Ensure service log folder permissions

We should ensure that the service folders are 0750. We're setting
/var/log/containers but we should also ensure the service folders also
have the correct permissions.

Change-Id: I28e8017edc7e30a60288adf846da722fd6ab310e
This commit is contained in:
Alex Schultz 2019-11-04 08:48:24 -07:00
parent b851cd611b
commit f2147c9974
79 changed files with 99 additions and 99 deletions

View File

@ -221,8 +221,8 @@ outputs:
setype: "{{ item.setype }}"
state: directory
with_items:
- { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/aodh-api, setype: svirt_sandbox_file_t }
- { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/aodh-api, setype: svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/aodh, setype: svirt_sandbox_file_t }
- name: aodh logs readme
copy:

View File

@ -114,7 +114,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/aodh, 'setype': svirt_sandbox_file_t }
- name: aodh logs readme
copy:

View File

@ -114,7 +114,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/aodh, 'setype': svirt_sandbox_file_t }
- name: aodh logs readme
copy:

View File

@ -114,7 +114,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/aodh, 'setype': svirt_sandbox_file_t }
- name: aodh logs readme
copy:

View File

@ -151,7 +151,7 @@ outputs:
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/ceilometer, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/ceilometer, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/ceilometer, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- name: ceilometer logs readme
copy:
dest: /var/log/ceilometer/readme.txt

View File

@ -119,7 +119,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/ceilometer, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/ceilometer, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/ceilometer, 'setype': svirt_sandbox_file_t }
- name: ceilometer logs readme
copy:

View File

@ -137,7 +137,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/ceilometer, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/ceilometer, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/ceilometer, 'setype': svirt_sandbox_file_t }
- name: ceilometer logs readme
copy:

View File

@ -124,7 +124,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/ceilometer, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/ceilometer, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/ceilometer, 'setype': svirt_sandbox_file_t }
- name: ceilometer logs readme
copy:

View File

@ -341,8 +341,8 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/cinder-api, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/cinder-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/cinder, 'setype': svirt_sandbox_file_t }
- name: cinder logs readme
copy:

View File

@ -72,7 +72,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/cinder, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/cinder, 'setype': svirt_sandbox_file_t }
- name: cinder logs readme

View File

@ -135,7 +135,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/cinder, 'setype': svirt_sandbox_file_t }
- name: cinder logs readme
copy:

View File

@ -241,9 +241,9 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- {'path': /var/log/containers/mysql, 'setype': 'svirt_sandbox_file_t'}
- {'path': /var/log/containers/mysql, 'setype': 'svirt_sandbox_file_t', 'mode': '0750'}
- {'path': /var/lib/mysql, 'setype': 'svirt_sandbox_file_t'}
- {'path': /var/log/mariadb, 'setype': 'svirt_sandbox_file_t'}
- {'path': /var/log/mariadb, 'setype': 'svirt_sandbox_file_t', 'mode': '0750'}
- name: mysql logs readme
copy:
dest: /var/log/mariadb/readme.txt

View File

@ -301,9 +301,9 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- {'path': /var/log/containers/mysql, 'setype': 'svirt_sandbox_file_t'}
- {'path': /var/log/containers/mysql, 'setype': 'svirt_sandbox_file_t', 'mode': '0750'}
- {'path': /var/lib/mysql, 'setype': 'svirt_sandbox_file_t'}
- {'path': /var/log/mariadb, 'setype': 'svirt_sandbox_file_t'}
- {'path': /var/log/mariadb, 'setype': 'svirt_sandbox_file_t', 'mode': '0750'}
- name: mysql logs readme
copy:
dest: /var/log/mariadb/readme.txt

View File

@ -219,7 +219,7 @@ outputs:
path: "{{ item.path }}"
state: directory
with_items:
- { 'path': /var/log/containers/redis, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/redis, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/run/redis, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/redis, 'setype': svirt_sandbox_file_t }
- name: ensure /var/run/redis is present upon reboot

View File

@ -278,7 +278,7 @@ outputs:
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/lib/redis, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/redis, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/redis, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/run/redis, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/redis, 'setype': svirt_sandbox_file_t }
- name: ensure /var/run/redis is present upon reboot

View File

@ -160,7 +160,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/designate, 'setype': svirt_sandbox_file_t }
- name: designate logs readme
copy:

View File

@ -210,7 +210,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/designate, 'setype': svirt_sandbox_file_t }
- name: designate logs readme
copy:

View File

@ -177,7 +177,7 @@ outputs:
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/designate, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- name: designate logs readme
copy:
dest: /var/log/designate/readme.txt

View File

@ -134,7 +134,7 @@ outputs:
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/designate, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- name: designate logs readme
copy:
dest: /var/log/designate/readme.txt

View File

@ -126,7 +126,7 @@ outputs:
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/designate, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- name: designate logs readme
copy:
dest: /var/log/designate/readme.txt

View File

@ -227,7 +227,7 @@ outputs:
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/designate, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- name: designate logs readme
copy:
dest: /var/log/designate/readme.txt

View File

@ -37,7 +37,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/glance, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/glance, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/glance, 'setype': svirt_sandbox_file_t }
- name: glance logs readme
copy:

View File

@ -354,8 +354,8 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/gnocchi, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/gnocchi-api, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/gnocchi, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/gnocchi-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': {get_param: GnocchiFileBasePath}, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/gnocchi, 'setype': svirt_sandbox_file_t }
- name: gnocchi logs readme

View File

@ -159,7 +159,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/gnocchi, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/gnocchi, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/gnocchi, 'setype': svirt_sandbox_file_t }
- name: gnocchi logs readme
copy:

View File

@ -153,7 +153,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/gnocchi, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/gnocchi, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/gnocchi, 'setype': svirt_sandbox_file_t }
- name: gnocchi logs readme
copy:

View File

@ -372,7 +372,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/haproxy, 'setype': var_log_t }
- { 'path': /var/log/containers/haproxy, 'setype': var_log_t, 'mode': '0750' }
- { 'path': /var/lib/haproxy, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/haproxy, 'setype': svirt_sandbox_file_t }
- name: haproxy logs readme

View File

@ -300,7 +300,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/haproxy, 'setype': var_log_t }
- { 'path': /var/log/containers/haproxy, 'setype': var_log_t, 'mode': '0750' }
- { 'path': /var/lib/haproxy, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/haproxy, 'setype': svirt_sandbox_file_t }
metadata_settings:

View File

@ -319,8 +319,8 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/horizon, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/horizon, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/horizon, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/horizon, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/www, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/horizon, 'setype': svirt_sandbox_file_t }
- name: horizon logs readme

View File

@ -267,8 +267,8 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/ironic, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/ironic-api, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/ironic, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/ironic-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/ironic, 'setype': svirt_sandbox_file_t }
- name: ironic logs readme
copy:

View File

@ -554,7 +554,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/ironic, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/ironic, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/ironic, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/ironic, 'setype': svirt_sandbox_file_t }
- name: ironic logs readme

View File

@ -479,7 +479,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/ironic-inspector, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/ironic-inspector, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/ironic-inspector, 'setype': svirt_sandbox_file_t }
- name: ironic-inspector logs readme
copy:

View File

@ -154,8 +154,8 @@ outputs:
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/lib/ironic, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/ironic, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/ironic-pxe, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/ironic, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/ironic-pxe, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/ironic, 'setype': svirt_sandbox_file_t }
- name: ironic logs readme
copy:

View File

@ -149,7 +149,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/keepalived, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/keepalived, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/keepalived, 'setype': svirt_sandbox_file_t }
- name: keepalived logs readme
copy:

View File

@ -39,8 +39,8 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/barbican, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/barbican-api, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/barbican, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/barbican-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/barbican, 'setype': var_log_t }
- name: barbican logs readme
copy:

View File

@ -25,8 +25,8 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/heat, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/heat-api-cfn, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/heat, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/heat-api-cfn, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/heat, 'setype': var_log_t }
- name: heat logs readme
copy:

View File

@ -25,8 +25,8 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/heat, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/heat-api, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/heat, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/heat-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/heat, 'setype': var_log_t }
- name: heat logs readme
copy:

View File

@ -40,7 +40,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/heat, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/heat, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/heat, 'setype': var_log_t }
- name: heat logs readme
copy:

View File

@ -40,8 +40,8 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/keystone, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/keystone, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/keystone, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/keystone, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/keystone, 'setype': var_log_t }
- name: keystone logs readme
copy:

View File

@ -48,8 +48,8 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/neutron, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/neutron-api, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/neutron, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/neutron-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/neutron, 'setype': var_log_t }
- name: neutron logs readme
copy:

View File

@ -36,8 +36,8 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/neutron, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/neutron, 'setype': var_log_t }
- { 'path': /var/log/containers/neutron, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/neutron, 'setype': var_log_t, 'mode': '0750' }
- name: neutron logs readme
copy:
dest: /var/log/neutron/readme.txt

View File

@ -48,8 +48,8 @@ outputs:
setype: "{{ item.setype }}"
state: directory
with_items:
- { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/nova-api, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/nova-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/nova, 'setype': var_log_t }
- name: nova logs readme
copy:

View File

@ -68,7 +68,7 @@ outputs:
setype: "{{ item.setype }}"
state: directory
with_items:
- { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/nova, 'setype': var_log_t }
- name: nova logs readme
copy:

View File

@ -38,7 +38,7 @@ outputs:
setype: "{{ item.setype }}"
state: directory
with_items:
- { 'path': /var/log/containers/libvirt, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/libvirt, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- name: libvirt logs readme
copy:
dest: /var/log/libvirt/readme.txt

View File

@ -37,8 +37,8 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/nova-metadata, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/nova-metadata, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/nova, 'setype': var_log_t }
- name: nova logs readme
copy:

View File

@ -37,8 +37,8 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/placement, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/placement, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/placement, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/placement, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/placement, 'setype': var_log_t }
- name: Placement logs readme
copy:

View File

@ -221,6 +221,7 @@ outputs:
path: /var/log/containers/rsyslog
state: directory
setype: svirt_sandbox_file_t
mode: '0750'
- name: create persistent state directory for rsyslog
file:
path: /var/lib/rsyslog.container

View File

@ -241,8 +241,8 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/manila-api, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/manila-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/manila, 'setype': svirt_sandbox_file_t }
- name: manila logs readme
copy:

View File

@ -109,7 +109,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/manila, 'setype': svirt_sandbox_file_t }
- name: manila logs readme
copy:

View File

@ -164,7 +164,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/manila, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/manila, 'setype': svirt_sandbox_file_t }
- name: manila logs readme

View File

@ -189,7 +189,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/manila, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/manila, 'setype': svirt_sandbox_file_t }
- name: manila logs readme

View File

@ -150,7 +150,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/qdrouterd, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/qdrouterd, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/qdrouterd, 'setype': svirt_sandbox_file_t }
metadata_settings: {}
post_upgrade_tasks:

View File

@ -643,7 +643,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/collectd, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/collectd, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/collectd, 'setype': svirt_sandbox_file_t }
- name: collectd logs readme
copy:

View File

@ -297,7 +297,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/metrics-qdr, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/metrics-qdr, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/metrics-qdr, 'setype': svirt_sandbox_file_t }
- name: qrouterd logs readme
copy:

View File

@ -222,7 +222,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/mistral, 'setype': svirt_sandbox_file_t }
- name: mistral logs readme
copy:

View File

@ -138,7 +138,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/mistral, 'setype': svirt_sandbox_file_t }
- name: mistral logs readme
copy:

View File

@ -113,7 +113,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/mistral, 'setype': svirt_sandbox_file_t }
- name: mistral logs readme
copy:

View File

@ -219,7 +219,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/mistral, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/mistral, 'setype': svirt_sandbox_file_t }
- name: create mistral/.ssh directory

View File

@ -221,7 +221,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/nova, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/nova, 'setype': svirt_sandbox_file_t }
- name: nova logs readme

View File

@ -241,7 +241,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/novajoin, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/novajoin, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/novajoin, 'setype': svirt_sandbox_file_t }
- name: novajoin logs readme
copy:

View File

@ -296,8 +296,8 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/octavia-api, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/octavia-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/octavia, 'setype': svirt_sandbox_file_t }
- name: octavia logs readme
copy:

View File

@ -154,7 +154,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/octavia, 'setype': svirt_sandbox_file_t }
- name: octavia logs readme
copy:

View File

@ -153,7 +153,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/octavia, 'setype': svirt_sandbox_file_t }
- name: octavia logs readme
copy:

View File

@ -140,7 +140,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/octavia, 'setype': svirt_sandbox_file_t }
- name: octavia logs readme
copy:

View File

@ -273,7 +273,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/openvswitch, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/openvswitch, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/openvswitch, 'setype': openvswitch_log_t }
- name: openvswitch logs readme
copy:

View File

@ -207,7 +207,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/openvswitch, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/openvswitch, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/openvswitch/ovn, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/openvswitch, 'setype': openvswitch_log_t }
- name: openvswitch logs readme

View File

@ -240,7 +240,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/openvswitch, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/openvswitch, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/openvswitch/ovn, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/openvswitch, 'setype': openvswitch_log_t }
- name: openvswitch logs readme

View File

@ -139,7 +139,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/qdrouterd, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/qdrouterd, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/qdrouterd, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/qdrouterd, 'setype': svirt_sandbox_file_t }
- name: qrouterd logs readme

View File

@ -348,7 +348,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/rabbitmq, 'setype': svirt_sandbox_file_t }
- name: rabbitmq logs readme

View File

@ -293,7 +293,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/rabbitmq, 'setype': svirt_sandbox_file_t }
- name: rabbitmq logs readme

View File

@ -233,7 +233,7 @@ outputs:
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/rabbitmq, 'setype': svirt_sandbox_file_t }
- name: rabbitmq logs readme
copy:

View File

@ -233,7 +233,7 @@ outputs:
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/rabbitmq, 'setype': svirt_sandbox_file_t }
- name: rabbitmq logs readme
copy:

View File

@ -293,7 +293,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/rabbitmq, 'setype': svirt_sandbox_file_t }
- name: rabbitmq logs readme

View File

@ -241,7 +241,7 @@ outputs:
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/rabbitmq, 'setype': svirt_sandbox_file_t }
- name: rabbitmq logs readme
copy:

View File

@ -198,7 +198,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/sahara, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/sahara, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/sahara, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/sahara, 'setype': svirt_sandbox_file_t }
- name: sahara logs readme

View File

@ -127,7 +127,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/sahara, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/sahara, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/lib/sahara, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/sahara, 'setype': svirt_sandbox_file_t }
- name: sahara logs readme

View File

@ -437,7 +437,7 @@ outputs:
with_items:
- { 'path': /srv/node, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/swift, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/swift, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/swift, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
deploy_steps_tasks:
- name: Configure rsyslog for swift-proxy
when: step|int == 1

View File

@ -588,9 +588,8 @@ outputs:
with_items:
- { 'path': /srv/node, 'setype': svirt_sandbox_file_t }
- { 'path': /var/cache/swift, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/swift, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/swift, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/swift, 'setype': var_log_t }
- { 'path': /var/log/containers, 'setype': svirt_sandbox_file_t }
- name: Set swift_use_local_disks fact
set_fact:
swift_use_local_disks: {get_param: SwiftUseLocalDir}

View File

@ -59,7 +59,7 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/tempest, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/tempest, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/tempest, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/tempestdata, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/tempest, 'setype': svirt_sandbox_file_t }

View File

@ -370,8 +370,8 @@ outputs:
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/zaqar, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/httpd/zaqar, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/zaqar, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/containers/httpd/zaqar, 'setype': svirt_sandbox_file_t, 'mode': '0750' }
- { 'path': /var/log/zaqar, 'setype': svirt_sandbox_file_t }
- name: zaqar logs readme
copy: