designate/designate-producer-container-puppet.yaml b/deployment/experimental/designate/designate-producer-container-puppet.yaml index 0655363b1f..3e32e4f61f 100644 --- a/deployment/experimental/designate/designate-producer-container-puppet.yaml +++ b/deployment/experimental/designate/designate-producer-container-puppet.yaml @@ -133,12 +133,4 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/designate, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t } - - name: designate logs readme - copy: - dest: /var/log/designate/readme.txt - content: | - Log files from designate containers can be found under - /var/log/containers/designate. - ignore_errors: true + - { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t, 'mode': '0750' } diff --git a/deployment/experimental/designate/designate-sink-container-puppet.yaml b/deployment/experimental/designate/designate-sink-container-puppet.yaml index 0bd1994d81..7981909922 100644 --- a/deployment/experimental/designate/designate-sink-container-puppet.yaml +++ b/deployment/experimental/designate/designate-sink-container-puppet.yaml @@ -125,12 +125,4 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/designate, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t } - - name: designate logs readme - copy: - dest: /var/log/designate/readme.txt - content: | - Log files from designate containers can be found under - /var/log/containers/designate. - ignore_errors: true + - { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t, 'mode': '0750' } diff --git a/deployment/experimental/designate/designate-worker-container-puppet.yaml b/deployment/experimental/designate/designate-worker-container-puppet.yaml index d39987e710..4d1907a7d3 100644 --- a/deployment/experimental/designate/designate-worker-container-puppet.yaml +++ b/deployment/experimental/designate/designate-worker-container-puppet.yaml @@ -226,15 +226,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/designate, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t } - - name: designate logs readme - copy: - dest: /var/log/designate/readme.txt - content: | - Log files from designate containers can be found under - /var/log/containers/designate. - ignore_errors: true + - { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - name: create persistent named directory file: path: /var/named-persistent diff --git a/deployment/glance/glance-api-logging-file-container.yaml b/deployment/glance/glance-api-logging-file-container.yaml index c0016b168d..b8a1dd2aaf 100644 --- a/deployment/glance/glance-api-logging-file-container.yaml +++ b/deployment/glance/glance-api-logging-file-container.yaml @@ -38,13 +38,5 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/glance, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/glance, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/glance, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/containers/httpd/glance, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - - name: glance logs readme - copy: - dest: /var/log/glance/readme.txt - content: | - Log files from glance containers can be found under - /var/log/containers/glance. - ignore_errors: true diff --git a/deployment/gnocchi/gnocchi-api-container-puppet.yaml b/deployment/gnocchi/gnocchi-api-container-puppet.yaml index d06cfcdadd..00a0d75367 100644 --- a/deployment/gnocchi/gnocchi-api-container-puppet.yaml +++ b/deployment/gnocchi/gnocchi-api-container-puppet.yaml @@ -349,17 +349,9 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/gnocchi, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/httpd/gnocchi-api, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/gnocchi, 'setype': svirt_sandbox_file_t, 'mode': '0750' } + - { 'path': /var/log/containers/httpd/gnocchi-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': {get_param: GnocchiFileBasePath}, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/gnocchi, 'setype': svirt_sandbox_file_t } - - name: gnocchi logs readme - copy: - dest: /var/log/gnocchi/readme.txt - content: | - Log files from gnocchi containers can be found under - /var/log/containers/gnocchi and /var/log/containers/httpd/gnocchi-api. - ignore_errors: true - name: ensure ceph configurations exist file: path: /etc/ceph diff --git a/deployment/gnocchi/gnocchi-metricd-container-puppet.yaml b/deployment/gnocchi/gnocchi-metricd-container-puppet.yaml index f7deeae7f4..8fd18026f3 100644 --- a/deployment/gnocchi/gnocchi-metricd-container-puppet.yaml +++ b/deployment/gnocchi/gnocchi-metricd-container-puppet.yaml @@ -159,15 +159,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/gnocchi, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/gnocchi, 'setype': svirt_sandbox_file_t } - - name: gnocchi logs readme - copy: - dest: /var/log/gnocchi/readme.txt - content: | - Log files from gnocchi containers can be found under - /var/log/containers/gnocchi and /var/log/containers/httpd/gnocchi-api. - ignore_errors: true + - { 'path': /var/log/containers/gnocchi, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - name: create persistent data directory file: path: {get_param: GnocchiFileBasePath} diff --git a/deployment/gnocchi/gnocchi-statsd-container-puppet.yaml b/deployment/gnocchi/gnocchi-statsd-container-puppet.yaml index 6bf8abd1f0..16f1034372 100644 --- a/deployment/gnocchi/gnocchi-statsd-container-puppet.yaml +++ b/deployment/gnocchi/gnocchi-statsd-container-puppet.yaml @@ -153,15 +153,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/gnocchi, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/gnocchi, 'setype': svirt_sandbox_file_t } - - name: gnocchi logs readme - copy: - dest: /var/log/gnocchi/readme.txt - content: | - Log files from gnocchi containers can be found under - /var/log/containers/gnocchi and /var/log/containers/httpd/gnocchi-api. - ignore_errors: true + - { 'path': /var/log/containers/gnocchi, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - name: create persistent data directory file: path: {get_param: GnocchiFileBasePath} diff --git a/deployment/haproxy/haproxy-container-puppet.yaml b/deployment/haproxy/haproxy-container-puppet.yaml index e89a938066..8f77dbd77b 100644 --- a/deployment/haproxy/haproxy-container-puppet.yaml +++ b/deployment/haproxy/haproxy-container-puppet.yaml @@ -364,16 +364,8 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/haproxy, 'setype': var_log_t } + - { 'path': /var/log/containers/haproxy, 'setype': var_log_t, 'mode': '0750' } - { 'path': /var/lib/haproxy, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/haproxy, 'setype': svirt_sandbox_file_t } - - name: haproxy logs readme - copy: - dest: /var/log/haproxy/readme.txt - content: | - Log files from the haproxy containers can be found under - /var/log/containers/haproxy. - ignore_errors: true metadata_settings: list_concat: - {get_attr: [HAProxyPublicTLS, role_data, metadata_settings]} diff --git a/deployment/haproxy/haproxy-pacemaker-puppet.yaml b/deployment/haproxy/haproxy-pacemaker-puppet.yaml index ff19917c4a..82c50ce010 100644 --- a/deployment/haproxy/haproxy-pacemaker-puppet.yaml +++ b/deployment/haproxy/haproxy-pacemaker-puppet.yaml @@ -299,20 +299,13 @@ outputs: TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier} host_prep_tasks: - {get_attr: [HAProxyBase, role_data, host_prep_tasks]} - - name: haproxy logs readme - copy: - dest: /var/log/haproxy/readme.txt - content: | - Log files from the haproxy containers can be found under - /var/log/containers/haproxy. - ignore_errors: true - name: create persistent directories file: path: "{{ item.path }}" state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/haproxy, 'setype': var_log_t } + - { 'path': /var/log/containers/haproxy, 'setype': var_log_t, 'mode': '0750' } - { 'path': /var/lib/haproxy, 'setype': svirt_sandbox_file_t } - { 'path': /var/log/haproxy, 'setype': svirt_sandbox_file_t } metadata_settings: diff --git a/deployment/horizon/horizon-container-puppet.yaml b/deployment/horizon/horizon-container-puppet.yaml index bb6d25aedb..5b3f12aef5 100644 --- a/deployment/horizon/horizon-container-puppet.yaml +++ b/deployment/horizon/horizon-container-puppet.yaml @@ -321,17 +321,9 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/horizon, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/httpd/horizon, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/horizon, 'setype': svirt_sandbox_file_t, 'mode': '0750' } + - { 'path': /var/log/containers/httpd/horizon, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/www, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/horizon, 'setype': svirt_sandbox_file_t } - - name: horizon logs readme - copy: - dest: /var/log/horizon/readme.txt - content: | - Log files from horizon containers can be found under - /var/log/containers/horizon and /var/log/containers/httpd/horizon. - ignore_errors: true upgrade_tasks: [] external_upgrade_tasks: - when: diff --git a/deployment/ironic/ironic-api-container-puppet.yaml b/deployment/ironic/ironic-api-container-puppet.yaml index 8aab4fffd4..a5c427c806 100644 --- a/deployment/ironic/ironic-api-container-puppet.yaml +++ b/deployment/ironic/ironic-api-container-puppet.yaml @@ -268,16 +268,8 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/ironic, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/httpd/ironic-api, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/ironic, 'setype': svirt_sandbox_file_t } - - name: ironic logs readme - copy: - dest: /var/log/ironic/readme.txt - content: | - Log files from ironic containers can be found under - /var/log/containers/ironic and /var/log/containers/httpd/ironic-*. - ignore_errors: true + - { 'path': /var/log/containers/ironic, 'setype': svirt_sandbox_file_t, 'mode': '0750' } + - { 'path': /var/log/containers/httpd/ironic-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' } external_upgrade_tasks: - when: step|int == 1 block: diff --git a/deployment/ironic/ironic-conductor-container-puppet.yaml b/deployment/ironic/ironic-conductor-container-puppet.yaml index d4d4ac9a88..b9152da4f1 100644 --- a/deployment/ironic/ironic-conductor-container-puppet.yaml +++ b/deployment/ironic/ironic-conductor-container-puppet.yaml @@ -554,16 +554,8 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/ironic, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/ironic, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/lib/ironic, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/ironic, 'setype': svirt_sandbox_file_t } - - name: ironic logs readme - copy: - dest: /var/log/ironic/readme.txt - content: | - Log files from ironic containers can be found under - /var/log/containers/ironic and /var/log/containers/httpd/ironic-*. - ignore_errors: true - name: stat /httpboot stat: path=/httpboot register: stat_httpboot diff --git a/deployment/ironic/ironic-inspector-container-puppet.yaml b/deployment/ironic/ironic-inspector-container-puppet.yaml index dbbe6b7b86..84fee9ebed 100644 --- a/deployment/ironic/ironic-inspector-container-puppet.yaml +++ b/deployment/ironic/ironic-inspector-container-puppet.yaml @@ -463,15 +463,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/ironic-inspector, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/ironic-inspector, 'setype': svirt_sandbox_file_t } - - name: ironic-inspector logs readme - copy: - dest: /var/log/ironic-inspector/readme.txt - content: | - Log files from ironic-inspector container can be found under - /var/log/containers/ironic-inspector. - ignore_errors: true + - { 'path': /var/log/containers/ironic-inspector, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - name: create persistent ironic-inspector dnsmasq dhcp hostsdir file: path: /var/lib/ironic-inspector/dhcp-hostsdir diff --git a/deployment/ironic/ironic-pxe-container-puppet.yaml b/deployment/ironic/ironic-pxe-container-puppet.yaml index 4fe7ab6b1b..850ab8bc48 100644 --- a/deployment/ironic/ironic-pxe-container-puppet.yaml +++ b/deployment/ironic/ironic-pxe-container-puppet.yaml @@ -154,13 +154,5 @@ outputs: setype: "{{ item.setype }}" with_items: - { 'path': /var/lib/ironic, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/ironic, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/httpd/ironic-pxe, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/ironic, 'setype': svirt_sandbox_file_t } - - name: ironic logs readme - copy: - dest: /var/log/ironic/readme.txt - content: | - Log files from ironic containers can be found under - /var/log/containers/ironic and /var/log/containers/httpd/ironic-*. - ignore_errors: true + - { 'path': /var/log/containers/ironic, 'setype': svirt_sandbox_file_t, 'mode': '0750' } + - { 'path': /var/log/containers/httpd/ironic-pxe, 'setype': svirt_sandbox_file_t, 'mode': '0750' } diff --git a/deployment/keepalived/keepalived-container-puppet.yaml b/deployment/keepalived/keepalived-container-puppet.yaml index 1bdaa786d7..38322d1654 100644 --- a/deployment/keepalived/keepalived-container-puppet.yaml +++ b/deployment/keepalived/keepalived-container-puppet.yaml @@ -149,12 +149,4 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/keepalived, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/keepalived, 'setype': svirt_sandbox_file_t } - - name: keepalived logs readme - copy: - dest: /var/log/keepalived/readme.txt - content: | - Log files from keepalived containers can be found under - /var/log/containers/keepalived. - ignore_errors: true + - { 'path': /var/log/containers/keepalived, 'setype': svirt_sandbox_file_t, 'mode': '0750' } diff --git a/deployment/logging/files/barbican-api.yaml b/deployment/logging/files/barbican-api.yaml index 55cb3b91ff..4d49694cd4 100644 --- a/deployment/logging/files/barbican-api.yaml +++ b/deployment/logging/files/barbican-api.yaml @@ -39,13 +39,5 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/barbican, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/httpd/barbican-api, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/barbican, 'setype': var_log_t } - - name: barbican logs readme - copy: - dest: /var/log/barbican/readme.txt - content: | - Log files from barbican containers can be found under - /var/log/containers/barbican. - ignore_errors: true + - { 'path': /var/log/containers/barbican, 'setype': svirt_sandbox_file_t, 'mode': '0750' } + - { 'path': /var/log/containers/httpd/barbican-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' } diff --git a/deployment/logging/files/heat-api-cfn.yaml b/deployment/logging/files/heat-api-cfn.yaml index 010f751617..cbd36c8183 100644 --- a/deployment/logging/files/heat-api-cfn.yaml +++ b/deployment/logging/files/heat-api-cfn.yaml @@ -25,13 +25,5 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/heat, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/httpd/heat-api-cfn, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/heat, 'setype': var_log_t } - - name: heat logs readme - copy: - dest: /var/log/heat/readme.txt - content: | - Log files from heat containers can be found under - /var/log/containers/heat and /var/log/containers/httpd/heat-api*. - ignore_errors: true + - { 'path': /var/log/containers/heat, 'setype': svirt_sandbox_file_t, 'mode': '0750' } + - { 'path': /var/log/containers/httpd/heat-api-cfn, 'setype': svirt_sandbox_file_t, 'mode': '0750' } diff --git a/deployment/logging/files/heat-api.yaml b/deployment/logging/files/heat-api.yaml index 463b862fff..82258212c4 100644 --- a/deployment/logging/files/heat-api.yaml +++ b/deployment/logging/files/heat-api.yaml @@ -25,13 +25,5 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/heat, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/httpd/heat-api, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/heat, 'setype': var_log_t } - - name: heat logs readme - copy: - dest: /var/log/heat/readme.txt - content: | - Log files from heat containers can be found under - /var/log/containers/heat and /var/log/containers/httpd/heat-api*. - ignore_errors: true + - { 'path': /var/log/containers/heat, 'setype': svirt_sandbox_file_t, 'mode': '0750' } + - { 'path': /var/log/containers/httpd/heat-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' } diff --git a/deployment/logging/files/heat-engine.yaml b/deployment/logging/files/heat-engine.yaml index 980ae8cdbd..93b3704083 100644 --- a/deployment/logging/files/heat-engine.yaml +++ b/deployment/logging/files/heat-engine.yaml @@ -40,12 +40,4 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/heat, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/heat, 'setype': var_log_t } - - name: heat logs readme - copy: - dest: /var/log/heat/readme.txt - content: | - Log files from heat containers can be found under - /var/log/containers/heat and /var/log/containers/httpd/heat-api*. - ignore_errors: true + - { 'path': /var/log/containers/heat, 'setype': svirt_sandbox_file_t, 'mode': '0750' } diff --git a/deployment/logging/files/keystone.yaml b/deployment/logging/files/keystone.yaml index 3c43f9a98f..952c40af76 100644 --- a/deployment/logging/files/keystone.yaml +++ b/deployment/logging/files/keystone.yaml @@ -40,13 +40,5 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/keystone, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/httpd/keystone, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/keystone, 'setype': var_log_t } - - name: keystone logs readme - copy: - dest: /var/log/keystone/readme.txt - content: | - Log files from keystone containers can be found under - /var/log/containers/keystone and /var/log/containers/httpd/keystone. - ignore_errors: true + - { 'path': /var/log/containers/keystone, 'setype': svirt_sandbox_file_t, 'mode': '0750' } + - { 'path': /var/log/containers/httpd/keystone, 'setype': svirt_sandbox_file_t, 'mode': '0750' } diff --git a/deployment/logging/files/neutron-api.yaml b/deployment/logging/files/neutron-api.yaml index a2331e26bf..424513bb6c 100644 --- a/deployment/logging/files/neutron-api.yaml +++ b/deployment/logging/files/neutron-api.yaml @@ -48,13 +48,5 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/neutron, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/httpd/neutron-api, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/neutron, 'setype': var_log_t } - - name: neutron logs readme - copy: - dest: /var/log/neutron/readme.txt - content: | - Log files from neutron containers can be found under - /var/log/containers/neutron and /var/log/containers/httpd/neutron-api. - ignore_errors: true + - { 'path': /var/log/containers/neutron, 'setype': svirt_sandbox_file_t, 'mode': '0750' } + - { 'path': /var/log/containers/httpd/neutron-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' } diff --git a/deployment/logging/files/neutron-common.yaml b/deployment/logging/files/neutron-common.yaml index b38b90299d..3f2989c1bb 100644 --- a/deployment/logging/files/neutron-common.yaml +++ b/deployment/logging/files/neutron-common.yaml @@ -36,12 +36,4 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/neutron, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/neutron, 'setype': var_log_t } - - name: neutron logs readme - copy: - dest: /var/log/neutron/readme.txt - content: | - Log files from neutron containers can be found under - /var/log/containers/neutron and /var/log/containers/httpd/neutron-api. - ignore_errors: true + - { 'path': /var/log/containers/neutron, 'setype': svirt_sandbox_file_t, 'mode': '0750' } diff --git a/deployment/logging/files/nova-api.yaml b/deployment/logging/files/nova-api.yaml index a0f1e151c1..dddd391e44 100644 --- a/deployment/logging/files/nova-api.yaml +++ b/deployment/logging/files/nova-api.yaml @@ -48,13 +48,5 @@ outputs: setype: "{{ item.setype }}" state: directory with_items: - - { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/httpd/nova-api, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/nova, 'setype': var_log_t } - - name: nova logs readme - copy: - dest: /var/log/nova/readme.txt - content: | - Log files from nova containers can be found under - /var/log/containers/nova and /var/log/containers/httpd/nova-*. - ignore_errors: true + - { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t, 'mode': '0750' } + - { 'path': /var/log/containers/httpd/nova-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' } diff --git a/deployment/logging/files/nova-common.yaml b/deployment/logging/files/nova-common.yaml index 593521e943..43d3c5435e 100644 --- a/deployment/logging/files/nova-common.yaml +++ b/deployment/logging/files/nova-common.yaml @@ -68,12 +68,4 @@ outputs: setype: "{{ item.setype }}" state: directory with_items: - - { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/nova, 'setype': var_log_t } - - name: nova logs readme - copy: - dest: /var/log/nova/readme.txt - content: | - Log files from nova containers can be found under - /var/log/containers/nova and /var/log/containers/httpd/nova-*. - ignore_errors: true + - { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t, 'mode': '0750' } diff --git a/deployment/logging/files/nova-libvirt.yaml b/deployment/logging/files/nova-libvirt.yaml index 48110a744b..dc9cff9216 100644 --- a/deployment/logging/files/nova-libvirt.yaml +++ b/deployment/logging/files/nova-libvirt.yaml @@ -38,11 +38,4 @@ outputs: setype: "{{ item.setype }}" state: directory with_items: - - { 'path': /var/log/containers/libvirt, 'setype': svirt_sandbox_file_t } - - name: libvirt logs readme - copy: - dest: /var/log/libvirt/readme.txt - content: | - Log files from libvirt containers can be found under - /var/log/containers/libvirt. - ignore_errors: true + - { 'path': /var/log/containers/libvirt, 'setype': svirt_sandbox_file_t, 'mode': '0750' } diff --git a/deployment/logging/files/nova-metadata.yaml b/deployment/logging/files/nova-metadata.yaml index 27577881b6..1df5e8e578 100644 --- a/deployment/logging/files/nova-metadata.yaml +++ b/deployment/logging/files/nova-metadata.yaml @@ -37,13 +37,5 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/httpd/nova-metadata, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/nova, 'setype': var_log_t } - - name: nova logs readme - copy: - dest: /var/log/nova/readme.txt - content: | - Log files from nova containers can be found under - /var/log/containers/nova and /var/log/containers/httpd/nova-*. - ignore_errors: true + - { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t, 'mode': '0750' } + - { 'path': /var/log/containers/httpd/nova-metadata, 'setype': svirt_sandbox_file_t, 'mode': '0750' } diff --git a/deployment/logging/files/placement-api.yaml b/deployment/logging/files/placement-api.yaml index 557adc885e..a730640775 100644 --- a/deployment/logging/files/placement-api.yaml +++ b/deployment/logging/files/placement-api.yaml @@ -37,13 +37,5 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/placement, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/httpd/placement, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/placement, 'setype': var_log_t } - - name: Placement logs readme - copy: - dest: /var/log/placement/readme.txt - content: | - Log files from placement containers can be found under - /var/log/containers/placement and /var/log/containers/httpd/placement*. - ignore_errors: true + - { 'path': /var/log/containers/placement, 'setype': svirt_sandbox_file_t, 'mode': '0750' } + - { 'path': /var/log/containers/httpd/placement, 'setype': svirt_sandbox_file_t, 'mode': '0750' } diff --git a/deployment/logging/rsyslog-container-puppet.yaml b/deployment/logging/rsyslog-container-puppet.yaml index 1a1056cc78..68350c3712 100644 --- a/deployment/logging/rsyslog-container-puppet.yaml +++ b/deployment/logging/rsyslog-container-puppet.yaml @@ -222,16 +222,9 @@ outputs: path: /var/log/containers/rsyslog state: directory setype: svirt_sandbox_file_t + mode: '0750' - name: create persistent state directory for rsyslog file: path: /var/lib/rsyslog.container state: directory setype: svirt_sandbox_file_t - - name: rsyslog logs readme - copy: - dest: /var/log/rsyslog/readme.txt - content: | - Log files from rsyslog containers can be found under - /var/log/containers/rsyslog. And its state is stored - under /var/lib/rsyslog.container. - ignore_errors: true diff --git a/deployment/manila/manila-api-container-puppet.yaml b/deployment/manila/manila-api-container-puppet.yaml index 355568a8fb..4c70ed70d9 100644 --- a/deployment/manila/manila-api-container-puppet.yaml +++ b/deployment/manila/manila-api-container-puppet.yaml @@ -241,16 +241,8 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/httpd/manila-api, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/manila, 'setype': svirt_sandbox_file_t } - - name: manila logs readme - copy: - dest: /var/log/manila/readme.txt - content: | - Log files from manila containers can be found under - /var/log/containers/manila and /var/log/containers/httpd/manila-api. - ignore_errors: true + - { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t, 'mode': '0750' } + - { 'path': /var/log/containers/httpd/manila-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' } upgrade_tasks: [] fast_forward_upgrade_tasks: - name: Check if manila_api is deployed diff --git a/deployment/manila/manila-scheduler-container-puppet.yaml b/deployment/manila/manila-scheduler-container-puppet.yaml index db4ef9a767..b262d34754 100644 --- a/deployment/manila/manila-scheduler-container-puppet.yaml +++ b/deployment/manila/manila-scheduler-container-puppet.yaml @@ -109,15 +109,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/manila, 'setype': svirt_sandbox_file_t } - - name: manila logs readme - copy: - dest: /var/log/manila/readme.txt - content: | - Log files from manila containers can be found under - /var/log/containers/manila and /var/log/containers/httpd/manila-api. - ignore_errors: true + - { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - name: enable virt_sandbox_use_netlink for healthcheck seboolean: name: virt_sandbox_use_netlink diff --git a/deployment/manila/manila-share-container-puppet.yaml b/deployment/manila/manila-share-container-puppet.yaml index 87b9039592..490c2a0355 100644 --- a/deployment/manila/manila-share-container-puppet.yaml +++ b/deployment/manila/manila-share-container-puppet.yaml @@ -164,16 +164,8 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/lib/manila, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/manila, 'setype': svirt_sandbox_file_t } - - name: manila logs readme - copy: - dest: /var/log/manila/readme.txt - content: | - Log files from manila containers can be found under - /var/log/containers/manila and /var/log/containers/httpd/manila-api. - ignore_errors: true - name: ensure ceph configurations exist file: path: /etc/ceph diff --git a/deployment/manila/manila-share-pacemaker-puppet.yaml b/deployment/manila/manila-share-pacemaker-puppet.yaml index e08f11008f..2a5d8a6ed4 100644 --- a/deployment/manila/manila-share-pacemaker-puppet.yaml +++ b/deployment/manila/manila-share-pacemaker-puppet.yaml @@ -201,16 +201,8 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/lib/manila, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/manila, 'setype': svirt_sandbox_file_t } - - name: manila logs readme - copy: - dest: /var/log/manila/readme.txt - content: | - Log files from manila containers can be found under - /var/log/containers/manila and /var/log/containers/httpd/manila-api. - ignore_errors: true - name: ensure ceph configurations exist file: path: /etc/ceph diff --git a/deployment/memcached/memcached-container-puppet.yaml b/deployment/memcached/memcached-container-puppet.yaml index 2cb0ccd85f..8ab9f32923 100644 --- a/deployment/memcached/memcached-container-puppet.yaml +++ b/deployment/memcached/memcached-container-puppet.yaml @@ -170,20 +170,6 @@ outputs: - - /var/lib/config-data/memcached/etc/sysconfig/memcached:/etc/sysconfig/memcached:ro command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; /usr/bin/memcached -p ${PORT} -u ${USER} -m ${CACHESIZE} -c ${MAXCONN} $OPTIONS'] - host_prep_tasks: - - name: create persistent directories - file: - path: "{{ item.path }}" - state: directory - setype: "{{ item.setype }}" - with_items: - - { 'path': /var/log/memcached, 'setype': svirt_sandbox_file_t } - - name: memcached logs readme - copy: - dest: /var/log/memcached/readme.txt - content: | - Memcached container logs to stdout/stderr only. - ignore_errors: true upgrade_tasks: [] external_upgrade_tasks: - when: diff --git a/deployment/messaging/rpc-qdrouterd-container-puppet.yaml b/deployment/messaging/rpc-qdrouterd-container-puppet.yaml index ee4d8c1ed8..1be9e7ff39 100644 --- a/deployment/messaging/rpc-qdrouterd-container-puppet.yaml +++ b/deployment/messaging/rpc-qdrouterd-container-puppet.yaml @@ -150,6 +150,6 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/qdrouterd, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/qdrouterd, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/lib/qdrouterd, 'setype': svirt_sandbox_file_t } metadata_settings: {} diff --git a/deployment/metrics/collectd-container-puppet.yaml b/deployment/metrics/collectd-container-puppet.yaml index 3c3950f34a..cecdc32ee4 100644 --- a/deployment/metrics/collectd-container-puppet.yaml +++ b/deployment/metrics/collectd-container-puppet.yaml @@ -654,15 +654,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/collectd, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/collectd, 'setype': svirt_sandbox_file_t } - - name: collectd logs readme - copy: - dest: /var/log/collectd/readme.txt - content: | - Log files from collectd containers can be found under - /var/log/containers/collectd. - ignore_errors: true + - { 'path': /var/log/containers/collectd, 'setype': svirt_sandbox_file_t, 'mode': '0750' } fast_forward_upgrade_tasks: - when: - step|int == 0 diff --git a/deployment/metrics/qdr-container-puppet.yaml b/deployment/metrics/qdr-container-puppet.yaml index 5432f93fbf..450f5f30a7 100644 --- a/deployment/metrics/qdr-container-puppet.yaml +++ b/deployment/metrics/qdr-container-puppet.yaml @@ -318,12 +318,5 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/metrics-qdr, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/metrics-qdr, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/lib/metrics-qdr, 'setype': svirt_sandbox_file_t } - - name: qrouterd logs readme - copy: - dest: /var/log/qrouterd/readme-metrics.txt - content: | - Log files from metrics qrouterd containers can be found under - /var/log/containers/metrics-qdr. - ignore_errors: true diff --git a/deployment/mistral/mistral-api-container-puppet.yaml b/deployment/mistral/mistral-api-container-puppet.yaml index 9ac9360989..dee5fadc8a 100644 --- a/deployment/mistral/mistral-api-container-puppet.yaml +++ b/deployment/mistral/mistral-api-container-puppet.yaml @@ -222,12 +222,4 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/mistral, 'setype': svirt_sandbox_file_t } - - name: mistral logs readme - copy: - dest: /var/log/mistral/readme.txt - content: | - Log files from mistral containers can be found under - /var/log/containers/mistral. - ignore_errors: true + - { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t, 'mode': '0750' } diff --git a/deployment/mistral/mistral-engine-container-puppet.yaml b/deployment/mistral/mistral-engine-container-puppet.yaml index 58535d88b1..21123299c1 100644 --- a/deployment/mistral/mistral-engine-container-puppet.yaml +++ b/deployment/mistral/mistral-engine-container-puppet.yaml @@ -138,15 +138,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/mistral, 'setype': svirt_sandbox_file_t } - - name: mistral logs readme - copy: - dest: /var/log/mistral/readme.txt - content: | - Log files from mistral containers can be found under - /var/log/containers/mistral. - ignore_errors: true + - { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - name: enable virt_sandbox_use_netlink for healthcheck seboolean: name: virt_sandbox_use_netlink diff --git a/deployment/mistral/mistral-event-engine-container-puppet.yaml b/deployment/mistral/mistral-event-engine-container-puppet.yaml index 0c078b76e2..21dfcd82ec 100644 --- a/deployment/mistral/mistral-event-engine-container-puppet.yaml +++ b/deployment/mistral/mistral-event-engine-container-puppet.yaml @@ -113,15 +113,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/mistral, 'setype': svirt_sandbox_file_t } - - name: mistral logs readme - copy: - dest: /var/log/mistral/readme.txt - content: | - Log files from mistral containers can be found under - /var/log/containers/mistral. - ignore_errors: true + - { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - name: enable virt_sandbox_use_netlink for healthcheck seboolean: name: virt_sandbox_use_netlink diff --git a/deployment/mistral/mistral-executor-container-puppet.yaml b/deployment/mistral/mistral-executor-container-puppet.yaml index 6571050f0c..1c54226ed4 100644 --- a/deployment/mistral/mistral-executor-container-puppet.yaml +++ b/deployment/mistral/mistral-executor-container-puppet.yaml @@ -219,9 +219,8 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/lib/mistral, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/mistral, 'setype': svirt_sandbox_file_t } - name: create mistral/.ssh directory file: path: /var/lib/mistral/.ssh @@ -241,13 +240,6 @@ outputs: mode: 0444 setype: svirt_sandbox_file_t local_follow: true - - name: mistral logs readme - copy: - dest: /var/log/mistral/readme.txt - content: | - Log files from mistral containers can be found under - /var/log/containers/mistral. - ignore_errors: true - name: create ceph-ansible source directory file: path: /usr/share/ceph-ansible diff --git a/deployment/nova/nova-ironic-container-puppet.yaml b/deployment/nova/nova-ironic-container-puppet.yaml index 6ac33a6311..bfda959520 100644 --- a/deployment/nova/nova-ironic-container-puppet.yaml +++ b/deployment/nova/nova-ironic-container-puppet.yaml @@ -221,16 +221,8 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/lib/nova, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/nova, 'setype': svirt_sandbox_file_t } - - name: nova logs readme - copy: - dest: /var/log/nova/readme.txt - content: | - Log files from nova containers can be found under - /var/log/containers/nova and /var/log/containers/httpd/nova-*. - ignore_errors: true - name: enable virt_sandbox_use_netlink for healthcheck seboolean: name: virt_sandbox_use_netlink diff --git a/deployment/nova/novajoin-container-puppet.yaml b/deployment/nova/novajoin-container-puppet.yaml index 39d24095d8..5c0a43e6e0 100644 --- a/deployment/nova/novajoin-container-puppet.yaml +++ b/deployment/nova/novajoin-container-puppet.yaml @@ -233,15 +233,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/novajoin, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/novajoin, 'setype': svirt_sandbox_file_t } - - name: novajoin logs readme - copy: - dest: /var/log/novajoin/readme.txt - content: | - Log files from novajoin containers can be found under - /var/log/containers/novajoin - ignore_errors: true + - { 'path': /var/log/containers/novajoin, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - name: Enroll to FreeIPA command: ipa-client-install -U --password={{ ipa_otp }} args: diff --git a/deployment/octavia/octavia-api-container-puppet.yaml b/deployment/octavia/octavia-api-container-puppet.yaml index bfeb7242be..b2080b9817 100644 --- a/deployment/octavia/octavia-api-container-puppet.yaml +++ b/deployment/octavia/octavia-api-container-puppet.yaml @@ -340,17 +340,9 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/httpd/octavia-api, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/octavia, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t, 'mode': '0750' } + - { 'path': /var/log/containers/httpd/octavia-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/run/octavia, 'setype': svirt_sandbox_file_t } - - name: octavia logs readme - copy: - dest: /var/log/octavia/readme.txt - content: | - Log files from octavia containers can be found under - /var/log/containers/octavia and /var/log/containers/httpd/octavia-api. - ignore_errors: true update_tasks: - name: Set internal tls variable set_fact: diff --git a/deployment/octavia/octavia-health-manager-container-puppet.yaml b/deployment/octavia/octavia-health-manager-container-puppet.yaml index 8a77bff3bc..4332c64263 100644 --- a/deployment/octavia/octavia-health-manager-container-puppet.yaml +++ b/deployment/octavia/octavia-health-manager-container-puppet.yaml @@ -155,12 +155,4 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/octavia, 'setype': svirt_sandbox_file_t } - - name: octavia logs readme - copy: - dest: /var/log/octavia/readme.txt - content: | - Log files from octavia containers can be found under - /var/log/containers/octavia and /var/log/containers/httpd/octavia-api. - ignore_errors: true + - { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t, 'mode': '0750' } diff --git a/deployment/octavia/octavia-housekeeping-container-puppet.yaml b/deployment/octavia/octavia-housekeeping-container-puppet.yaml index ba21eb3328..a832a0b7b6 100644 --- a/deployment/octavia/octavia-housekeeping-container-puppet.yaml +++ b/deployment/octavia/octavia-housekeeping-container-puppet.yaml @@ -154,13 +154,5 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/octavia, 'setype': svirt_sandbox_file_t } - - name: octavia logs readme - copy: - dest: /var/log/octavia/readme.txt - content: | - Log files from octavia containers can be found under - /var/log/containers/octavia and /var/log/containers/httpd/octavia-api. - ignore_errors: true + - { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t, 'mode': '0750' } upgrade_tasks: [] diff --git a/deployment/octavia/octavia-worker-container-puppet.yaml b/deployment/octavia/octavia-worker-container-puppet.yaml index b67ad9eb6b..c19ba37c32 100644 --- a/deployment/octavia/octavia-worker-container-puppet.yaml +++ b/deployment/octavia/octavia-worker-container-puppet.yaml @@ -141,15 +141,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/octavia, 'setype': svirt_sandbox_file_t } - - name: octavia logs readme - copy: - dest: /var/log/octavia/readme.txt - content: | - Log files from octavia containers can be found under - /var/log/containers/octavia and /var/log/containers/httpd/octavia-api. - ignore_errors: true + - { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - name: Ensure packages required for configuring octavia are present package: name: diff --git a/deployment/ovn/ovn-controller-container-puppet.yaml b/deployment/ovn/ovn-controller-container-puppet.yaml index c66eea0647..08cf4233be 100644 --- a/deployment/ovn/ovn-controller-container-puppet.yaml +++ b/deployment/ovn/ovn-controller-container-puppet.yaml @@ -278,16 +278,8 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/openvswitch, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/openvswitch, 'setype': openvswitch_log_t } + - { 'path': /var/log/containers/openvswitch, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/lib/openvswitch/ovn, 'setype': svirt_sandbox_file_t } - - name: openvswitch logs readme - copy: - dest: /var/log/openvswitch/readme.txt - content: | - Log files from openvswitch containers can be found under - /var/log/containers/openvswitch. - ignore_errors: true - name: enable virt_sandbox_use_netlink for healthcheck seboolean: name: virt_sandbox_use_netlink diff --git a/deployment/ovn/ovn-dbs-container-puppet.yaml b/deployment/ovn/ovn-dbs-container-puppet.yaml index cd48ab5525..9d8f4a854e 100644 --- a/deployment/ovn/ovn-dbs-container-puppet.yaml +++ b/deployment/ovn/ovn-dbs-container-puppet.yaml @@ -202,14 +202,6 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/openvswitch, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/openvswitch, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/lib/openvswitch/ovn, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/openvswitch, 'setype': openvswitch_log_t } - - name: openvswitch logs readme - copy: - dest: /var/log/openvswitch/readme.txt - content: | - Log files from openvswitch containers can be found under - /var/log/containers/openvswitch. - ignore_errors: true upgrade_tasks: [] diff --git a/deployment/ovn/ovn-dbs-pacemaker-puppet.yaml b/deployment/ovn/ovn-dbs-pacemaker-puppet.yaml index 800f4a83a5..54edf2cfb8 100644 --- a/deployment/ovn/ovn-dbs-pacemaker-puppet.yaml +++ b/deployment/ovn/ovn-dbs-pacemaker-puppet.yaml @@ -252,16 +252,8 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/openvswitch, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/openvswitch, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/lib/openvswitch/ovn, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/openvswitch, 'setype': openvswitch_log_t } - - name: openvswitch logs readme - copy: - dest: /var/log/openvswitch/readme.txt - content: | - Log files from openvswitch containers can be found under - /var/log/containers/openvswitch. - ignore_errors: true deploy_steps_tasks: - name: OVN DBS tag container image for pacemaker when: step|int == 1 diff --git a/deployment/qdr/qdrouterd-container-puppet.yaml b/deployment/qdr/qdrouterd-container-puppet.yaml index 26acf942ca..6735af2567 100644 --- a/deployment/qdr/qdrouterd-container-puppet.yaml +++ b/deployment/qdr/qdrouterd-container-puppet.yaml @@ -139,14 +139,6 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/qdrouterd, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/qdrouterd, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/lib/qdrouterd, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/qdrouterd, 'setype': svirt_sandbox_file_t } - - name: qrouterd logs readme - copy: - dest: /var/log/qrouterd/readme.txt - content: | - Log files from qrouterd containers can be found under - /var/log/containers/qrouterd. - ignore_errors: true metadata_settings: {} diff --git a/deployment/rabbitmq/rabbitmq-container-puppet.yaml b/deployment/rabbitmq/rabbitmq-container-puppet.yaml index 3a4d8ead33..dcb7ac9e01 100644 --- a/deployment/rabbitmq/rabbitmq-container-puppet.yaml +++ b/deployment/rabbitmq/rabbitmq-container-puppet.yaml @@ -356,16 +356,8 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/rabbitmq, 'setype': svirt_sandbox_file_t } - - name: rabbitmq logs readme - copy: - dest: /var/log/rabbitmq/readme.txt - content: | - Log files from rabbitmq containers can be found under - /var/log/containers/rabbitmq. - ignore_errors: true # TODO: Removal of package upgrade_tasks: [] update_tasks: diff --git a/deployment/rabbitmq/rabbitmq-messaging-notify-container-puppet.yaml b/deployment/rabbitmq/rabbitmq-messaging-notify-container-puppet.yaml index b12a6f73c3..4f38baf7b5 100644 --- a/deployment/rabbitmq/rabbitmq-messaging-notify-container-puppet.yaml +++ b/deployment/rabbitmq/rabbitmq-messaging-notify-container-puppet.yaml @@ -300,16 +300,8 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/rabbitmq, 'setype': svirt_sandbox_file_t } - - name: rabbitmq logs readme - copy: - dest: /var/log/rabbitmq/readme.txt - content: | - Log files from rabbitmq containers can be found under - /var/log/containers/rabbitmq. - ignore_errors: true upgrade_tasks: [] update_tasks: # TODO: Are we sure we want to support this. Rolling update diff --git a/deployment/rabbitmq/rabbitmq-messaging-notify-pacemaker-puppet.yaml b/deployment/rabbitmq/rabbitmq-messaging-notify-pacemaker-puppet.yaml index 36fa734909..dca1097a35 100644 --- a/deployment/rabbitmq/rabbitmq-messaging-notify-pacemaker-puppet.yaml +++ b/deployment/rabbitmq/rabbitmq-messaging-notify-pacemaker-puppet.yaml @@ -246,15 +246,7 @@ outputs: setype: "{{ item.setype }}" with_items: - { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/rabbitmq, 'setype': svirt_sandbox_file_t } - - name: rabbitmq logs readme - copy: - dest: /var/log/rabbitmq/readme.txt - content: | - Log files from rabbitmq containers can be found under - /var/log/containers/rabbitmq. - ignore_errors: true + - { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - name: stop the Erlang port mapper on the host and make sure it cannot bind to the port used by container shell: | echo 'export ERL_EPMD_ADDRESS=127.0.0.1' > /etc/rabbitmq/rabbitmq-env.conf diff --git a/deployment/rabbitmq/rabbitmq-messaging-pacemaker-puppet.yaml b/deployment/rabbitmq/rabbitmq-messaging-pacemaker-puppet.yaml index a4781eff4f..a610d37550 100644 --- a/deployment/rabbitmq/rabbitmq-messaging-pacemaker-puppet.yaml +++ b/deployment/rabbitmq/rabbitmq-messaging-pacemaker-puppet.yaml @@ -246,15 +246,7 @@ outputs: setype: "{{ item.setype }}" with_items: - { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/rabbitmq, 'setype': svirt_sandbox_file_t } - - name: rabbitmq logs readme - copy: - dest: /var/log/rabbitmq/readme.txt - content: | - Log files from rabbitmq containers can be found under - /var/log/containers/rabbitmq. - ignore_errors: true + - { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - name: stop the Erlang port mapper on the host and make sure it cannot bind to the port used by container shell: | echo 'export ERL_EPMD_ADDRESS=127.0.0.1' > /etc/rabbitmq/rabbitmq-env.conf diff --git a/deployment/rabbitmq/rabbitmq-messaging-rpc-container-puppet.yaml b/deployment/rabbitmq/rabbitmq-messaging-rpc-container-puppet.yaml index 7e66b8d7e3..790cec9e9d 100644 --- a/deployment/rabbitmq/rabbitmq-messaging-rpc-container-puppet.yaml +++ b/deployment/rabbitmq/rabbitmq-messaging-rpc-container-puppet.yaml @@ -300,16 +300,8 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/rabbitmq, 'setype': svirt_sandbox_file_t } - - name: rabbitmq logs readme - copy: - dest: /var/log/rabbitmq/readme.txt - content: | - Log files from rabbitmq containers can be found under - /var/log/containers/rabbitmq. - ignore_errors: true upgrade_tasks: [] update_tasks: # TODO: Are we sure we want to support this. Rolling update diff --git a/deployment/rabbitmq/rabbitmq-messaging-rpc-pacemaker-puppet.yaml b/deployment/rabbitmq/rabbitmq-messaging-rpc-pacemaker-puppet.yaml index 3391201a2b..dc86b0e1f0 100644 --- a/deployment/rabbitmq/rabbitmq-messaging-rpc-pacemaker-puppet.yaml +++ b/deployment/rabbitmq/rabbitmq-messaging-rpc-pacemaker-puppet.yaml @@ -254,15 +254,7 @@ outputs: setype: "{{ item.setype }}" with_items: - { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/rabbitmq, 'setype': svirt_sandbox_file_t } - - name: rabbitmq logs readme - copy: - dest: /var/log/rabbitmq/readme.txt - content: | - Log files from rabbitmq containers can be found under - /var/log/containers/rabbitmq. - ignore_errors: true + - { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - name: stop the Erlang port mapper on the host and make sure it cannot bind to the port used by container shell: | echo 'export ERL_EPMD_ADDRESS=127.0.0.1' > /etc/rabbitmq/rabbitmq-env.conf diff --git a/deployment/sahara/sahara-api-container-puppet.yaml b/deployment/sahara/sahara-api-container-puppet.yaml index 45d955c213..6e71621dc2 100644 --- a/deployment/sahara/sahara-api-container-puppet.yaml +++ b/deployment/sahara/sahara-api-container-puppet.yaml @@ -198,16 +198,8 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/sahara, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/sahara, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/lib/sahara, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/sahara, 'setype': svirt_sandbox_file_t } - - name: sahara logs readme - copy: - dest: /var/log/sahara/readme.txt - content: | - Log files from sahara containers can be found under - /var/log/containers/sahara. - ignore_errors: true fast_forward_upgrade_tasks: - when: - step|int == 0 diff --git a/deployment/sahara/sahara-engine-container-puppet.yaml b/deployment/sahara/sahara-engine-container-puppet.yaml index 7ba525ddca..7213d16e8a 100644 --- a/deployment/sahara/sahara-engine-container-puppet.yaml +++ b/deployment/sahara/sahara-engine-container-puppet.yaml @@ -127,16 +127,8 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/sahara, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/sahara, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/lib/sahara, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/sahara, 'setype': svirt_sandbox_file_t } - - name: sahara logs readme - copy: - dest: /var/log/sahara/readme.txt - content: | - Log files from sahara containers can be found under - /var/log/containers/sahara. - ignore_errors: true - name: enable virt_sandbox_use_netlink for healthcheck seboolean: name: virt_sandbox_use_netlink diff --git a/deployment/swift/swift-proxy-container-puppet.yaml b/deployment/swift/swift-proxy-container-puppet.yaml index 79b13b9cb2..4e90ca54e5 100644 --- a/deployment/swift/swift-proxy-container-puppet.yaml +++ b/deployment/swift/swift-proxy-container-puppet.yaml @@ -437,7 +437,7 @@ outputs: with_items: - { 'path': /srv/node, 'setype': svirt_sandbox_file_t } - { 'path': /var/log/swift, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/swift, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/swift, 'setype': svirt_sandbox_file_t, 'mode': '0750' } deploy_steps_tasks: - name: Configure rsyslog for swift-proxy when: step|int == 1 diff --git a/deployment/swift/swift-storage-container-puppet.yaml b/deployment/swift/swift-storage-container-puppet.yaml index 8430717d21..5bbbe7b9dc 100644 --- a/deployment/swift/swift-storage-container-puppet.yaml +++ b/deployment/swift/swift-storage-container-puppet.yaml @@ -598,9 +598,7 @@ outputs: with_items: - { 'path': /srv/node, 'setype': svirt_sandbox_file_t } - { 'path': /var/cache/swift, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/swift, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/swift, 'setype': var_log_t } - - { 'path': /var/log/containers, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/swift, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - name: Set swift_use_local_disks fact set_fact: swift_use_local_disks: {get_param: SwiftUseLocalDir} @@ -609,13 +607,6 @@ outputs: path: "/srv/node/d1" state: directory when: swift_use_local_disks - - name: swift logs readme - copy: - dest: /var/log/swift/readme.txt - content: | - Log files from swift containers can be found under - /var/log/containers/swift and /var/log/containers/httpd/swift-*. - ignore_errors: true - name: Set fact for SwiftRawDisks set_fact: swift_raw_disks: {get_param: SwiftRawDisks} diff --git a/deployment/undercloud/tempest-container-puppet.yaml b/deployment/undercloud/tempest-container-puppet.yaml index 6b57c1d1a2..f285ec896e 100644 --- a/deployment/undercloud/tempest-container-puppet.yaml +++ b/deployment/undercloud/tempest-container-puppet.yaml @@ -59,17 +59,9 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/tempest, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/tempest, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/tempest, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/lib/tempestdata, 'setype': svirt_sandbox_file_t } - { 'path': /var/lib/tempest, 'setype': svirt_sandbox_file_t } - - name: Tempest logs readme - copy: - dest: /var/log/tempest/readme.txt - content: | - Log files from tempest containers can be found under - /var/log/containers/tempest. - ignore_errors: true puppet_config: config_volume: '' step_config: '' diff --git a/deployment/zaqar/zaqar-container-puppet.yaml b/deployment/zaqar/zaqar-container-puppet.yaml index bf69312f21..eccc06fa01 100644 --- a/deployment/zaqar/zaqar-container-puppet.yaml +++ b/deployment/zaqar/zaqar-container-puppet.yaml @@ -354,15 +354,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/zaqar, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/httpd/zaqar, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/zaqar, 'setype': svirt_sandbox_file_t } - - name: zaqar logs readme - copy: - dest: /var/log/zaqar/readme.txt - content: | - Log files from zaqar containers can be found under - /var/log/containers/zaqar and /var/log/containers/httpd/zaqar. - ignore_errors: true + - { 'path': /var/log/containers/zaqar, 'setype': svirt_sandbox_file_t, 'mode': '0750' } + - { 'path': /var/log/containers/httpd/zaqar, 'setype': svirt_sandbox_file_t, 'mode': '0750' } metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings]