Browse Source

Set setype for log and persistant data directories

This allows to deploy and use the services on a selinux-enforcing host
with proper selinux separation.

Change-Id: Icde6c61a0b26741946d079b2b00475de34722bea
changes/01/611801/13
Cédric Jeanneret 3 years ago
committed by Emilien Macchi
parent
commit
c76584c021
  1. 4
      docker/services/ceilometer-agent-central.yaml
  2. 3
      docker/services/ceilometer-agent-compute.yaml
  3. 2
      docker/services/ceilometer-agent-notification.yaml
  4. 12
      docker/services/cinder-api.yaml
  5. 9
      docker/services/cinder-backup.yaml
  6. 4
      docker/services/cinder-common.yaml
  7. 2
      docker/services/cinder-scheduler.yaml
  8. 7
      docker/services/congress.yaml
  9. 15
      docker/services/database/mongodb.yaml
  10. 3
      docker/services/designate-api.yaml
  11. 9
      docker/services/designate-central.yaml
  12. 3
      docker/services/designate-mdns.yaml
  13. 3
      docker/services/designate-producer.yaml
  14. 3
      docker/services/designate-sink.yaml
  15. 8
      docker/services/designate-worker.yaml
  16. 17
      docker/services/ec2-api.yaml
  17. 7
      docker/services/fluentd.yaml
  18. 23
      docker/services/gnocchi-api.yaml
  19. 9
      docker/services/gnocchi-metricd.yaml
  20. 9
      docker/services/gnocchi-statsd.yaml
  21. 8
      docker/services/horizon.yaml
  22. 8
      docker/services/ironic-api.yaml
  23. 18
      docker/services/ironic-inspector.yaml
  24. 8
      docker/services/ironic-pxe.yaml
  25. 11
      docker/services/logging/files/barbican-api.yaml
  26. 2
      docker/services/logging/files/glance-api.yaml
  27. 11
      docker/services/logging/files/heat-api-cfn.yaml
  28. 11
      docker/services/logging/files/heat-api.yaml
  29. 5
      docker/services/logging/files/heat-engine.yaml
  30. 4
      docker/services/logging/files/keystone.yaml
  31. 11
      docker/services/logging/files/neutron-api.yaml
  32. 7
      docker/services/logging/files/neutron-common.yaml
  33. 3
      docker/services/logging/files/nova-common.yaml
  34. 11
      docker/services/logging/files/nova-metadata.yaml
  35. 11
      docker/services/logging/files/nova-placement.yaml
  36. 11
      docker/services/logging/files/opendaylight-api.yaml
  37. 11
      docker/services/logging/files/panko-api.yaml
  38. 19
      docker/services/manila-api.yaml
  39. 4
      docker/services/manila-common.yaml
  40. 3
      docker/services/manila-scheduler.yaml
  41. 7
      docker/services/manila-share.yaml
  42. 8
      docker/services/messaging/notify-rabbitmq.yaml
  43. 13
      docker/services/messaging/rpc-qdrouterd.yaml
  44. 8
      docker/services/messaging/rpc-rabbitmq.yaml
  45. 3
      docker/services/metrics/collectd.yaml
  46. 13
      docker/services/metrics/qdr.yaml
  47. 6
      docker/services/mistral-api.yaml
  48. 11
      docker/services/neutron-dhcp.yaml
  49. 10
      docker/services/neutron-l3.yaml
  50. 2
      docker/services/neutron-metadata.yaml
  51. 10
      docker/services/neutron-ovs-agent.yaml
  52. 2
      docker/services/nova-compute.yaml
  53. 4
      docker/services/nova-ironic.yaml
  54. 12
      docker/services/nova-libvirt.yaml
  55. 19
      docker/services/octavia-api.yaml
  56. 5
      docker/services/octavia-health-manager.yaml
  57. 5
      docker/services/octavia-housekeeping.yaml
  58. 5
      docker/services/octavia-worker.yaml
  59. 7
      docker/services/ovn-controller.yaml
  60. 23
      docker/services/ovn-dbs.yaml
  61. 15
      docker/services/ovn-metadata.yaml
  62. 9
      docker/services/pacemaker/cinder-backup.yaml
  63. 9
      docker/services/pacemaker/database/redis.yaml
  64. 9
      docker/services/pacemaker/manila-share.yaml
  65. 9
      docker/services/pacemaker/notify-rabbitmq.yaml
  66. 7
      docker/services/pacemaker/ovn-dbs.yaml
  67. 9
      docker/services/pacemaker/rabbitmq.yaml
  68. 9
      docker/services/pacemaker/rpc-rabbitmq.yaml
  69. 13
      docker/services/qdrouterd.yaml

4
docker/services/ceilometer-agent-central.yaml

@ -113,7 +113,7 @@ outputs:
-
- /var/lib/kolla/config_files/ceilometer_agent_central.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ceilometer/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/ceilometer:/var/log/ceilometer
- /var/log/containers/ceilometer:/var/log/ceilometer:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
step_5:
@ -131,7 +131,7 @@ outputs:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro
- /var/log/containers/ceilometer:/var/log/ceilometer
- /var/log/containers/ceilometer:/var/log/ceilometer:z
command:
- '/usr/bin/bootstrap_host_exec'
- 'ceilometer_agent_central'

3
docker/services/ceilometer-agent-compute.yaml

@ -101,7 +101,7 @@ outputs:
- /var/lib/kolla/config_files/ceilometer_agent_compute.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ceilometer/:/var/lib/kolla/config_files/src:ro
- /var/run/libvirt:/var/run/libvirt:ro
- /var/log/containers/ceilometer:/var/log/ceilometer
- /var/log/containers/ceilometer:/var/log/ceilometer:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
@ -109,6 +109,7 @@ outputs:
file:
path: /var/log/containers/ceilometer
state: directory
setype: svirt_sandbox_file_t
- name: ceilometer logs readme
copy:
dest: /var/log/ceilometer/readme.txt

2
docker/services/ceilometer-agent-notification.yaml

@ -129,7 +129,7 @@ outputs:
- /var/lib/kolla/config_files/ceilometer_agent_notification.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ceilometer/:/var/lib/kolla/config_files/src:ro
- /var/lib/config-data/puppet-generated/panko/:/var/lib/kolla/config_files/src-panko:ro
- /var/log/containers/ceilometer:/var/log/ceilometer
- /var/log/containers/ceilometer:/var/log/ceilometer:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:

12
docker/services/cinder-api.yaml

@ -141,8 +141,8 @@ outputs:
-
- /var/lib/config-data/cinder/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro
- /var/log/containers/cinder:/var/log/cinder
- /var/log/containers/httpd/cinder-api:/var/log/httpd
- /var/log/containers/cinder:/var/log/cinder:z
- /var/log/containers/httpd/cinder-api:/var/log/httpd:z
command:
- '/usr/bin/bootstrap_host_exec'
- 'cinder_api'
@ -164,8 +164,8 @@ outputs:
-
- /var/lib/kolla/config_files/cinder_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/cinder:/var/log/cinder
- /var/log/containers/httpd/cinder-api:/var/log/httpd
- /var/log/containers/cinder:/var/log/cinder:z
- /var/log/containers/httpd/cinder-api:/var/log/httpd:z
-
if:
- internal_tls_enabled
@ -190,8 +190,8 @@ outputs:
-
- /var/lib/kolla/config_files/cinder_api_cron.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/cinder:/var/log/cinder
- /var/log/containers/httpd/cinder-api:/var/log/httpd
- /var/log/containers/cinder:/var/log/cinder:z
- /var/log/containers/httpd/cinder-api:/var/log/httpd:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
docker_puppet_tasks:

9
docker/services/cinder-backup.yaml

@ -142,7 +142,7 @@ outputs:
privileged: false
user: root
volumes:
- /var/log/containers/cinder:/var/log/cinder
- /var/log/containers/cinder:/var/log/cinder:z
command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder']
step_4:
cinder_backup:
@ -164,11 +164,12 @@ outputs:
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/lib/cinder
- /var/log/containers/cinder
- { 'name': /var/lib/cinder, 'setype': svirt_sandbox_file_t }
- { 'name': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t }
- name: cinder logs readme
copy:
dest: /var/log/cinder/readme.txt

4
docker/services/cinder-common.yaml

@ -170,8 +170,8 @@ outputs:
- /run/:/run/
- /sys:/sys
- /lib/modules:/lib/modules:ro
- /var/lib/cinder:/var/lib/cinder
- /var/log/containers/cinder:/var/log/cinder
- /var/lib/cinder:/var/lib/cinder:z
- /var/log/containers/cinder:/var/log/cinder:z
cinder_backup_environment:
description: Docker environment for the cinder-backup container (HA or non-HA)

2
docker/services/cinder-scheduler.yaml

@ -130,7 +130,7 @@ outputs:
-
- /var/lib/kolla/config_files/cinder_scheduler.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/cinder:/var/log/cinder
- /var/log/containers/cinder:/var/log/cinder:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:

7
docker/services/congress.yaml

@ -98,7 +98,7 @@ outputs:
privileged: false
user: root
volumes:
- /var/log/containers/congress:/var/log/congress
- /var/log/containers/congress:/var/log/congress:z
command: ['/bin/bash', '-c', 'chown -R congress:congress /var/log/congress']
step_3:
congress_db_sync:
@ -115,7 +115,7 @@ outputs:
# This should go away anyway and mount the exact files it
# needs or use kolla set_configs.py
- /var/lib/config-data/congress/etc/:/etc/
- /var/log/containers/congress:/var/log/congress
- /var/log/containers/congress:/var/log/congress:z
command: "/usr/bin/bootstrap_host_exec congress su congress -s /bin/bash -c 'congress-db-manage --config-file /etc/congress/congress.conf upgrade head'"
step_4:
congress_api:
@ -130,7 +130,7 @@ outputs:
-
- /var/lib/kolla/config_files/congress_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/congress/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/congress:/var/log/congress
- /var/log/containers/congress:/var/log/congress:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
@ -138,6 +138,7 @@ outputs:
file:
path: /var/log/containers/congress
state: directory
setype: svirt_sandbox_file_t
- name: congress logs readme
copy:
dest: /var/log/congress/readme.txt

15
docker/services/database/mongodb.yaml

@ -112,8 +112,8 @@ outputs:
- - /var/lib/kolla/config_files/mongodb.json:/var/lib/kolla/config_files/config.json
- /var/lib/config-data/puppet-generated/mongodb/:/var/lib/kolla/config_files/src:ro
- /etc/localtime:/etc/localtime:ro
- /var/log/containers/mongodb:/var/log/mongodb
- /var/lib/mongodb:/var/lib/mongodb
- /var/log/containers/mongodb:/var/log/mongodb:z
- /var/lib/mongodb:/var/lib/mongodb:z
- if:
- internal_tls_enabled
- - list_join:
@ -134,8 +134,8 @@ outputs:
config_image: *mongodb_config_image
volumes:
list_concat:
- - /var/lib/mongodb:/var/lib/mongodb
- /var/log/containers/mongodb:/var/log/mongodb
- - /var/lib/mongodb:/var/lib/mongodb:z
- /var/log/containers/mongodb:/var/log/mongodb:z
- if:
- internal_tls_enabled
- - list_join:
@ -148,11 +148,12 @@ outputs:
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/log/containers/mongodb
- /var/lib/mongodb
- { 'path': /var/log/containers/mongodb, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/mongodb, 'setype': svirt_sandbox_file_t }
- name: mongodb logs readme
copy:
dest: /var/log/mongodb/readme.txt

3
docker/services/designate-api.yaml

@ -135,7 +135,7 @@ outputs:
-
- /var/lib/kolla/config_files/designate_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/designate/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/designate:/var/log/designate
- /var/log/containers/designate:/var/log/designate:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
@ -143,6 +143,7 @@ outputs:
file:
path: /var/log/containers/designate
state: directory
setype: svirt_sandbox_file_t
- name: designate logs readme
copy:
dest: /var/log/designate/readme.txt

9
docker/services/designate-central.yaml

@ -107,7 +107,7 @@ outputs:
privileged: false
user: root
volumes:
- /var/log/containers/designate:/var/log/designate
- /var/log/containers/designate:/var/log/designate:z
command: ['/bin/bash', '-c', 'chown -R designate:designate /var/log/designate']
step_3:
designate_db_sync:
@ -122,7 +122,7 @@ outputs:
-
- /var/lib/config-data/designate/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/designate/etc/designate/:/etc/designate/:ro
- /var/log/containers/designate:/var/log/designate
- /var/log/containers/designate:/var/log/designate:z
command: "/usr/bin/bootstrap_host_exec designate_central su designate -s /bin/bash -c 'designate-manage --config-file /etc/designate/designate.conf database sync'"
step_4:
designate_central:
@ -139,7 +139,7 @@ outputs:
- /run:/run
- /var/lib/kolla/config_files/designate_central.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/designate/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/designate:/var/log/designate
- /var/log/containers/designate:/var/log/designate:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
step_5:
@ -154,13 +154,14 @@ outputs:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/designate/etc/designate/:/etc/designate/:ro
- /var/log/containers/designate:/var/log/designate
- /var/log/containers/designate:/var/log/designate:z
command: "/usr/bin/bootstrap_host_exec designate_central su designate -s /bin/bash -c '/bin/designate-manage pool update'"
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/designate
state: directory
setype: svirt_sandbox_file_t
- name: designate logs readme
copy:
dest: /var/log/designate/readme.txt

3
docker/services/designate-mdns.yaml

@ -115,7 +115,7 @@ outputs:
- /run:/run
- /var/lib/kolla/config_files/designate_mdns.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/designate/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/designate:/var/log/designate
- /var/log/containers/designate:/var/log/designate:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
@ -123,6 +123,7 @@ outputs:
file:
path: /var/log/containers/designate
state: directory
setype: svirt_sandbox_file_t
- name: designate logs readme
copy:
dest: /var/log/designate/readme.txt

3
docker/services/designate-producer.yaml

@ -116,7 +116,7 @@ outputs:
- /run:/run
- /var/lib/kolla/config_files/designate_producer.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/designate/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/designate:/var/log/designate
- /var/log/containers/designate:/var/log/designate:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
@ -124,6 +124,7 @@ outputs:
file:
path: /var/log/containers/designate
state: directory
setype: svirt_sandbox_file_t
- name: designate logs readme
copy:
dest: /var/log/designate/readme.txt

3
docker/services/designate-sink.yaml

@ -116,7 +116,7 @@ outputs:
- /run:/run
- /var/lib/kolla/config_files/designate_sink.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/designate/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/designate:/var/log/designate
- /var/log/containers/designate:/var/log/designate:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
@ -124,6 +124,7 @@ outputs:
file:
path: /var/log/containers/designate
state: directory
setype: svirt_sandbox_file_t
- name: designate logs readme
copy:
dest: /var/log/designate/readme.txt

8
docker/services/designate-worker.yaml

@ -141,7 +141,7 @@ outputs:
- /run:/run
- /var/lib/kolla/config_files/designate_worker.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/designate/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/designate:/var/log/designate
- /var/log/containers/designate:/var/log/designate:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
designate_backend_bind9:
@ -156,8 +156,8 @@ outputs:
- /run:/run
- /var/lib/kolla/config_files/designate_backend_bind9.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/designate/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/designate:/var/log/designate
- /var/named-persistent:/var/named-persistent
- /var/log/containers/designate:/var/log/designate:z
- /var/named-persistent:/var/named-persistent:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
@ -165,6 +165,7 @@ outputs:
file:
path: /var/log/containers/designate
state: directory
setype: svirt_sandbox_file_t
- name: designate logs readme
copy:
dest: /var/log/designate/readme.txt
@ -176,3 +177,4 @@ outputs:
file:
path: /var/named-persistent
state: directory
setype: svirt_sandbox_file_t

17
docker/services/ec2-api.yaml

@ -128,10 +128,10 @@ outputs:
privileged: false
user: root
volumes:
- /var/log/containers/ec2_api:/var/log/ec2api
- /var/log/containers/ec2_api:/var/log/ec2api:z
# mount ec2_api_metadata to "ec2api-metadata" only here to fix
# permissions of both directories in one go
- /var/log/containers/ec2_api_metadata:/var/log/ec2api-metadata
- /var/log/containers/ec2_api_metadata:/var/log/ec2api-metadata:z
command: ['/bin/bash', '-c', 'chown -R ec2api:ec2api /var/log/ec2api /var/log/ec2api-metadata']
step_3:
ec2_api_db_sync:
@ -146,7 +146,7 @@ outputs:
-
- /var/lib/config-data/ec2_api/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/ec2_api/etc/ec2api/:/etc/ec2api/:ro
- /var/log/containers/ec2_api:/var/log/ec2api
- /var/log/containers/ec2_api:/var/log/ec2api:z
command: "/usr/bin/bootstrap_host_exec ec2_api su ec2api -s /bin/bash -c '/usr/bin/ec2-api-manage db_sync'"
step_4:
map_merge:
@ -161,7 +161,7 @@ outputs:
-
- /var/lib/kolla/config_files/ec2_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ec2_api/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/ec2_api:/var/log/ec2api
- /var/log/containers/ec2_api:/var/log/ec2api:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
ec2_api_metadata:
@ -175,7 +175,7 @@ outputs:
-
- /var/lib/kolla/config_files/ec2_api_metadata.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ec2_api/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/ec2_api_metadata:/var/log/ec2api
- /var/log/containers/ec2_api_metadata:/var/log/ec2api:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- if:
@ -199,11 +199,12 @@ outputs:
host_prep_tasks:
- name: create persistent log directories
file:
path: /var/log/containers/{{ item }}
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- ec2_api
- ec2_api_metadata
- { 'path': /var/log/containers/ec2_api, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/ec2_api_metadata, 'setype': svirt_sandbox_file_t }
- name: ec2_api logs readme
copy:
dest: /var/log/{{ item }}/readme.txt

7
docker/services/fluentd.yaml

@ -90,17 +90,18 @@ outputs:
privileged: true
user: root
restart: always
security_opt: 'label=disable'
healthcheck:
test: /openstack/healthcheck
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/cache/containers/fluentd:/var/cache/fluentd:rw
- /var/cache/containers/fluentd:/var/cache/fluentd:rw,z
- /var/lib/kolla/config_files/fluentd.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/fluentd/:/var/lib/kolla/config_files/src:ro
- /var/log/containers:/var/log/containers:ro
- /var/log/containers/fluentd:/var/log/fluentd:rw
- /var/log/containers/fluentd:/var/log/fluentd:rw,z
- /etc/rsyslog.d:/etc/rsyslog.d:rw
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
@ -109,6 +110,7 @@ outputs:
file:
path: /var/log/containers/fluentd
state: directory
setype: svirt_sandbox_file_t
- name: fluentd logs readme
copy:
dest: /var/log/fluentd/readme.txt
@ -120,6 +122,7 @@ outputs:
file:
path: /var/cache/containers/fluentd
state: directory
setype: svirt_sandbox_file_t
upgrade_tasks:
- when: step|int == 0
tags: common

23
docker/services/gnocchi-api.yaml

@ -155,8 +155,8 @@ outputs:
user: root
volumes:
- str_replace:
template: GNOCCHI_FILE_BASE_PATH:GNOCCHI_FILE_BASE_PATH
params: {GNOCCHI_FILE_BASE_PATH: {get_param: GnocchiFileBasePath}}
template: GNOCCHI_FILE_BASE_PATH:GNOCCHI_FILE_BASE_PATH:SE_FLAGS
params: {GNOCCHI_FILE_BASE_PATH: {get_param: GnocchiFileBasePath}, SE_FLAGS: 'shared,z'}
command:
- '/bin/bash'
- '-c'
@ -178,10 +178,10 @@ outputs:
- /var/lib/kolla/config_files/gnocchi_db_sync.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro
- str_replace:
template: GNOCCHI_FILE_BASE_PATH:GNOCCHI_FILE_BASE_PATH
params: {GNOCCHI_FILE_BASE_PATH: {get_param: GnocchiFileBasePath}}
- /var/log/containers/gnocchi:/var/log/gnocchi
- /var/log/containers/httpd/gnocchi-api:/var/log/httpd
template: GNOCCHI_FILE_BASE_PATH:GNOCCHI_FILE_BASE_PATH:SE_FLAGS
params: {GNOCCHI_FILE_BASE_PATH: {get_param: GnocchiFileBasePath}, SE_FLAGS: 'shared,z'}
- /var/log/containers/gnocchi:/var/log/gnocchi:z
- /var/log/containers/httpd/gnocchi-api:/var/log/httpd:z
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
@ -198,12 +198,12 @@ outputs:
- {get_attr: [ContainersCommon, volumes]}
-
- str_replace:
template: GNOCCHI_FILE_BASE_PATH:GNOCCHI_FILE_BASE_PATH
params: {GNOCCHI_FILE_BASE_PATH: {get_param: GnocchiFileBasePath}}
template: GNOCCHI_FILE_BASE_PATH:GNOCCHI_FILE_BASE_PATH:SE_FLAGS
params: {GNOCCHI_FILE_BASE_PATH: {get_param: GnocchiFileBasePath}, SE_FLAGS: 'shared,z'}
- /var/lib/kolla/config_files/gnocchi_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/gnocchi:/var/log/gnocchi
- /var/log/containers/httpd/gnocchi-api:/var/log/httpd
- /var/log/containers/gnocchi:/var/log/gnocchi:z
- /var/log/containers/httpd/gnocchi-api:/var/log/httpd:z
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
-
if:
@ -218,7 +218,7 @@ outputs:
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
- name: create persistent data and logs directory
file:
path: "{{ item.path }}"
state: directory
@ -226,6 +226,7 @@ outputs:
with_items:
- { 'path': /var/log/containers/gnocchi, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/gnocchi-api, 'setype': svirt_sandbox_file_t }
- { 'path': {get_param: GnocchiFileBasePath}, 'setype': svirt_sandbox_file_t }
- name: gnocchi logs readme
copy:
dest: /var/log/gnocchi/readme.txt

9
docker/services/gnocchi-metricd.yaml

@ -132,8 +132,8 @@ outputs:
- /var/log/containers/gnocchi:/var/log/gnocchi:z
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
- str_replace:
template: GNOCCHI_FILE_BASE_PATH:GNOCCHI_FILE_BASE_PATH
params: {GNOCCHI_FILE_BASE_PATH: {get_param: GnocchiFileBasePath}}
template: GNOCCHI_FILE_BASE_PATH:GNOCCHI_FILE_BASE_PATH:SE_FLAGS
params: {GNOCCHI_FILE_BASE_PATH: {get_param: GnocchiFileBasePath}, SE_FLAGS: 'shared,z'}
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
@ -149,6 +149,11 @@ outputs:
Log files from gnocchi containers can be found under
/var/log/containers/gnocchi and /var/log/containers/httpd/gnocchi-api.
ignore_errors: true
- name: create persistent data directory
file:
path: {get_param: GnocchiFileBasePath}
state: directory
setype: svirt_sandbox_file_t
- name: ensure ceph configurations exist
file:
path: /etc/ceph

9
docker/services/gnocchi-statsd.yaml

@ -132,8 +132,8 @@ outputs:
- /var/log/containers/gnocchi:/var/log/gnocchi:z
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
- str_replace:
template: GNOCCHI_FILE_BASE_PATH:GNOCCHI_FILE_BASE_PATH
params: {GNOCCHI_FILE_BASE_PATH: {get_param: GnocchiFileBasePath}}
template: GNOCCHI_FILE_BASE_PATH:GNOCCHI_FILE_BASE_PATH:SE_FLAGS
params: {GNOCCHI_FILE_BASE_PATH: {get_param: GnocchiFileBasePath}, SE_FLAGS: 'shared,z'}
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
@ -149,6 +149,11 @@ outputs:
Log files from gnocchi containers can be found under
/var/log/containers/gnocchi and /var/log/containers/httpd/gnocchi-api.
ignore_errors: true
- name: create persistent data directory
file:
path: {get_param: GnocchiFileBasePath}
state: directory
setype: svirt_sandbox_file_t
- name: ensure ceph configurations exist
file:
path: /etc/ceph

8
docker/services/horizon.yaml

@ -113,8 +113,8 @@ outputs:
# http://paste.openstack.org/show/609819/
command: ['/bin/bash', '-c', 'touch /var/log/horizon/horizon.log && chown -R apache:apache /var/log/horizon && chmod -R a+rx /etc/openstack-dashboard']
volumes:
- /var/log/containers/horizon:/var/log/horizon
- /var/log/containers/httpd/horizon:/var/log/httpd
- /var/log/containers/horizon:/var/log/horizon:z
- /var/log/containers/httpd/horizon:/var/log/httpd:z
- /var/lib/config-data/puppet-generated/horizon/etc/openstack-dashboard:/etc/openstack-dashboard
step_3:
horizon:
@ -128,8 +128,8 @@ outputs:
-
- /var/lib/kolla/config_files/horizon.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/horizon/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/horizon:/var/log/horizon
- /var/log/containers/httpd/horizon:/var/log/httpd
- /var/log/containers/horizon:/var/log/horizon:z
- /var/log/containers/httpd/horizon:/var/log/httpd:z
- /var/www/:/var/www/:ro
-
if:

8
docker/services/ironic-api.yaml

@ -115,8 +115,8 @@ outputs:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/ironic_api/etc/ironic:/etc/ironic:ro
- /var/log/containers/ironic:/var/log/ironic
- /var/log/containers/httpd/ironic-api:/var/log/httpd
- /var/log/containers/ironic:/var/log/ironic:z
- /var/log/containers/httpd/ironic-api:/var/log/httpd:z
command: "/usr/bin/bootstrap_host_exec ironic_api su ironic -s /bin/bash -c 'ironic-dbsync --config-file /etc/ironic/ironic.conf'"
step_4:
ironic_api:
@ -133,8 +133,8 @@ outputs:
-
- /var/lib/kolla/config_files/ironic_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ironic_api/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/ironic:/var/log/ironic
- /var/log/containers/httpd/ironic-api:/var/log/httpd
- /var/log/containers/ironic:/var/log/ironic:z
- /var/log/containers/httpd/ironic-api:/var/log/httpd:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:

18
docker/services/ironic-inspector.yaml

@ -128,7 +128,7 @@ outputs:
get_param: DockerIronicInspectorImage
user: root
volumes:
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector:z
command: ['/bin/bash', '-c', 'chown -R ironic-inspector:ironic-inspector /var/log/ironic-inspector']
ironic_inspector_init_dnsmasq_dhcp_hostsdir:
@ -136,7 +136,7 @@ outputs:
image: *ironic_inspector_image
user: root
volumes:
- /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir:shared
- /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir:shared,z
command: ['/bin/bash', '-c', 'chown -R ironic-inspector:ironic-inspector /var/lib/ironic-inspector/dhcp-hostsdir']
ironic_inspector_db_sync:
start_order: 2
@ -151,7 +151,7 @@ outputs:
-
- /var/lib/kolla/config_files/ironic_inspector.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/ironic_inspector/etc/ironic-inspector:/etc/ironic-inspector:ro
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
command: "/usr/bin/bootstrap_host_exec ironic_inspector su ironic-inspector -s /bin/bash -c 'ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade'"
@ -167,7 +167,7 @@ outputs:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ironic_inspector.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/ironic:/var/lib/ironic:shared
- /var/lib/ironic:/var/lib/ironic:shared,z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
command:
@ -195,9 +195,9 @@ outputs:
-
- /var/lib/kolla/config_files/ironic_inspector.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ironic_inspector/:/var/lib/kolla/config_files/src:ro
- /var/lib/ironic:/var/lib/ironic:shared
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector
- /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir:shared
- /var/lib/ironic:/var/lib/ironic:shared,z
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector:z
- /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir:shared,z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
ironic_inspector_dnsmasq:
@ -215,8 +215,8 @@ outputs:
-
- /var/lib/kolla/config_files/ironic_inspector_dnsmasq.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ironic_inspector/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector
- /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir:shared
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector:z
- /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir:shared,z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:

8
docker/services/ironic-pxe.yaml

@ -132,7 +132,7 @@ outputs:
-
- /var/lib/kolla/config_files/ironic_pxe_tftp.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ironic/:/var/lib/kolla/config_files/src:ro
- /var/lib/ironic:/var/lib/ironic/:z
- /var/lib/ironic:/var/lib/ironic/:shared,z
- /dev/log:/dev/log
- /var/log/containers/ironic:/var/log/ironic:z
- /var/log/containers/httpd/ironic-pxe:/var/log/httpd:z
@ -150,9 +150,9 @@ outputs:
-
- /var/lib/kolla/config_files/ironic_pxe_http.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ironic/:/var/lib/kolla/config_files/src:ro
- /var/lib/ironic:/var/lib/ironic/:shared
- /var/log/containers/ironic:/var/log/ironic
- /var/log/containers/httpd/ironic-pxe:/var/log/httpd
- /var/lib/ironic:/var/lib/ironic/:shared,z
- /var/log/containers/ironic:/var/log/ironic:z
- /var/log/containers/httpd/ironic-pxe:/var/log/httpd:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:

11
docker/services/logging/files/barbican-api.yaml

@ -18,8 +18,8 @@ outputs:
volumes:
description: The volumes needed to log to files in the host.
value: &barbican_api_volumes
- /var/log/containers/barbican:/var/log/barbican
- /var/log/containers/httpd/barbican-api:/var/log/httpd
- /var/log/containers/barbican:/var/log/barbican:z
- /var/log/containers/httpd/barbican-api:/var/log/httpd:z
docker_config:
description: Extra containers needed for logging to files in the host.
value:
@ -34,11 +34,12 @@ outputs:
value:
- name: create persistent logs directory
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/log/containers/barbican
- /var/log/containers/httpd/barbican-api
- { 'path': /var/log/containers/barbican, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/barbican-api, 'setype': svirt_sandbox_file_t }
- name: barbican logs readme
copy:
dest: /var/log/barbican/readme.txt

2
docker/services/logging/files/glance-api.yaml

@ -15,7 +15,7 @@ outputs:
volumes:
description: The volumes needed to log to files in the host.
value: &glance_api_volumes
- /var/log/containers/glance:/var/log/glance
- /var/log/containers/glance:/var/log/glance:z
docker_config:
description: Extra containers needed for logging to files in the host.
value:

11
docker/services/logging/files/heat-api-cfn.yaml

@ -14,18 +14,19 @@ outputs:
volumes:
description: The volumes needed to log to files in the host.
value:
- /var/log/containers/heat:/var/log/heat
- /var/log/containers/httpd/heat-api-cfn:/var/log/httpd
- /var/log/containers/heat:/var/log/heat:z
- /var/log/containers/httpd/heat-api-cfn:/var/log/httpd:z
host_prep_tasks:
description: Extra ansible tasks needed for logging to files in the host.
value:
- name: create persistent logs directory
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/log/containers/heat
- /var/log/containers/httpd/heat-api-cfn
- { 'path': /var/log/containers/heat, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/heat-api-cfn, 'setype': svirt_sandbox_file_t }
- name: heat logs readme
copy:
dest: /var/log/heat/readme.txt

11
docker/services/logging/files/heat-api.yaml

@ -14,18 +14,19 @@ outputs:
volumes:
description: The volumes needed to log to files in the host.
value:
- /var/log/containers/heat:/var/log/heat
- /var/log/containers/httpd/heat-api:/var/log/httpd
- /var/log/containers/heat:/var/log/heat:z
- /var/log/containers/httpd/heat-api:/var/log/httpd:z
host_prep_tasks:
description: Extra ansible tasks needed for logging to files in the host.
value:
- name: create persistent logs directory
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/log/containers/heat
- /var/log/containers/httpd/heat-api
- { 'path': /var/log/containers/heat, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/heat-api, 'setype': svirt_sandbox_file_t }
- name: heat logs readme
copy:
dest: /var/log/heat/readme.txt

5
docker/services/logging/files/heat-engine.yaml

@ -24,12 +24,12 @@ outputs:
image: {get_param: DockerHeatEngineImage}
user: root
volumes:
- /var/log/containers/heat:/var/log/heat
- /var/log/containers/heat:/var/log/heat:z
command: ['/bin/bash', '-c', 'chown -R heat:heat /var/log/heat']
volumes:
description: The volumes needed to log to files in the host.
value:
- /var/log/containers/heat:/var/log/heat
- /var/log/containers/heat:/var/log/heat:z
host_prep_tasks:
description: Extra ansible tasks needed for logging to files in the host.
value:
@ -37,6 +37,7 @@ outputs:
file:
path: /var/log/containers/heat
state: directory
setype: svirt_sandbox_file_t
- name: heat logs readme
copy:
dest: /var/log/heat/readme.txt

4
docker/services/logging/files/keystone.yaml

@ -15,8 +15,8 @@ outputs:
volumes:
description: The volumes needed to log to files in the host.
value: &keystone_volumes
- /var/log/containers/keystone:/var/log/keystone
- /var/log/containers/httpd/keystone:/var/log/httpd
- /var/log/containers/keystone:/var/log/keystone:z
- /var/log/containers/httpd/keystone:/var/log/httpd:z
docker_config:
description: Extra containers needed for logging to files in the host.
value:

11
docker/services/logging/files/neutron-api.yaml

@ -25,8 +25,8 @@ outputs:
volumes:
description: extra volumes
value: &neutron_api_volumes
- /var/log/containers/neutron:/var/log/neutron
- /var/log/containers/httpd/neutron-api:/var/log/httpd
- /var/log/containers/neutron:/var/log/neutron:z
- /var/log/containers/httpd/neutron-api:/var/log/httpd:z
docker_config:
description: Extra containers needed for logging to files in the host.
value:
@ -43,11 +43,12 @@ outputs:
value:
- name: create persistent logs directory
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/log/containers/neutron
- /var/log/containers/httpd/neutron-api
- { 'path': /var/log/containers/neutron, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/neutron-api, 'setype': svirt_sandbox_file_t }
- name: neutron logs readme
copy:
dest: /var/log/neutron/readme.txt

7
docker/services/logging/files/neutron-common.yaml

@ -26,16 +26,17 @@ outputs:
volumes:
description: The volumes needed to log to files in the host.
value:
- /var/log/containers/neutron:/var/log/neutron
- /var/log/containers/neutron:/var/log/neutron:z
host_prep_tasks:
description: Extra ansible tasks needed for logging to files in the host.
value:
- name: create persistent logs directory
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/log/containers/neutron
- { 'path': /var/log/containers/neutron, 'setype': svirt_sandbox_file_t }
- name: neutron logs readme
copy:
dest: /var/log/neutron/readme.txt

3
docker/services/logging/files/nova-common.yaml

@ -44,7 +44,7 @@ outputs:
privileged: false
user: root
volumes:
- /var/log/containers/nova:/var/log/nova
- /var/log/containers/nova:/var/log/nova:z
command: ['/bin/bash', '-c', 'chown -R nova:nova /var/log/nova']
- keys:
CONTAINERNAME: {get_attr: [InitLogContainerName, value]}
@ -55,6 +55,7 @@ outputs:
file:
path: /var/log/containers/nova
state: directory
setype: svirt_sandbox_file_t
- name: nova logs readme
copy:
dest: /var/log/nova/readme.txt

11
docker/services/logging/files/nova-metadata.yaml

@ -15,8 +15,8 @@ outputs:
volumes:
description: The volumes needed to log to files in the host.
value: &nova_metadata_volumes
- /var/log/containers/nova:/var/log/nova
- /var/log/containers/httpd/nova-metadata:/var/log/httpd
- /var/log/containers/nova:/var/log/nova:z
- /var/log/containers/httpd/nova-metadata:/var/log/httpd:z
docker_config:
description: Extra containers needed for logging to files in the host.
value:
@ -32,11 +32,12 @@ outputs:
value:
- name: create persistent logs directory
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/log/containers/nova
- /var/log/containers/httpd/nova-metadata
- { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/nova-metadata, 'setype': svirt_sandbox_file_t }
- name: nova logs readme
copy:
dest: /var/log/nova/readme.txt

11
docker/services/logging/files/nova-placement.yaml

@ -15,8 +15,8 @@ outputs:
volumes:
description: The volumes needed to log to files in the host.
value: &nova_placement_volumes
- /var/log/containers/nova:/var/log/nova
- /var/log/containers/httpd/nova-placement:/var/log/httpd
- /var/log/containers/nova:/var/log/nova:z
- /var/log/containers/httpd/nova-placement:/var/log/httpd:z
docker_config:
description: Extra containers needed for logging to files in the host.
value:
@ -32,11 +32,12 @@ outputs:
value:
- name: create persistent logs directory
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/log/containers/nova
- /var/log/containers/httpd/nova-placement
- { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/nova-placement, 'setype': svirt_sandbox_file_t }
- name: nova logs readme
copy:
dest: /var/log/nova/readme.txt

11
docker/services/logging/files/opendaylight-api.yaml

@ -13,20 +13,21 @@ outputs:
volumes:
description: The volumes needed to log to files in the host.
value:
- /var/log/containers/opendaylight/karaf/logs:/opt/opendaylight/data/log
- /var/log/containers/opendaylight/karaf/logs:/opt/opendaylight/data/log:z
host_prep_tasks:
description: Extra ansible tasks needed for logging to files in the host.
value:
- name: create persistent logs directory
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/log/containers/opendaylight/karaf/logs
- /var/log/opendaylight
- { 'path': /var/log/containers/opendaylight/karaf/logs, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/opendaylight, 'setype': svirt_sandbox_file_t }
- name: opendaylight logs readme
copy:
dest: /var/log/opendaylight/readme.txt
content: |
Logs from OpenDaylight container can be found at /var/log/containers/opendaylight/karaf/logs/karaf.log
ignore_errors: true
ignore_errors: true

11
docker/services/logging/files/panko-api.yaml

@ -18,8 +18,8 @@ outputs:
volumes:
description: The volumes needed to log to files in the host.
value: &panko_api_volumes
- /var/log/containers/panko:/var/log/panko
- /var/log/containers/httpd/panko-api:/var/log/httpd
- /var/log/containers/panko:/var/log/panko:z
- /var/log/containers/httpd/panko-api:/var/log/httpd:z
docker_config:
description: Extra containers needed for logging to files in the host.
value:
@ -34,11 +34,12 @@ outputs:
value:
- name: create persistent logs directory
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/log/containers/panko
- /var/log/containers/httpd/panko-api
- { 'path': /var/log/containers/panko, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/panko-api, 'setype': svirt_sandbox_file_t }
- name: panko logs readme
copy:
dest: /var/log/panko/readme.txt

19
docker/services/manila-api.yaml

@ -88,8 +88,8 @@ outputs:
image: &manila_api_image {get_param: DockerManilaApiImage}
user: root
volumes:
- /var/log/containers/manila:/var/log/manila
- /var/log/containers/httpd/manila-api:/var/log/httpd
- /var/log/containers/manila:/var/log/manila:z
- /var/log/containers/httpd/manila-api:/var/log/httpd:z
command: ['/bin/bash', '-c', 'chown -R manila:manila /var/log/manila']
step_3:
manila_api_db_sync:
@ -103,8 +103,8 @@ outputs:
-
- /var/lib/config-data/manila/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro
- /var/log/containers/manila:/var/log/manila
- /var/log/containers/httpd/manila-api:/var/log/httpd
- /var/log/containers/manila:/var/log/manila:z
- /var/log/containers/httpd/manila-api:/var/log/httpd:z
command: "/usr/bin/bootstrap_host_exec manila_api su manila -s /bin/bash -c '/usr/bin/manila-manage db sync'"
step_4:
manila_api:
@ -117,18 +117,19 @@ outputs:
-
- /var/lib/kolla/config_files/manila_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/manila/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/manila:/var/log/manila
- /var/log/containers/httpd/manila-api:/var/log/httpd
- /var/log/containers/manila:/var/log/manila:z
- /var/log/containers/httpd/manila-api:/var/log/httpd:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: Create persistent manila logs directory
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/log/containers/manila
- /var/log/containers/httpd/manila-api
- { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/manila-api, 'setype': svirt_sandbox_file_t }
- name: manila logs readme
copy:
dest: /var/log/manila/readme.txt

4
docker/services/manila-common.yaml

@ -62,8 +62,8 @@ outputs:
- /run/:/run/
- /sys:/sys
- /lib/modules:/lib/modules:ro
- /var/lib/manila:/var/lib/manila
- /var/log/containers/manila:/var/log/manila
- /var/lib/manila:/var/lib/manila:z
- /var/log/containers/manila:/var/log/manila:z
- if:
- cephfs_nfs_enabled
-

3
docker/services/manila-scheduler.yaml

@ -103,7 +103,7 @@ outputs:
-
- /var/lib/kolla/config_files/manila_scheduler.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/manila/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/manila:/var/log/manila
- /var/log/containers/manila:/var/log/manila:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
@ -111,6 +111,7 @@ outputs:
file:
path: /var/log/containers/manila
state: directory
setype: svirt_sandbox_file_t
- name: manila logs readme
copy:
dest: /var/log/manila/readme.txt

7
docker/services/manila-share.yaml

@ -122,11 +122,12 @@ outputs:
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/log/containers/manila
- /var/lib/manila
- { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/manila, 'setype': svirt_sandbox_file_t }
- name: manila logs readme
copy:
dest: /var/log/manila/readme.txt

8
docker/services/messaging/notify-rabbitmq.yaml

@ -141,7 +141,7 @@ outputs:
- /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq:z
- /var/log/containers/rabbitmq:/var/log/rabbitmq
- /var/log/containers/rabbitmq:/var/log/rabbitmq:z
- if:
- internal_tls_enabled
-
@ -181,8 +181,8 @@ outputs:
-
- /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq
- /var/log/containers/rabbitmq:/var/log/rabbitmq
- /var/lib/rabbitmq:/var/lib/rabbitmq:z
- /var/log/containers/rabbitmq:/var/log/rabbitmq:z
- if:
- internal_tls_enabled
-
@ -205,7 +205,7 @@ outputs:
config_image: *rabbitmq_config_image
volumes:
- /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq
- /var/lib/rabbitmq:/var/lib/rabbitmq:z
metadata_settings:
get_attr: [RabbitmqBase, role_data, metadata_settings]
host_prep_tasks:

13
docker/services/messaging/rpc-qdrouterd.yaml

@ -95,7 +95,7 @@ outputs:
privileged: false
user: root
volumes:
- /var/log/containers/qdrouterd:/var/log/qdrouterd
- /var/log/containers/qdrouterd:/var/log/qdrouterd:z
command: ['/bin/bash', '-c', 'chown -R qdrouterd:qdrouterd /var/log/qdrouterd']
qdrouterd:
start_order: 1
@ -110,17 +110,18 @@ outputs:
-
- /var/lib/kolla/config_files/qdrouterd.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/qdrouterd/:/var/lib/kolla/config_files/src:ro
- /var/lib/qdrouterd:/var/lib/qdrouterd
- /var/log/containers/qdrouterd:/var/log/qdrouterd
- /var/lib/qdrouterd:/var/lib/qdrouterd:z
- /var/log/containers/qdrouterd:/var/log/qdrouterd:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/log/containers/qdrouterd
- /var/lib/qdrouterd
- { 'path': /var/log/containers/qdrouterd, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/qdrouterd, 'setype': svirt_sandbox_file_t }
metadata_settings:
get_attr: [QdrouterdBase, role_data, metadata_settings]

8
docker/services/messaging/rpc-rabbitmq.yaml

@ -141,7 +141,7 @@ outputs:
- /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq:z
- /var/log/containers/rabbitmq:/var/log/rabbitmq
- /var/log/containers/rabbitmq:/var/log/rabbitmq:z
- if:
- internal_tls_enabled
-
@ -181,8 +181,8 @@ outputs:
-
- /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq
- /var/log/containers/rabbitmq:/var/log/rabbitmq
- /var/lib/rabbitmq:/var/lib/rabbitmq:z
- /var/log/containers/rabbitmq:/var/log/rabbitmq:z
- if:
- internal_tls_enabled
-
@ -205,7 +205,7 @@ outputs:
config_image: *rabbitmq_config_image
volumes:
- /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq
- /var/lib/rabbitmq:/var/lib/rabbitmq:z
metadata_settings:
get_attr: [RabbitmqBase, role_data, metadata_settings]
host_prep_tasks:

3
docker/services/metrics/collectd.yaml

@ -107,7 +107,7 @@ outputs:
-
- /var/lib/kolla/config_files/collectd.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/collectd/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/collectd:/var/log/collectd:rw
- /var/log/containers/collectd:/var/log/collectd:rw,z
- /var/run/openvswitch:/var/run/openvswitch:ro
- /var/run/ceph:/var/run/ceph:ro
- /var/run/libvirt:/var/run/libvirt:ro
@ -118,6 +118,7 @@ outputs:
file:
path: /var/log/containers/collectd
state: directory
setype: svirt_sandbox_file_t
- name: collectd logs readme
copy:
dest: /var/log/collectd/readme.txt

13
docker/services/metrics/qdr.yaml

@ -184,7 +184,7 @@ outputs:
privileged: false
user: root
volumes:
- /var/log/containers/metrics-qdr:/var/log/qdrouterd
- /var/log/containers/metrics-qdr:/var/log/qdrouterd:z
command: ['/bin/bash', '-c', 'chown -R qdrouterd:qdrouterd /var/log/qdrouterd']
metrics_qdr:
start_order: 1
@ -199,18 +199,19 @@ outputs:
-
- /var/lib/kolla/config_files/metrics-qdr.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/metrics-qdr/:/var/lib/kolla/config_files/src:ro
- /var/lib/metrics-qdr:/var/lib/qdrouterd
- /var/log/containers/metrics-qdr:/var/log/qdrouterd
- /var/lib/metrics-qdr:/var/lib/qdrouterd:z
- /var/log/containers/metrics-qdr:/var/log/qdrouterd:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/log/containers/metrics-qdr
- /var/lib/metrics-qdr
- { 'path': /var/log/containers/metrics-qdr, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/metrics-qdr, 'setype': svirt_sandbox_file_t }
- name: qrouterd logs readme
copy:
dest: /var/log/qrouterd/readme-metrics.txt

6
docker/services/mistral-api.yaml

@ -113,7 +113,7 @@ outputs:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro
- /var/log/containers/mistral:/var/log/mistral
- /var/log/containers/mistral:/var/log/mistral:z
command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head'"
step_4:
mistral_api:
@ -130,7 +130,7 @@ outputs:
-
- /var/lib/kolla/config_files/mistral_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/mistral/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/mistral:/var/log/mistral
- /var/log/containers/mistral:/var/log/mistral:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
step_5:
@ -146,7 +146,7 @@ outputs:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro
- /var/log/containers/mistral:/var/log/mistral
- /var/log/containers/mistral:/var/log/mistral:z
# NOTE: dprince this requires that we install openstack-tripleo-common into
# the Mistral API image so that we get tripleo* actions