openstack/tripleo-heat-templates
Code Issues Proposed changes

Set setype for log and persistant data directories

Browse Source 
This allows to deploy and use the services on a selinux-enforcing host
with proper selinux separation.

Change-Id: Icde6c61a0b26741946d079b2b00475de34722bea
This commit is contained in:
Cédric Jeanneret 2018-10-19 10:15:01 +02:00 committed by Emilien Macchi
parent c1bf5d8b10
commit c76584c021
69 changed files with 326 additions and 265 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docker/services/ceilometer-agent-central.yaml
View File

@ -113,7 +113,7 @@ outputs:
-
- /var/lib/kolla/config_files/ceilometer_agent_central.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ceilometer/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/ceilometer:/var/log/ceilometer
- /var/log/containers/ceilometer:/var/log/ceilometer:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
step_5:
@ -131,7 +131,7 @@ outputs:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro
- /var/log/containers/ceilometer:/var/log/ceilometer
- /var/log/containers/ceilometer:/var/log/ceilometer:z
command:
- '/usr/bin/bootstrap_host_exec'
- 'ceilometer_agent_central'

3
docker/services/ceilometer-agent-compute.yaml
View File

@ -101,7 +101,7 @@ outputs:
- /var/lib/kolla/config_files/ceilometer_agent_compute.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ceilometer/:/var/lib/kolla/config_files/src:ro
- /var/run/libvirt:/var/run/libvirt:ro
- /var/log/containers/ceilometer:/var/log/ceilometer
- /var/log/containers/ceilometer:/var/log/ceilometer:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
@ -109,6 +109,7 @@ outputs:
file:
path: /var/log/containers/ceilometer
state: directory
setype: svirt_sandbox_file_t
- name: ceilometer logs readme
copy:
dest: /var/log/ceilometer/readme.txt

2
docker/services/ceilometer-agent-notification.yaml
View File

@ -129,7 +129,7 @@ outputs:
- /var/lib/kolla/config_files/ceilometer_agent_notification.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ceilometer/:/var/lib/kolla/config_files/src:ro
- /var/lib/config-data/puppet-generated/panko/:/var/lib/kolla/config_files/src-panko:ro
- /var/log/containers/ceilometer:/var/log/ceilometer
- /var/log/containers/ceilometer:/var/log/ceilometer:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:

12
docker/services/cinder-api.yaml
View File

@ -141,8 +141,8 @@ outputs:
-
- /var/lib/config-data/cinder/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro
- /var/log/containers/cinder:/var/log/cinder
- /var/log/containers/httpd/cinder-api:/var/log/httpd
- /var/log/containers/cinder:/var/log/cinder:z
- /var/log/containers/httpd/cinder-api:/var/log/httpd:z
command:
- '/usr/bin/bootstrap_host_exec'
- 'cinder_api'
@ -164,8 +164,8 @@ outputs:
-
- /var/lib/kolla/config_files/cinder_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/cinder:/var/log/cinder
- /var/log/containers/httpd/cinder-api:/var/log/httpd
- /var/log/containers/cinder:/var/log/cinder:z
- /var/log/containers/httpd/cinder-api:/var/log/httpd:z
-
if:
- internal_tls_enabled
@ -190,8 +190,8 @@ outputs:
-
- /var/lib/kolla/config_files/cinder_api_cron.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/cinder:/var/log/cinder
- /var/log/containers/httpd/cinder-api:/var/log/httpd
- /var/log/containers/cinder:/var/log/cinder:z
- /var/log/containers/httpd/cinder-api:/var/log/httpd:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
docker_puppet_tasks:

9
docker/services/cinder-backup.yaml
View File

@ -142,7 +142,7 @@ outputs:
privileged: false
user: root
volumes:
- /var/log/containers/cinder:/var/log/cinder
- /var/log/containers/cinder:/var/log/cinder:z
command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder']
step_4:
cinder_backup:
@ -164,11 +164,12 @@ outputs:
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/lib/cinder
- /var/log/containers/cinder
- { 'name': /var/lib/cinder, 'setype': svirt_sandbox_file_t }
- { 'name': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t }
- name: cinder logs readme
copy:
dest: /var/log/cinder/readme.txt

4
docker/services/cinder-common.yaml
View File

@ -170,8 +170,8 @@ outputs:
- /run/:/run/
- /sys:/sys
- /lib/modules:/lib/modules:ro
- /var/lib/cinder:/var/lib/cinder
- /var/log/containers/cinder:/var/log/cinder
- /var/lib/cinder:/var/lib/cinder:z
- /var/log/containers/cinder:/var/log/cinder:z
cinder_backup_environment:
description: Docker environment for the cinder-backup container (HA or non-HA)

2
docker/services/cinder-scheduler.yaml
View File

@ -130,7 +130,7 @@ outputs:
-
- /var/lib/kolla/config_files/cinder_scheduler.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/cinder:/var/log/cinder
- /var/log/containers/cinder:/var/log/cinder:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:

7
docker/services/congress.yaml
View File

@ -98,7 +98,7 @@ outputs:
privileged: false
user: root
volumes:
- /var/log/containers/congress:/var/log/congress
- /var/log/containers/congress:/var/log/congress:z
command: ['/bin/bash', '-c', 'chown -R congress:congress /var/log/congress']
step_3:
congress_db_sync:
@ -115,7 +115,7 @@ outputs:
# This should go away anyway and mount the exact files it
# needs or use kolla set_configs.py
- /var/lib/config-data/congress/etc/:/etc/
- /var/log/containers/congress:/var/log/congress
- /var/log/containers/congress:/var/log/congress:z
command: "/usr/bin/bootstrap_host_exec congress su congress -s /bin/bash -c 'congress-db-manage --config-file /etc/congress/congress.conf upgrade head'"
step_4:
congress_api:
@ -130,7 +130,7 @@ outputs:
-
- /var/lib/kolla/config_files/congress_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/congress/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/congress:/var/log/congress
- /var/log/containers/congress:/var/log/congress:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
@ -138,6 +138,7 @@ outputs:
file:
path: /var/log/containers/congress
state: directory
setype: svirt_sandbox_file_t
- name: congress logs readme
copy:
dest: /var/log/congress/readme.txt

15
docker/services/database/mongodb.yaml
View File

@ -112,8 +112,8 @@ outputs:
- - /var/lib/kolla/config_files/mongodb.json:/var/lib/kolla/config_files/config.json
- /var/lib/config-data/puppet-generated/mongodb/:/var/lib/kolla/config_files/src:ro
- /etc/localtime:/etc/localtime:ro
- /var/log/containers/mongodb:/var/log/mongodb
- /var/lib/mongodb:/var/lib/mongodb
- /var/log/containers/mongodb:/var/log/mongodb:z
- /var/lib/mongodb:/var/lib/mongodb:z
- if:
- internal_tls_enabled
- - list_join:
@ -134,8 +134,8 @@ outputs:
config_image: *mongodb_config_image
volumes:
list_concat:
- - /var/lib/mongodb:/var/lib/mongodb
- /var/log/containers/mongodb:/var/log/mongodb
- - /var/lib/mongodb:/var/lib/mongodb:z
- /var/log/containers/mongodb:/var/log/mongodb:z
- if:
- internal_tls_enabled
- - list_join:
@ -148,11 +148,12 @@ outputs:
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/log/containers/mongodb
- /var/lib/mongodb
- { 'path': /var/log/containers/mongodb, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/mongodb, 'setype': svirt_sandbox_file_t }
- name: mongodb logs readme
copy:
dest: /var/log/mongodb/readme.txt

3
docker/services/designate-api.yaml
View File

@ -135,7 +135,7 @@ outputs:
-
- /var/lib/kolla/config_files/designate_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/designate/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/designate:/var/log/designate
- /var/log/containers/designate:/var/log/designate:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
@ -143,6 +143,7 @@ outputs:
file:
path: /var/log/containers/designate
state: directory
setype: svirt_sandbox_file_t
- name: designate logs readme
copy:
dest: /var/log/designate/readme.txt

9
docker/services/designate-central.yaml
View File

@ -107,7 +107,7 @@ outputs:
privileged: false
user: root
volumes:
- /var/log/containers/designate:/var/log/designate
- /var/log/containers/designate:/var/log/designate:z
command: ['/bin/bash', '-c', 'chown -R designate:designate /var/log/designate']
step_3:
designate_db_sync:
@ -122,7 +122,7 @@ outputs:
-
- /var/lib/config-data/designate/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/designate/etc/designate/:/etc/designate/:ro
- /var/log/containers/designate:/var/log/designate
- /var/log/containers/designate:/var/log/designate:z
command: "/usr/bin/bootstrap_host_exec designate_central su designate -s /bin/bash -c 'designate-manage --config-file /etc/designate/designate.conf database sync'"
step_4:
designate_central:
@ -139,7 +139,7 @@ outputs:
- /run:/run
- /var/lib/kolla/config_files/designate_central.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/designate/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/designate:/var/log/designate
- /var/log/containers/designate:/var/log/designate:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
step_5:
@ -154,13 +154,14 @@ outputs:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/designate/etc/designate/:/etc/designate/:ro
- /var/log/containers/designate:/var/log/designate
- /var/log/containers/designate:/var/log/designate:z
command: "/usr/bin/bootstrap_host_exec designate_central su designate -s /bin/bash -c '/bin/designate-manage pool update'"
host_prep_tasks:
- name: create persistent logs directory
file:
path: /var/log/containers/designate
state: directory
setype: svirt_sandbox_file_t
- name: designate logs readme
copy:
dest: /var/log/designate/readme.txt

3
docker/services/designate-mdns.yaml
View File

@ -115,7 +115,7 @@ outputs:
- /run:/run
- /var/lib/kolla/config_files/designate_mdns.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/designate/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/designate:/var/log/designate
- /var/log/containers/designate:/var/log/designate:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
@ -123,6 +123,7 @@ outputs:
file:
path: /var/log/containers/designate
state: directory
setype: svirt_sandbox_file_t
- name: designate logs readme
copy:
dest: /var/log/designate/readme.txt

3
docker/services/designate-producer.yaml
View File

@ -116,7 +116,7 @@ outputs:
- /run:/run
- /var/lib/kolla/config_files/designate_producer.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/designate/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/designate:/var/log/designate
- /var/log/containers/designate:/var/log/designate:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
@ -124,6 +124,7 @@ outputs:
file:
path: /var/log/containers/designate
state: directory
setype: svirt_sandbox_file_t
- name: designate logs readme
copy:
dest: /var/log/designate/readme.txt

3
docker/services/designate-sink.yaml
View File

@ -116,7 +116,7 @@ outputs:
- /run:/run
- /var/lib/kolla/config_files/designate_sink.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/designate/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/designate:/var/log/designate
- /var/log/containers/designate:/var/log/designate:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
@ -124,6 +124,7 @@ outputs:
file:
path: /var/log/containers/designate
state: directory
setype: svirt_sandbox_file_t
- name: designate logs readme
copy:
dest: /var/log/designate/readme.txt

8
docker/services/designate-worker.yaml
View File

@ -141,7 +141,7 @@ outputs:
- /run:/run
- /var/lib/kolla/config_files/designate_worker.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/designate/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/designate:/var/log/designate
- /var/log/containers/designate:/var/log/designate:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
designate_backend_bind9:
@ -156,8 +156,8 @@ outputs:
- /run:/run
- /var/lib/kolla/config_files/designate_backend_bind9.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/designate/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/designate:/var/log/designate
- /var/named-persistent:/var/named-persistent
- /var/log/containers/designate:/var/log/designate:z
- /var/named-persistent:/var/named-persistent:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
@ -165,6 +165,7 @@ outputs:
file:
path: /var/log/containers/designate
state: directory
setype: svirt_sandbox_file_t
- name: designate logs readme
copy:
dest: /var/log/designate/readme.txt
@ -176,3 +177,4 @@ outputs:
file:
path: /var/named-persistent
state: directory
setype: svirt_sandbox_file_t

17
docker/services/ec2-api.yaml
View File

@ -128,10 +128,10 @@ outputs:
privileged: false
user: root
volumes:
- /var/log/containers/ec2_api:/var/log/ec2api
- /var/log/containers/ec2_api:/var/log/ec2api:z
# mount ec2_api_metadata to "ec2api-metadata" only here to fix
# permissions of both directories in one go
- /var/log/containers/ec2_api_metadata:/var/log/ec2api-metadata
- /var/log/containers/ec2_api_metadata:/var/log/ec2api-metadata:z
command: ['/bin/bash', '-c', 'chown -R ec2api:ec2api /var/log/ec2api /var/log/ec2api-metadata']
step_3:
ec2_api_db_sync:
@ -146,7 +146,7 @@ outputs:
-
- /var/lib/config-data/ec2_api/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/ec2_api/etc/ec2api/:/etc/ec2api/:ro
- /var/log/containers/ec2_api:/var/log/ec2api
- /var/log/containers/ec2_api:/var/log/ec2api:z
command: "/usr/bin/bootstrap_host_exec ec2_api su ec2api -s /bin/bash -c '/usr/bin/ec2-api-manage db_sync'"
step_4:
map_merge:
@ -161,7 +161,7 @@ outputs:
-
- /var/lib/kolla/config_files/ec2_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ec2_api/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/ec2_api:/var/log/ec2api
- /var/log/containers/ec2_api:/var/log/ec2api:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
ec2_api_metadata:
@ -175,7 +175,7 @@ outputs:
-
- /var/lib/kolla/config_files/ec2_api_metadata.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ec2_api/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/ec2_api_metadata:/var/log/ec2api
- /var/log/containers/ec2_api_metadata:/var/log/ec2api:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- if:
@ -199,11 +199,12 @@ outputs:
host_prep_tasks:
- name: create persistent log directories
file:
path: /var/log/containers/{{ item }}
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- ec2_api
- ec2_api_metadata
- { 'path': /var/log/containers/ec2_api, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/ec2_api_metadata, 'setype': svirt_sandbox_file_t }
- name: ec2_api logs readme
copy:
dest: /var/log/{{ item }}/readme.txt

7
docker/services/fluentd.yaml
View File

@ -90,17 +90,18 @@ outputs:
privileged: true
user: root
restart: always
security_opt: 'label=disable'
healthcheck:
test: /openstack/healthcheck
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/cache/containers/fluentd:/var/cache/fluentd:rw
- /var/cache/containers/fluentd:/var/cache/fluentd:rw,z
- /var/lib/kolla/config_files/fluentd.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/fluentd/:/var/lib/kolla/config_files/src:ro
- /var/log/containers:/var/log/containers:ro
- /var/log/containers/fluentd:/var/log/fluentd:rw
- /var/log/containers/fluentd:/var/log/fluentd:rw,z
- /etc/rsyslog.d:/etc/rsyslog.d:rw
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
@ -109,6 +110,7 @@ outputs:
file:
path: /var/log/containers/fluentd
state: directory
setype: svirt_sandbox_file_t
- name: fluentd logs readme
copy:
dest: /var/log/fluentd/readme.txt
@ -120,6 +122,7 @@ outputs:
file:
path: /var/cache/containers/fluentd
state: directory
setype: svirt_sandbox_file_t
upgrade_tasks:
- when: step|int == 0
tags: common

23
docker/services/gnocchi-api.yaml
View File

@ -155,8 +155,8 @@ outputs:
user: root
volumes:
- str_replace:
template: GNOCCHI_FILE_BASE_PATH:GNOCCHI_FILE_BASE_PATH
params: {GNOCCHI_FILE_BASE_PATH: {get_param: GnocchiFileBasePath}}
template: GNOCCHI_FILE_BASE_PATH:GNOCCHI_FILE_BASE_PATH:SE_FLAGS
params: {GNOCCHI_FILE_BASE_PATH: {get_param: GnocchiFileBasePath}, SE_FLAGS: 'shared,z'}
command:
- '/bin/bash'
- '-c'
@ -178,10 +178,10 @@ outputs:
- /var/lib/kolla/config_files/gnocchi_db_sync.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro
- str_replace:
template: GNOCCHI_FILE_BASE_PATH:GNOCCHI_FILE_BASE_PATH
params: {GNOCCHI_FILE_BASE_PATH: {get_param: GnocchiFileBasePath}}
- /var/log/containers/gnocchi:/var/log/gnocchi
- /var/log/containers/httpd/gnocchi-api:/var/log/httpd
template: GNOCCHI_FILE_BASE_PATH:GNOCCHI_FILE_BASE_PATH:SE_FLAGS
params: {GNOCCHI_FILE_BASE_PATH: {get_param: GnocchiFileBasePath}, SE_FLAGS: 'shared,z'}
- /var/log/containers/gnocchi:/var/log/gnocchi:z
- /var/log/containers/httpd/gnocchi-api:/var/log/httpd:z
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
@ -198,12 +198,12 @@ outputs:
- {get_attr: [ContainersCommon, volumes]}
-
- str_replace:
template: GNOCCHI_FILE_BASE_PATH:GNOCCHI_FILE_BASE_PATH
params: {GNOCCHI_FILE_BASE_PATH: {get_param: GnocchiFileBasePath}}
template: GNOCCHI_FILE_BASE_PATH:GNOCCHI_FILE_BASE_PATH:SE_FLAGS
params: {GNOCCHI_FILE_BASE_PATH: {get_param: GnocchiFileBasePath}, SE_FLAGS: 'shared,z'}
- /var/lib/kolla/config_files/gnocchi_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/gnocchi:/var/log/gnocchi
- /var/log/containers/httpd/gnocchi-api:/var/log/httpd
- /var/log/containers/gnocchi:/var/log/gnocchi:z
- /var/log/containers/httpd/gnocchi-api:/var/log/httpd:z
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
-
if:
@ -218,7 +218,7 @@ outputs:
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
- name: create persistent data and logs directory
file:
path: "{{ item.path }}"
state: directory
@ -226,6 +226,7 @@ outputs:
with_items:
- { 'path': /var/log/containers/gnocchi, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/gnocchi-api, 'setype': svirt_sandbox_file_t }
- { 'path': {get_param: GnocchiFileBasePath}, 'setype': svirt_sandbox_file_t }
- name: gnocchi logs readme
copy:
dest: /var/log/gnocchi/readme.txt

9
docker/services/gnocchi-metricd.yaml
View File

@ -132,8 +132,8 @@ outputs:
- /var/log/containers/gnocchi:/var/log/gnocchi:z
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
- str_replace:
template: GNOCCHI_FILE_BASE_PATH:GNOCCHI_FILE_BASE_PATH
params: {GNOCCHI_FILE_BASE_PATH: {get_param: GnocchiFileBasePath}}
template: GNOCCHI_FILE_BASE_PATH:GNOCCHI_FILE_BASE_PATH:SE_FLAGS
params: {GNOCCHI_FILE_BASE_PATH: {get_param: GnocchiFileBasePath}, SE_FLAGS: 'shared,z'}
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
@ -149,6 +149,11 @@ outputs:
Log files from gnocchi containers can be found under
/var/log/containers/gnocchi and /var/log/containers/httpd/gnocchi-api.
ignore_errors: true
- name: create persistent data directory
file:
path: {get_param: GnocchiFileBasePath}
state: directory
setype: svirt_sandbox_file_t
- name: ensure ceph configurations exist
file:
path: /etc/ceph

9
docker/services/gnocchi-statsd.yaml
View File

@ -132,8 +132,8 @@ outputs:
- /var/log/containers/gnocchi:/var/log/gnocchi:z
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
- str_replace:
template: GNOCCHI_FILE_BASE_PATH:GNOCCHI_FILE_BASE_PATH
params: {GNOCCHI_FILE_BASE_PATH: {get_param: GnocchiFileBasePath}}
template: GNOCCHI_FILE_BASE_PATH:GNOCCHI_FILE_BASE_PATH:SE_FLAGS
params: {GNOCCHI_FILE_BASE_PATH: {get_param: GnocchiFileBasePath}, SE_FLAGS: 'shared,z'}
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
@ -149,6 +149,11 @@ outputs:
Log files from gnocchi containers can be found under
/var/log/containers/gnocchi and /var/log/containers/httpd/gnocchi-api.
ignore_errors: true
- name: create persistent data directory
file:
path: {get_param: GnocchiFileBasePath}
state: directory
setype: svirt_sandbox_file_t
- name: ensure ceph configurations exist
file:
path: /etc/ceph

8
docker/services/horizon.yaml
View File

@ -113,8 +113,8 @@ outputs:
# http://paste.openstack.org/show/609819/
command: ['/bin/bash', '-c', 'touch /var/log/horizon/horizon.log && chown -R apache:apache /var/log/horizon && chmod -R a+rx /etc/openstack-dashboard']
volumes:
- /var/log/containers/horizon:/var/log/horizon
- /var/log/containers/httpd/horizon:/var/log/httpd
- /var/log/containers/horizon:/var/log/horizon:z
- /var/log/containers/httpd/horizon:/var/log/httpd:z
- /var/lib/config-data/puppet-generated/horizon/etc/openstack-dashboard:/etc/openstack-dashboard
step_3:
horizon:
@ -128,8 +128,8 @@ outputs:
-
- /var/lib/kolla/config_files/horizon.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/horizon/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/horizon:/var/log/horizon
- /var/log/containers/httpd/horizon:/var/log/httpd
- /var/log/containers/horizon:/var/log/horizon:z
- /var/log/containers/httpd/horizon:/var/log/httpd:z
- /var/www/:/var/www/:ro
-
if:

8
docker/services/ironic-api.yaml
View File

@ -115,8 +115,8 @@ outputs:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/ironic_api/etc/ironic:/etc/ironic:ro
- /var/log/containers/ironic:/var/log/ironic
- /var/log/containers/httpd/ironic-api:/var/log/httpd
- /var/log/containers/ironic:/var/log/ironic:z
- /var/log/containers/httpd/ironic-api:/var/log/httpd:z
command: "/usr/bin/bootstrap_host_exec ironic_api su ironic -s /bin/bash -c 'ironic-dbsync --config-file /etc/ironic/ironic.conf'"
step_4:
ironic_api:
@ -133,8 +133,8 @@ outputs:
-
- /var/lib/kolla/config_files/ironic_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ironic_api/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/ironic:/var/log/ironic
- /var/log/containers/httpd/ironic-api:/var/log/httpd
- /var/log/containers/ironic:/var/log/ironic:z
- /var/log/containers/httpd/ironic-api:/var/log/httpd:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:

18
docker/services/ironic-inspector.yaml
View File

@ -128,7 +128,7 @@ outputs:
get_param: DockerIronicInspectorImage
user: root
volumes:
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector:z
command: ['/bin/bash', '-c', 'chown -R ironic-inspector:ironic-inspector /var/log/ironic-inspector']
ironic_inspector_init_dnsmasq_dhcp_hostsdir:
@ -136,7 +136,7 @@ outputs:
image: *ironic_inspector_image
user: root
volumes:
- /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir:shared
- /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir:shared,z
command: ['/bin/bash', '-c', 'chown -R ironic-inspector:ironic-inspector /var/lib/ironic-inspector/dhcp-hostsdir']
ironic_inspector_db_sync:
start_order: 2
@ -151,7 +151,7 @@ outputs:
-
- /var/lib/kolla/config_files/ironic_inspector.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/ironic_inspector/etc/ironic-inspector:/etc/ironic-inspector:ro
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
command: "/usr/bin/bootstrap_host_exec ironic_inspector su ironic-inspector -s /bin/bash -c 'ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade'"
@ -167,7 +167,7 @@ outputs:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ironic_inspector.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/ironic:/var/lib/ironic:shared
- /var/lib/ironic:/var/lib/ironic:shared,z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
command:
@ -195,9 +195,9 @@ outputs:
-
- /var/lib/kolla/config_files/ironic_inspector.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ironic_inspector/:/var/lib/kolla/config_files/src:ro
- /var/lib/ironic:/var/lib/ironic:shared
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector
- /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir:shared
- /var/lib/ironic:/var/lib/ironic:shared,z
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector:z
- /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir:shared,z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
ironic_inspector_dnsmasq:
@ -215,8 +215,8 @@ outputs:
-
- /var/lib/kolla/config_files/ironic_inspector_dnsmasq.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ironic_inspector/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector
- /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir:shared
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector:z
- /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir:shared,z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:

8
docker/services/ironic-pxe.yaml
View File

@ -132,7 +132,7 @@ outputs:
-
- /var/lib/kolla/config_files/ironic_pxe_tftp.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ironic/:/var/lib/kolla/config_files/src:ro
- /var/lib/ironic:/var/lib/ironic/:z
- /var/lib/ironic:/var/lib/ironic/:shared,z
- /dev/log:/dev/log
- /var/log/containers/ironic:/var/log/ironic:z
- /var/log/containers/httpd/ironic-pxe:/var/log/httpd:z
@ -150,9 +150,9 @@ outputs:
-
- /var/lib/kolla/config_files/ironic_pxe_http.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ironic/:/var/lib/kolla/config_files/src:ro
- /var/lib/ironic:/var/lib/ironic/:shared
- /var/log/containers/ironic:/var/log/ironic
- /var/log/containers/httpd/ironic-pxe:/var/log/httpd
- /var/lib/ironic:/var/lib/ironic/:shared,z
- /var/log/containers/ironic:/var/log/ironic:z
- /var/log/containers/httpd/ironic-pxe:/var/log/httpd:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:

11
docker/services/logging/files/barbican-api.yaml
View File

@ -18,8 +18,8 @@ outputs:
volumes:
description: The volumes needed to log to files in the host.
value: &barbican_api_volumes
- /var/log/containers/barbican:/var/log/barbican
- /var/log/containers/httpd/barbican-api:/var/log/httpd
- /var/log/containers/barbican:/var/log/barbican:z
- /var/log/containers/httpd/barbican-api:/var/log/httpd:z
docker_config:
description: Extra containers needed for logging to files in the host.
value:
@ -34,11 +34,12 @@ outputs:
value:
- name: create persistent logs directory
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/log/containers/barbican
- /var/log/containers/httpd/barbican-api
- { 'path': /var/log/containers/barbican, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/barbican-api, 'setype': svirt_sandbox_file_t }
- name: barbican logs readme
copy:
dest: /var/log/barbican/readme.txt

2
docker/services/logging/files/glance-api.yaml
View File

@ -15,7 +15,7 @@ outputs:
volumes:
description: The volumes needed to log to files in the host.
value: &glance_api_volumes
- /var/log/containers/glance:/var/log/glance
- /var/log/containers/glance:/var/log/glance:z
docker_config:
description: Extra containers needed for logging to files in the host.
value:

11
docker/services/logging/files/heat-api-cfn.yaml
View File

@ -14,18 +14,19 @@ outputs:
volumes:
description: The volumes needed to log to files in the host.
value:
- /var/log/containers/heat:/var/log/heat
- /var/log/containers/httpd/heat-api-cfn:/var/log/httpd
- /var/log/containers/heat:/var/log/heat:z
- /var/log/containers/httpd/heat-api-cfn:/var/log/httpd:z
host_prep_tasks:
description: Extra ansible tasks needed for logging to files in the host.
value:
- name: create persistent logs directory
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/log/containers/heat
- /var/log/containers/httpd/heat-api-cfn
- { 'path': /var/log/containers/heat, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/heat-api-cfn, 'setype': svirt_sandbox_file_t }
- name: heat logs readme
copy:
dest: /var/log/heat/readme.txt

11
docker/services/logging/files/heat-api.yaml
View File

@ -14,18 +14,19 @@ outputs:
volumes:
description: The volumes needed to log to files in the host.
value:
- /var/log/containers/heat:/var/log/heat
- /var/log/containers/httpd/heat-api:/var/log/httpd
- /var/log/containers/heat:/var/log/heat:z
- /var/log/containers/httpd/heat-api:/var/log/httpd:z
host_prep_tasks:
description: Extra ansible tasks needed for logging to files in the host.
value:
- name: create persistent logs directory
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/log/containers/heat
- /var/log/containers/httpd/heat-api
- { 'path': /var/log/containers/heat, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/heat-api, 'setype': svirt_sandbox_file_t }
- name: heat logs readme
copy:
dest: /var/log/heat/readme.txt

5
docker/services/logging/files/heat-engine.yaml
View File

@ -24,12 +24,12 @@ outputs:
image: {get_param: DockerHeatEngineImage}
user: root
volumes:
- /var/log/containers/heat:/var/log/heat
- /var/log/containers/heat:/var/log/heat:z
command: ['/bin/bash', '-c', 'chown -R heat:heat /var/log/heat']
volumes:
description: The volumes needed to log to files in the host.
value:
- /var/log/containers/heat:/var/log/heat
- /var/log/containers/heat:/var/log/heat:z
host_prep_tasks:
description: Extra ansible tasks needed for logging to files in the host.
value:
@ -37,6 +37,7 @@ outputs:
file:
path: /var/log/containers/heat
state: directory
setype: svirt_sandbox_file_t
- name: heat logs readme
copy:
dest: /var/log/heat/readme.txt

4
docker/services/logging/files/keystone.yaml
View File

@ -15,8 +15,8 @@ outputs:
volumes:
description: The volumes needed to log to files in the host.
value: &keystone_volumes
- /var/log/containers/keystone:/var/log/keystone
- /var/log/containers/httpd/keystone:/var/log/httpd
- /var/log/containers/keystone:/var/log/keystone:z
- /var/log/containers/httpd/keystone:/var/log/httpd:z
docker_config:
description: Extra containers needed for logging to files in the host.
value:

11
docker/services/logging/files/neutron-api.yaml
View File

@ -25,8 +25,8 @@ outputs:
volumes:
description: extra volumes
value: &neutron_api_volumes
- /var/log/containers/neutron:/var/log/neutron
- /var/log/containers/httpd/neutron-api:/var/log/httpd
- /var/log/containers/neutron:/var/log/neutron:z
- /var/log/containers/httpd/neutron-api:/var/log/httpd:z
docker_config:
description: Extra containers needed for logging to files in the host.
value:
@ -43,11 +43,12 @@ outputs:
value:
- name: create persistent logs directory
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/log/containers/neutron
- /var/log/containers/httpd/neutron-api
- { 'path': /var/log/containers/neutron, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/neutron-api, 'setype': svirt_sandbox_file_t }
- name: neutron logs readme
copy:
dest: /var/log/neutron/readme.txt

7
docker/services/logging/files/neutron-common.yaml
View File

@ -26,16 +26,17 @@ outputs:
volumes:
description: The volumes needed to log to files in the host.
value:
- /var/log/containers/neutron:/var/log/neutron
- /var/log/containers/neutron:/var/log/neutron:z
host_prep_tasks:
description: Extra ansible tasks needed for logging to files in the host.
value:
- name: create persistent logs directory
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/log/containers/neutron
- { 'path': /var/log/containers/neutron, 'setype': svirt_sandbox_file_t }
- name: neutron logs readme
copy:
dest: /var/log/neutron/readme.txt

3
docker/services/logging/files/nova-common.yaml
View File

@ -44,7 +44,7 @@ outputs:
privileged: false
user: root
volumes:
- /var/log/containers/nova:/var/log/nova
- /var/log/containers/nova:/var/log/nova:z
command: ['/bin/bash', '-c', 'chown -R nova:nova /var/log/nova']
- keys:
CONTAINERNAME: {get_attr: [InitLogContainerName, value]}
@ -55,6 +55,7 @@ outputs:
file:
path: /var/log/containers/nova
state: directory
setype: svirt_sandbox_file_t
- name: nova logs readme
copy:
dest: /var/log/nova/readme.txt

11
docker/services/logging/files/nova-metadata.yaml
View File

@ -15,8 +15,8 @@ outputs:
volumes:
description: The volumes needed to log to files in the host.
value: &nova_metadata_volumes
- /var/log/containers/nova:/var/log/nova
- /var/log/containers/httpd/nova-metadata:/var/log/httpd
- /var/log/containers/nova:/var/log/nova:z
- /var/log/containers/httpd/nova-metadata:/var/log/httpd:z
docker_config:
description: Extra containers needed for logging to files in the host.
value:
@ -32,11 +32,12 @@ outputs:
value:
- name: create persistent logs directory
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/log/containers/nova
- /var/log/containers/httpd/nova-metadata
- { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/nova-metadata, 'setype': svirt_sandbox_file_t }
- name: nova logs readme
copy:
dest: /var/log/nova/readme.txt

11
docker/services/logging/files/nova-placement.yaml
View File

@ -15,8 +15,8 @@ outputs:
volumes:
description: The volumes needed to log to files in the host.
value: &nova_placement_volumes
- /var/log/containers/nova:/var/log/nova
- /var/log/containers/httpd/nova-placement:/var/log/httpd
- /var/log/containers/nova:/var/log/nova:z
- /var/log/containers/httpd/nova-placement:/var/log/httpd:z
docker_config:
description: Extra containers needed for logging to files in the host.
value:
@ -32,11 +32,12 @@ outputs:
value:
- name: create persistent logs directory
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/log/containers/nova
- /var/log/containers/httpd/nova-placement
- { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/nova-placement, 'setype': svirt_sandbox_file_t }
- name: nova logs readme
copy:
dest: /var/log/nova/readme.txt

11
docker/services/logging/files/opendaylight-api.yaml
View File

@ -13,20 +13,21 @@ outputs:
volumes:
description: The volumes needed to log to files in the host.
value:
- /var/log/containers/opendaylight/karaf/logs:/opt/opendaylight/data/log
- /var/log/containers/opendaylight/karaf/logs:/opt/opendaylight/data/log:z
host_prep_tasks:
description: Extra ansible tasks needed for logging to files in the host.
value:
- name: create persistent logs directory
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/log/containers/opendaylight/karaf/logs
- /var/log/opendaylight
- { 'path': /var/log/containers/opendaylight/karaf/logs, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/opendaylight, 'setype': svirt_sandbox_file_t }
- name: opendaylight logs readme
copy:
dest: /var/log/opendaylight/readme.txt
content: |
Logs from OpenDaylight container can be found at /var/log/containers/opendaylight/karaf/logs/karaf.log
ignore_errors: true
ignore_errors: true

11
docker/services/logging/files/panko-api.yaml
View File

@ -18,8 +18,8 @@ outputs:
volumes:
description: The volumes needed to log to files in the host.
value: &panko_api_volumes
- /var/log/containers/panko:/var/log/panko
- /var/log/containers/httpd/panko-api:/var/log/httpd
- /var/log/containers/panko:/var/log/panko:z
- /var/log/containers/httpd/panko-api:/var/log/httpd:z
docker_config:
description: Extra containers needed for logging to files in the host.
value:
@ -34,11 +34,12 @@ outputs:
value:
- name: create persistent logs directory
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/log/containers/panko
- /var/log/containers/httpd/panko-api
- { 'path': /var/log/containers/panko, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/panko-api, 'setype': svirt_sandbox_file_t }
- name: panko logs readme
copy:
dest: /var/log/panko/readme.txt

19
docker/services/manila-api.yaml
View File

@ -88,8 +88,8 @@ outputs:
image: &manila_api_image {get_param: DockerManilaApiImage}
user: root
volumes:
- /var/log/containers/manila:/var/log/manila
- /var/log/containers/httpd/manila-api:/var/log/httpd
- /var/log/containers/manila:/var/log/manila:z
- /var/log/containers/httpd/manila-api:/var/log/httpd:z
command: ['/bin/bash', '-c', 'chown -R manila:manila /var/log/manila']
step_3:
manila_api_db_sync:
@ -103,8 +103,8 @@ outputs:
-
- /var/lib/config-data/manila/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro
- /var/log/containers/manila:/var/log/manila
- /var/log/containers/httpd/manila-api:/var/log/httpd
- /var/log/containers/manila:/var/log/manila:z
- /var/log/containers/httpd/manila-api:/var/log/httpd:z
command: "/usr/bin/bootstrap_host_exec manila_api su manila -s /bin/bash -c '/usr/bin/manila-manage db sync'"
step_4:
manila_api:
@ -117,18 +117,19 @@ outputs:
-
- /var/lib/kolla/config_files/manila_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/manila/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/manila:/var/log/manila
- /var/log/containers/httpd/manila-api:/var/log/httpd
- /var/log/containers/manila:/var/log/manila:z
- /var/log/containers/httpd/manila-api:/var/log/httpd:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: Create persistent manila logs directory
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/log/containers/manila
- /var/log/containers/httpd/manila-api
- { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/manila-api, 'setype': svirt_sandbox_file_t }
- name: manila logs readme
copy:
dest: /var/log/manila/readme.txt

4
docker/services/manila-common.yaml
View File

@ -62,8 +62,8 @@ outputs:
- /run/:/run/
- /sys:/sys
- /lib/modules:/lib/modules:ro
- /var/lib/manila:/var/lib/manila
- /var/log/containers/manila:/var/log/manila
- /var/lib/manila:/var/lib/manila:z
- /var/log/containers/manila:/var/log/manila:z
- if:
- cephfs_nfs_enabled
-

3
docker/services/manila-scheduler.yaml
View File

@ -103,7 +103,7 @@ outputs:
-
- /var/lib/kolla/config_files/manila_scheduler.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/manila/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/manila:/var/log/manila
- /var/log/containers/manila:/var/log/manila:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
@ -111,6 +111,7 @@ outputs:
file:
path: /var/log/containers/manila
state: directory
setype: svirt_sandbox_file_t
- name: manila logs readme
copy:
dest: /var/log/manila/readme.txt

7
docker/services/manila-share.yaml
View File

@ -122,11 +122,12 @@ outputs:
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/log/containers/manila
- /var/lib/manila
- { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/manila, 'setype': svirt_sandbox_file_t }
- name: manila logs readme
copy:
dest: /var/log/manila/readme.txt

8
docker/services/messaging/notify-rabbitmq.yaml
View File

@ -141,7 +141,7 @@ outputs:
- /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq:z
- /var/log/containers/rabbitmq:/var/log/rabbitmq
- /var/log/containers/rabbitmq:/var/log/rabbitmq:z
- if:
- internal_tls_enabled
-
@ -181,8 +181,8 @@ outputs:
-
- /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq
- /var/log/containers/rabbitmq:/var/log/rabbitmq
- /var/lib/rabbitmq:/var/lib/rabbitmq:z
- /var/log/containers/rabbitmq:/var/log/rabbitmq:z
- if:
- internal_tls_enabled
-
@ -205,7 +205,7 @@ outputs:
config_image: *rabbitmq_config_image
volumes:
- /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq
- /var/lib/rabbitmq:/var/lib/rabbitmq:z
metadata_settings:
get_attr: [RabbitmqBase, role_data, metadata_settings]
host_prep_tasks:

13
docker/services/messaging/rpc-qdrouterd.yaml
View File

@ -95,7 +95,7 @@ outputs:
privileged: false
user: root
volumes:
- /var/log/containers/qdrouterd:/var/log/qdrouterd
- /var/log/containers/qdrouterd:/var/log/qdrouterd:z
command: ['/bin/bash', '-c', 'chown -R qdrouterd:qdrouterd /var/log/qdrouterd']
qdrouterd:
start_order: 1
@ -110,17 +110,18 @@ outputs:
-
- /var/lib/kolla/config_files/qdrouterd.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/qdrouterd/:/var/lib/kolla/config_files/src:ro
- /var/lib/qdrouterd:/var/lib/qdrouterd
- /var/log/containers/qdrouterd:/var/log/qdrouterd
- /var/lib/qdrouterd:/var/lib/qdrouterd:z
- /var/log/containers/qdrouterd:/var/log/qdrouterd:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/log/containers/qdrouterd
- /var/lib/qdrouterd
- { 'path': /var/log/containers/qdrouterd, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/qdrouterd, 'setype': svirt_sandbox_file_t }
metadata_settings:
get_attr: [QdrouterdBase, role_data, metadata_settings]

8
docker/services/messaging/rpc-rabbitmq.yaml
View File

@ -141,7 +141,7 @@ outputs:
- /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq:z
- /var/log/containers/rabbitmq:/var/log/rabbitmq
- /var/log/containers/rabbitmq:/var/log/rabbitmq:z
- if:
- internal_tls_enabled
-
@ -181,8 +181,8 @@ outputs:
-
- /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq
- /var/log/containers/rabbitmq:/var/log/rabbitmq
- /var/lib/rabbitmq:/var/lib/rabbitmq:z
- /var/log/containers/rabbitmq:/var/log/rabbitmq:z
- if:
- internal_tls_enabled
-
@ -205,7 +205,7 @@ outputs:
config_image: *rabbitmq_config_image
volumes:
- /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq
- /var/lib/rabbitmq:/var/lib/rabbitmq:z
metadata_settings:
get_attr: [RabbitmqBase, role_data, metadata_settings]
host_prep_tasks:

3
docker/services/metrics/collectd.yaml
View File

@ -107,7 +107,7 @@ outputs:
-
- /var/lib/kolla/config_files/collectd.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/collectd/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/collectd:/var/log/collectd:rw
- /var/log/containers/collectd:/var/log/collectd:rw,z
- /var/run/openvswitch:/var/run/openvswitch:ro
- /var/run/ceph:/var/run/ceph:ro
- /var/run/libvirt:/var/run/libvirt:ro
@ -118,6 +118,7 @@ outputs:
file:
path: /var/log/containers/collectd
state: directory
setype: svirt_sandbox_file_t
- name: collectd logs readme
copy:
dest: /var/log/collectd/readme.txt

13
docker/services/metrics/qdr.yaml
View File

@ -184,7 +184,7 @@ outputs:
privileged: false
user: root
volumes:
- /var/log/containers/metrics-qdr:/var/log/qdrouterd
- /var/log/containers/metrics-qdr:/var/log/qdrouterd:z
command: ['/bin/bash', '-c', 'chown -R qdrouterd:qdrouterd /var/log/qdrouterd']
metrics_qdr:
start_order: 1
@ -199,18 +199,19 @@ outputs:
-
- /var/lib/kolla/config_files/metrics-qdr.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/metrics-qdr/:/var/lib/kolla/config_files/src:ro
- /var/lib/metrics-qdr:/var/lib/qdrouterd
- /var/log/containers/metrics-qdr:/var/log/qdrouterd
- /var/lib/metrics-qdr:/var/lib/qdrouterd:z
- /var/log/containers/metrics-qdr:/var/log/qdrouterd:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/log/containers/metrics-qdr
- /var/lib/metrics-qdr
- { 'path': /var/log/containers/metrics-qdr, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/metrics-qdr, 'setype': svirt_sandbox_file_t }
- name: qrouterd logs readme
copy:
dest: /var/log/qrouterd/readme-metrics.txt

6
docker/services/mistral-api.yaml
View File

@ -113,7 +113,7 @@ outputs:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro
- /var/log/containers/mistral:/var/log/mistral
- /var/log/containers/mistral:/var/log/mistral:z
command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head'"
step_4:
mistral_api:
@ -130,7 +130,7 @@ outputs:
-
- /var/lib/kolla/config_files/mistral_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/mistral/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/mistral:/var/log/mistral
- /var/log/containers/mistral:/var/log/mistral:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
step_5:
@ -146,7 +146,7 @@ outputs:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro
- /var/log/containers/mistral:/var/log/mistral
- /var/log/containers/mistral:/var/log/mistral:z
# NOTE: dprince this requires that we install openstack-tripleo-common into
# the Mistral API image so that we get tripleo* actions
command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf populate'"

11
docker/services/neutron-dhcp.yaml
View File

@ -194,8 +194,8 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, docker_puppet_apply_volumes]}
-
- /run/openvswitch:/run/openvswitch:z
- /var/lib/neutron:/var/lib/neutron:z
- /run/openvswitch:/run/openvswitch:shared,z
- /var/lib/neutron:/var/lib/neutron:shared,z
step_4:
neutron_dhcp:
start_order: 10
@ -204,6 +204,7 @@ outputs:
pid: host
privileged: true
restart: always
security_opt: 'label=disable'
healthcheck:
test:
list_join:
@ -222,9 +223,9 @@ outputs:
- /var/lib/kolla/config_files/neutron_dhcp.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run/openvswitch:/run/openvswitch
- /var/lib/neutron:/var/lib/neutron
- /run/netns:/run/netns:shared
- /run/openvswitch:/run/openvswitch:shared,z
- /var/lib/neutron:/var/lib/neutron:shared,z
- /run/netns:/run/netns:shared,z
-
if:
- docker_enabled

10
docker/services/neutron-l3.yaml
View File

@ -193,8 +193,8 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, docker_puppet_apply_volumes]}
-
- /run/openvswitch:/run/openvswitch:z
- /var/lib/neutron:/var/lib/neutron:z
- /run/openvswitch:/run/openvswitch:shared,z
- /var/lib/neutron:/var/lib/neutron:shared,z
step_4:
neutron_l3_agent:
start_order: 10
@ -221,9 +221,9 @@ outputs:
- /var/lib/kolla/config_files/neutron_l3_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run/openvswitch:/run/openvswitch
- /var/lib/neutron:/var/lib/neutron
- /run/netns:/run/netns:shared
- /run/openvswitch:/run/openvswitch:shared,z
- /var/lib/neutron:/var/lib/neutron:shared,z
- /run/netns:/run/netns:shared,z
-
if:
- docker_enabled

2
docker/services/neutron-metadata.yaml
View File

@ -130,7 +130,7 @@ outputs:
- /var/lib/kolla/config_files/neutron_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /var/lib/neutron:/var/lib/neutron:z
- /var/lib/neutron:/var/lib/neutron:shared,z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
metadata_settings:

10
docker/services/neutron-ovs-agent.yaml
View File

@ -100,7 +100,7 @@ outputs:
# on the unix domain socket - /run/openvswitch/db.sock
volumes:
- /lib/modules:/lib/modules:ro
- /run/openvswitch:/run/openvswitch:z
- /run/openvswitch:/run/openvswitch:shared,z
kolla_config:
/var/lib/kolla/config_files/neutron_ovs_agent.json:
command: /neutron_ovs_agent_launcher.sh
@ -130,6 +130,7 @@ outputs:
pid: host
user: root
privileged: true
security_opt: 'label=disable'
command:
- puppet
- apply
@ -147,10 +148,10 @@ outputs:
- /var/lib/kolla/config_files/neutron_ovs_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run/openvswitch:/run/openvswitch
- /run/openvswitch:/run/openvswitch:shared,z
- /etc/puppet:/etc/puppet:ro
- /usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro
- /var/run/openvswitch/:/var/run/openvswitch/
- /var/run/openvswitch/:/var/run/openvswitch/:shared,z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
step_4:
@ -160,6 +161,7 @@ outputs:
net: host
pid: host
privileged: true
security_opt: 'label=disable'
restart: always
healthcheck:
test:
@ -180,7 +182,7 @@ outputs:
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /var/lib/docker-config-scripts/neutron_ovs_agent_launcher.sh:/neutron_ovs_agent_launcher.sh:ro
- /lib/modules:/lib/modules:ro
- /run/openvswitch:/run/openvswitch
- /run/openvswitch:/run/openvswitch:shared,z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
metadata_settings:

2
docker/services/nova-compute.yaml
View File

@ -228,7 +228,7 @@ outputs:
- /lib/modules:/lib/modules:ro
- /run:/run
- /var/lib/nova:/var/lib/nova:shared,z
- /var/lib/libvirt:/var/lib/libvirt
- /var/lib/libvirt:/var/lib/libvirt:shared,z
- /sys/class/net:/sys/class/net
- /sys/bus/pci:/sys/bus/pci
environment:

4
docker/services/nova-ironic.yaml
View File

@ -110,7 +110,7 @@ outputs:
privileged: false
detach: false
volumes:
- /var/lib/nova:/var/lib/nova:z
- /var/lib/nova:/var/lib/nova:shared,z
- /var/lib/docker-config-scripts/:/docker-config-scripts/
command: "/docker-config-scripts/nova_statedir_ownership.py"
step_5:
@ -139,7 +139,7 @@ outputs:
- /run:/run
- /dev:/dev
- /var/lib/nova/:/var/lib/nova:shared,z
- /var/log/containers/nova:/var/log/nova
- /var/log/containers/nova:/var/log/nova:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:

12
docker/services/nova-libvirt.yaml
View File

@ -340,11 +340,11 @@ outputs:
- /sys/fs/cgroup:/sys/fs/cgroup
- /var/lib/nova:/var/lib/nova:shared,z
- /etc/libvirt:/etc/libvirt
- /var/run/libvirt:/var/run/libvirt
- /var/lib/libvirt:/var/lib/libvirt
- /var/log/containers/libvirt:/var/log/libvirt
- /var/run/libvirt:/var/run/libvirt:shared,z
- /var/lib/libvirt:/var/lib/libvirt:shared,z
- /var/log/containers/libvirt:/var/log/libvirt:z
- /var/log/libvirt/qemu:/var/log/libvirt/qemu:ro
- /var/lib/vhost_sockets:/var/lib/vhost_sockets
- /var/lib/vhost_sockets:/var/lib/vhost_sockets:z
- /sys/fs/selinux:/sys/fs/selinux
-
if:
@ -403,8 +403,8 @@ outputs:
-
- /var/lib/config-data/puppet-generated/nova_libvirt/etc/nova:/etc/nova:ro
- /etc/libvirt:/etc/libvirt
- /var/run/libvirt:/var/run/libvirt
- /var/lib/libvirt:/var/lib/libvirt
- /var/run/libvirt:/var/run/libvirt:shared,z
- /var/lib/libvirt:/var/lib/libvirt:shared,z
command:
- /bin/bash
- -c

19
docker/services/octavia-api.yaml
View File

@ -125,8 +125,8 @@ outputs:
# octavia services, hence the same container image to generate
# configuration.
- /var/lib/config-data/puppet-generated/octavia/etc/octavia:/etc/octavia/
- /var/log/containers/octavia:/var/log/octavia
- /var/log/containers/httpd/octavia-api:/var/log/httpd
- /var/log/containers/octavia:/var/log/octavia:z
- /var/log/containers/httpd/octavia-api:/var/log/httpd:z
command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-api; chown -R octavia:octavia /etc/octavia/conf.d/octavia-api; chown -R octavia:octavia /var/log/octavia']
step_3:
octavia_db_sync:
@ -142,8 +142,8 @@ outputs:
-
- /var/lib/config-data/octavia/etc/octavia/:/etc/octavia/:ro
- /var/lib/config-data/octavia/etc/my.cnf.d/:/etc/my.cnf.d/:ro
- /var/log/containers/octavia:/var/log/octavia
- /var/log/containers/httpd/octavia-api:/var/log/httpd
- /var/log/containers/octavia:/var/log/octavia:z
- /var/log/containers/httpd/octavia-api:/var/log/httpd:z
command: "/usr/bin/bootstrap_host_exec octavia_api su octavia -s /bin/bash -c '/usr/bin/octavia-db-manage upgrade head'"
step_4:
map_merge:
@ -161,8 +161,8 @@ outputs:
-
- /var/lib/kolla/config_files/octavia_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/octavia/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/octavia:/var/log/octavia
- /var/log/containers/httpd/octavia-api:/var/log/httpd
- /var/log/containers/octavia:/var/log/octavia:z
- /var/log/containers/httpd/octavia-api:/var/log/httpd:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- if:
@ -187,11 +187,12 @@ outputs:
host_prep_tasks:
- name: create persistent logs directory
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/log/containers/octavia
- /var/log/containers/httpd/octavia-api
- { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/octavia-api, 'setype': svirt_sandbox_file_t }
- name: octavia logs readme
copy:
dest: /var/log/octavia/readme.txt

5
docker/services/octavia-health-manager.yaml
View File

@ -106,7 +106,7 @@ outputs:
# missing here because we use the same config_volume for all
# octavia services, hence the same container image to generate
# configuration.
- /var/lib/config-data/puppet-generated/octavia/etc/octavia:/etc/octavia/
- /var/lib/config-data/puppet-generated/octavia/etc/octavia:/etc/octavia/:z
command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-health-manager; chown -R octavia:octavia /etc/octavia/conf.d/octavia-health-manager']
step_4:
octavia_health_manager:
@ -123,7 +123,7 @@ outputs:
-
- /var/lib/kolla/config_files/octavia_health_manager.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/octavia/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/octavia:/var/log/octavia
- /var/log/containers/octavia:/var/log/octavia:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
@ -131,6 +131,7 @@ outputs:
file:
path: /var/log/containers/octavia
state: directory
setype: svirt_sandbox_file_t
- name: octavia logs readme
copy:
dest: /var/log/octavia/readme.txt

5
docker/services/octavia-housekeeping.yaml
View File

@ -102,7 +102,7 @@ outputs:
# missing here because we use the same config_volume for all
# octavia services, hence the same container image to generate
# configuration.
- /var/lib/config-data/puppet-generated/octavia/etc/octavia:/etc/octavia/
- /var/lib/config-data/puppet-generated/octavia/etc/octavia:/etc/octavia/:z
command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-housekeeping; chown -R octavia:octavia /etc/octavia/conf.d/octavia-housekeeping']
step_4:
octavia_housekeeping:
@ -119,7 +119,7 @@ outputs:
-
- /var/lib/kolla/config_files/octavia_housekeeping.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/octavia/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/octavia:/var/log/octavia
- /var/log/containers/octavia:/var/log/octavia:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
@ -127,6 +127,7 @@ outputs:
file:
path: /var/log/containers/octavia
state: directory
setype: svirt_sandbox_file_t
- name: octavia logs readme
copy:
dest: /var/log/octavia/readme.txt

5
docker/services/octavia-worker.yaml
View File

@ -109,7 +109,7 @@ outputs:
# missing here because we use the same config_volume for all
# octavia services, hence the same container image to generate
# configuration.
- /var/lib/config-data/puppet-generated/octavia/etc/octavia:/etc/octavia/
- /var/lib/config-data/puppet-generated/octavia/etc/octavia:/etc/octavia/:z
command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-worker; chown -R octavia:octavia /etc/octavia/conf.d/octavia-worker']
step_4:
octavia_worker:
@ -133,7 +133,7 @@ outputs:
-
- /var/lib/kolla/config_files/octavia_worker.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/octavia/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/octavia:/var/log/octavia
- /var/log/containers/octavia:/var/log/octavia:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
docker_puppet_tasks:
@ -150,6 +150,7 @@ outputs:
file:
path: /var/log/containers/octavia
state: directory
setype: svirt_sandbox_file_t
- name: octavia logs readme
copy:
dest: /var/log/octavia/readme.txt

7
docker/services/ovn-controller.yaml
View File

@ -75,7 +75,7 @@ outputs:
# on the unix domain socket - /run/openvswitch/db.sock
volumes:
- /lib/modules:/lib/modules:ro
- /run/openvswitch:/run/openvswitch
- /run/openvswitch:/run/openvswitch:shared,z
kolla_config:
/var/lib/kolla/config_files/ovn_controller.json:
command: /usr/bin/ovn-controller --pidfile --log-file unix:/run/openvswitch/db.sock
@ -98,7 +98,7 @@ outputs:
- {get_attr: [ContainersCommon, volumes]}
-
- /lib/modules:/lib/modules:ro
- /run/openvswitch:/run/openvswitch
- /run/openvswitch:/run/openvswitch:shared,z
ovn_controller:
start_order: 1
image: *ovn_controller_image
@ -122,7 +122,7 @@ outputs:
# openvswitch systemd script is fixed to not delete /run/openvswitch
# folder in the host when openvswitch service is stopped.
- /run:/run
- /var/log/containers/openvswitch:/var/log/openvswitch
- /var/log/containers/openvswitch:/var/log/openvswitch:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
@ -130,6 +130,7 @@ outputs:
file:
path: /var/log/containers/openvswitch
state: directory
setype: svirt_sandbox_file_t
- name: openvswitch logs readme
copy:
dest: /var/log/openvswitch/readme.txt

23
docker/services/ovn-dbs.yaml
View File

@ -139,9 +139,9 @@ outputs:
-
- /var/lib/kolla/config_files/ovn_north_db_server.json:/var/lib/kolla/config_files/config.json:ro
- /lib/modules:/lib/modules:ro
- /var/lib/openvswitch/ovn:/var/lib/openvswitch
- /var/lib/openvswitch/ovn:/run/openvswitch
- /var/log/containers/openvswitch:/var/log/openvswitch
- /var/lib/openvswitch/ovn:/var/lib/openvswitch:shared,z
- /var/lib/openvswitch/ovn:/run/openvswitch:shared,z
- /var/log/containers/openvswitch:/var/log/openvswitch:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
ovn_south_db_server:
@ -156,9 +156,9 @@ outputs:
-
- /var/lib/kolla/config_files/ovn_south_db_server.json:/var/lib/kolla/config_files/config.json:ro
- /lib/modules:/lib/modules:ro
- /var/lib/openvswitch/ovn:/var/lib/openvswitch
- /var/lib/openvswitch/ovn:/run/openvswitch
- /var/log/containers/openvswitch:/var/log/openvswitch
- /var/lib/openvswitch/ovn:/var/lib/openvswitch:shared,z
- /var/lib/openvswitch/ovn:/run/openvswitch:shared,z
- /var/log/containers/openvswitch:/var/log/openvswitch:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
configure_ovn_north_db_server:
@ -185,18 +185,19 @@ outputs:
-
- /var/lib/kolla/config_files/ovn_northd.json:/var/lib/kolla/config_files/config.json:ro
- /lib/modules:/lib/modules:ro
- /var/lib/openvswitch/ovn:/run/openvswitch
- /var/log/containers/openvswitch:/var/log/openvswitch
- /var/lib/openvswitch/ovn:/run/openvswitch:shared,z
- /var/log/containers/openvswitch:/var/log/openvswitch:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/log/containers/openvswitch
- /var/lib/openvswitch/ovn
- { 'path': /var/log/containers/openvswitch, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/openvswitch/ovn, 'setype': svirt_sandbox_file_t }
- name: openvswitch logs readme
copy:
dest: /var/log/openvswitch/readme.txt

15
docker/services/ovn-metadata.yaml
View File

@ -111,7 +111,7 @@ outputs:
config_image: {get_param: DockerNeutronConfigImage}
volumes:
- /lib/modules:/lib/modules:ro
- /run/openvswitch:/run/openvswitch
- /run/openvswitch:/run/openvswitch:shared,z
kolla_config:
/var/lib/kolla/config_files/ovn_metadata_agent.json:
command:
@ -152,8 +152,8 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, docker_puppet_apply_volumes]}
-
- /run/openvswitch:/run/openvswitch
- /var/lib/neutron:/var/lib/neutron
- /run/openvswitch:/run/openvswitch:shared,z
- /var/lib/neutron:/var/lib/neutron:shared,z
step_4:
setup_ovs_manager:
start_order: 0
@ -172,7 +172,7 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, docker_puppet_apply_volumes]}
- - /lib/modules:/lib/modules:ro
- /run/openvswitch:/run/openvswitch
- /run/openvswitch:/run/openvswitch:shared,z
ovn_metadata_agent:
start_order: 1
image: {get_param: DockerOvnMetadataImage}
@ -190,9 +190,9 @@ outputs:
- /var/lib/kolla/config_files/ovn_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run/openvswitch:/run/openvswitch
- /var/lib/neutron:/var/lib/neutron
- /run/netns:/run/netns:shared
- /run/openvswitch:/run/openvswitch:shared,z
- /var/lib/neutron:/var/lib/neutron:shared,z
- /run/netns:/run/netns:shared,z
-
if:
- docker_enabled
@ -214,6 +214,7 @@ outputs:
file:
path: /var/lib/neutron
state: directory
setype: svirt_sandbox_file_t
upgrade_tasks:
- when: step|int == 0
tags: common

9
docker/services/pacemaker/cinder-backup.yaml
View File

@ -165,7 +165,7 @@ outputs:
privileged: false
user: root
volumes:
- /var/log/containers/cinder:/var/log/cinder
- /var/log/containers/cinder:/var/log/cinder:z
command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder']
step_5:
cinder_backup_restart_bundle:
@ -221,11 +221,12 @@ outputs:
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/lib/cinder
- /var/log/containers/cinder
- { 'path': /var/lib/cinder, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t }
- name: cinder logs readme
copy:
dest: /var/log/cinder/readme.txt

9
docker/services/pacemaker/database/redis.yaml
View File

@ -263,12 +263,13 @@ outputs:
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/lib/redis
- /var/log/containers/redis
- /var/run/redis
- { 'path': /var/lib/redis, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/redis, 'setype': svirt_sandbox_file_t }
- { 'path': /var/run/redis, 'setype': svirt_sandbox_file_t }
- name: redis logs readme
copy:
dest: /var/log/redis/readme.txt

9
docker/services/pacemaker/manila-share.yaml
View File

@ -132,7 +132,7 @@ outputs:
privileged: false
user: root
volumes:
- /var/log/containers/manila:/var/log/manila
- /var/log/containers/manila:/var/log/manila:z
command: ['/bin/bash', '-c', 'chown -R manila:manila /var/log/manila']
step_5:
manila_share_restart_bundle:
@ -188,11 +188,12 @@ outputs:
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/log/containers/manila
- /var/lib/manila
- { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/manila, 'setype': svirt_sandbox_file_t }
- name: manila logs readme
copy:
dest: /var/log/manila/readme.txt

9
docker/services/pacemaker/notify-rabbitmq.yaml
View File

@ -157,7 +157,7 @@ outputs:
- /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq
- /var/lib/rabbitmq:/var/lib/rabbitmq:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- KOLLA_BOOTSTRAP=True
@ -227,11 +227,12 @@ outputs:
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/lib/rabbitmq
- /var/log/containers/rabbitmq
- { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t }
- name: rabbitmq logs readme
copy:
dest: /var/log/rabbitmq/readme.txt

7
docker/services/pacemaker/ovn-dbs.yaml
View File

@ -174,11 +174,12 @@ outputs:
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/log/containers/openvswitch
- /var/lib/openvswitch/ovn
- { 'path': /var/log/containers/openvswitch, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/openvswitch/ovn, 'setype': svirt_sandbox_file_t }
- name: openvswitch logs readme
copy:
dest: /var/log/openvswitch/readme.txt

9
docker/services/pacemaker/rabbitmq.yaml
View File

@ -156,7 +156,7 @@ outputs:
- /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq
- /var/lib/rabbitmq:/var/lib/rabbitmq:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- KOLLA_BOOTSTRAP=True
@ -226,11 +226,12 @@ outputs:
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/lib/rabbitmq
- /var/log/containers/rabbitmq
- { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t }
- name: rabbitmq logs readme
copy:
dest: /var/log/rabbitmq/readme.txt

9
docker/services/pacemaker/rpc-rabbitmq.yaml
View File

@ -157,7 +157,7 @@ outputs:
- /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq
- /var/lib/rabbitmq:/var/lib/rabbitmq:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- KOLLA_BOOTSTRAP=True
@ -229,11 +229,12 @@ outputs:
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/lib/rabbitmq
- /var/log/containers/rabbitmq
- { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t }
- name: rabbitmq logs readme
copy:
dest: /var/log/rabbitmq/readme.txt

13
docker/services/qdrouterd.yaml
View File

@ -87,7 +87,7 @@ outputs:
privileged: false
user: root
volumes:
- /var/log/containers/qdrouterd:/var/log/qdrouterd
- /var/log/containers/qdrouterd:/var/log/qdrouterd:z
command: ['/bin/bash', '-c', 'chown -R qdrouterd:qdrouterd /var/log/qdrouterd']
qdrouterd:
start_order: 1
@ -102,18 +102,19 @@ outputs:
-
- /var/lib/kolla/config_files/qdrouterd.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/qdrouterd/:/var/lib/kolla/config_files/src:ro
- /var/lib/qdrouterd:/var/lib/qdrouterd
- /var/log/containers/qdrouterd:/var/log/qdrouterd
- /var/lib/qdrouterd:/var/lib/qdrouterd:z
- /var/log/containers/qdrouterd:/var/log/qdrouterd:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory
file:
path: "{{ item }}"
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- /var/log/containers/qdrouterd
- /var/lib/qdrouterd
- { 'path': /var/log/containers/qdrouterd, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/qdrouterd, 'setype': svirt_sandbox_file_t }
- name: qrouterd logs readme
copy:
dest: /var/log/qrouterd/readme.txt