Allow to run docker-puppet.py with SELinux enabled

In docker-puppet.py script we try to relable
/usr/share/openstack-puppet/modules by adding ":z" suffix
in the end.

Unfortunatelly this operation is not allowed in docker with
enabled SELinux. Docker's error message is:

Error response from daemon: error setting label on mount source
'/usr/share/openstack-puppet/modules': SELinux relabeling of
/usr/share/openstack-puppet/modules is not allowed:
"Relabeling content in /usr is not allowed.".

It leads to the fact that during the configuration the jobs fails
with "Permission denied - /usr/share/openstack-puppet/modules"

There is no need to relable that folder since it's read-only.
After removing ":z" it is possible to deploy the overcloud with
enabled SELinux.

Closes-Bug: #1807680

Change-Id: I11c7c5e9594fe0cdb2a114f81033651e411c9e3c

docker/docker-puppet.py

@@ -64,7 +64,7 @@ if not os.path.exists(config_volume_prefix):
     os.makedirs(config_volume_prefix)
 
 if container_cli == 'docker':
-    cli_dcmd = ['--volume', '/usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro,z']
+    cli_dcmd = ['--volume', '/usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro']
     env = {}
     # FIXME: add log=log once we have paunch 4.0.1 in Pypi and promoted in RDO
     RUNNER = containers_runner.DockerRunner(
@@ -88,11 +88,7 @@ else:
 # puppet modules but our containers now also include puppet-tripleo so we
 # could use either
 if os.environ.get('MOUNT_HOST_PUPPET', 'true') == 'true':
-    if container_cli == 'docker':
+    cli_dcmd.extend(['--volume', '/usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro'])
-        cli_dcmd.extend(['--volume', '/usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro,z'])
-    elif container_cli == 'podman':
-        cli_dcmd.extend(['--volume', '/usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro'])
-
 
 # this is to match what we do in deployed-server
 def short_hostname():