From f2147c9974c5e4d9fec91e87a2a42a7c0b8c9d5d Mon Sep 17 00:00:00 2001 From: Alex Schultz Date: Mon, 4 Nov 2019 08:48:24 -0700 Subject: [PATCH] Ensure service log folder permissions We should ensure that the service folders are 0750. We're setting /var/log/containers but we should also ensure the service folders also have the correct permissions. Change-Id: I28e8017edc7e30a60288adf846da722fd6ab310e --- deployment/aodh/aodh-api-container-puppet.yaml | 4 ++-- deployment/aodh/aodh-evaluator-container-puppet.yaml | 2 +- deployment/aodh/aodh-listener-container-puppet.yaml | 2 +- deployment/aodh/aodh-notifier-container-puppet.yaml | 2 +- .../ceilometer/ceilometer-agent-central-container-puppet.yaml | 2 +- .../ceilometer/ceilometer-agent-compute-container-puppet.yaml | 2 +- .../ceilometer/ceilometer-agent-ipmi-container-puppet.yaml | 2 +- .../ceilometer-agent-notification-container-puppet.yaml | 2 +- deployment/cinder/cinder-api-container-puppet.yaml | 4 ++-- deployment/cinder/cinder-common-container-puppet.yaml | 2 +- deployment/cinder/cinder-scheduler-container-puppet.yaml | 2 +- deployment/database/mysql-container-puppet.yaml | 4 ++-- deployment/database/mysql-pacemaker-puppet.yaml | 4 ++-- deployment/database/redis-container-puppet.yaml | 2 +- deployment/database/redis-pacemaker-puppet.yaml | 2 +- .../designate/designate-api-container-puppet.yaml | 2 +- .../designate/designate-central-container-puppet.yaml | 2 +- .../designate/designate-mdns-container-puppet.yaml | 2 +- .../designate/designate-producer-container-puppet.yaml | 2 +- .../designate/designate-sink-container-puppet.yaml | 2 +- .../designate/designate-worker-container-puppet.yaml | 2 +- deployment/glance/glance-api-logging-file-container.yaml | 2 +- deployment/gnocchi/gnocchi-api-container-puppet.yaml | 4 ++-- deployment/gnocchi/gnocchi-metricd-container-puppet.yaml | 2 +- deployment/gnocchi/gnocchi-statsd-container-puppet.yaml | 2 +- deployment/haproxy/haproxy-container-puppet.yaml | 2 +- deployment/haproxy/haproxy-pacemaker-puppet.yaml | 2 +- deployment/horizon/horizon-container-puppet.yaml | 4 ++-- deployment/ironic/ironic-api-container-puppet.yaml | 4 ++-- deployment/ironic/ironic-conductor-container-puppet.yaml | 2 +- deployment/ironic/ironic-inspector-container-puppet.yaml | 2 +- deployment/ironic/ironic-pxe-container-puppet.yaml | 4 ++-- deployment/keepalived/keepalived-container-puppet.yaml | 2 +- deployment/logging/files/barbican-api.yaml | 4 ++-- deployment/logging/files/heat-api-cfn.yaml | 4 ++-- deployment/logging/files/heat-api.yaml | 4 ++-- deployment/logging/files/heat-engine.yaml | 2 +- deployment/logging/files/keystone.yaml | 4 ++-- deployment/logging/files/neutron-api.yaml | 4 ++-- deployment/logging/files/neutron-common.yaml | 4 ++-- deployment/logging/files/nova-api.yaml | 4 ++-- deployment/logging/files/nova-common.yaml | 2 +- deployment/logging/files/nova-libvirt.yaml | 2 +- deployment/logging/files/nova-metadata.yaml | 4 ++-- deployment/logging/files/placement-api.yaml | 4 ++-- deployment/logging/rsyslog-container-puppet.yaml | 1 + deployment/manila/manila-api-container-puppet.yaml | 4 ++-- deployment/manila/manila-scheduler-container-puppet.yaml | 2 +- deployment/manila/manila-share-container-puppet.yaml | 2 +- deployment/manila/manila-share-pacemaker-puppet.yaml | 2 +- deployment/messaging/rpc-qdrouterd-container-puppet.yaml | 2 +- deployment/metrics/collectd-container-puppet.yaml | 2 +- deployment/metrics/qdr-container-puppet.yaml | 2 +- deployment/mistral/mistral-api-container-puppet.yaml | 2 +- deployment/mistral/mistral-engine-container-puppet.yaml | 2 +- deployment/mistral/mistral-event-engine-container-puppet.yaml | 2 +- deployment/mistral/mistral-executor-container-puppet.yaml | 2 +- deployment/nova/nova-ironic-container-puppet.yaml | 2 +- deployment/nova/novajoin-container-puppet.yaml | 2 +- deployment/octavia/octavia-api-container-puppet.yaml | 4 ++-- .../octavia/octavia-health-manager-container-puppet.yaml | 2 +- deployment/octavia/octavia-housekeeping-container-puppet.yaml | 2 +- deployment/octavia/octavia-worker-container-puppet.yaml | 2 +- deployment/ovn/ovn-controller-container-puppet.yaml | 2 +- deployment/ovn/ovn-dbs-container-puppet.yaml | 2 +- deployment/ovn/ovn-dbs-pacemaker-puppet.yaml | 2 +- deployment/qdr/qdrouterd-container-puppet.yaml | 2 +- deployment/rabbitmq/rabbitmq-container-puppet.yaml | 2 +- .../rabbitmq/rabbitmq-messaging-notify-container-puppet.yaml | 2 +- .../rabbitmq/rabbitmq-messaging-notify-pacemaker-puppet.yaml | 2 +- deployment/rabbitmq/rabbitmq-messaging-pacemaker-puppet.yaml | 2 +- .../rabbitmq/rabbitmq-messaging-rpc-container-puppet.yaml | 2 +- .../rabbitmq/rabbitmq-messaging-rpc-pacemaker-puppet.yaml | 2 +- deployment/sahara/sahara-api-container-puppet.yaml | 2 +- deployment/sahara/sahara-engine-container-puppet.yaml | 2 +- deployment/swift/swift-proxy-container-puppet.yaml | 2 +- deployment/swift/swift-storage-container-puppet.yaml | 3 +-- deployment/undercloud/tempest-container-puppet.yaml | 2 +- deployment/zaqar/zaqar-container-puppet.yaml | 4 ++-- 79 files changed, 99 insertions(+), 99 deletions(-) diff --git a/deployment/aodh/aodh-api-container-puppet.yaml b/deployment/aodh/aodh-api-container-puppet.yaml index e24795132c..aadab529bb 100644 --- a/deployment/aodh/aodh-api-container-puppet.yaml +++ b/deployment/aodh/aodh-api-container-puppet.yaml @@ -221,8 +221,8 @@ outputs: setype: "{{ item.setype }}" state: directory with_items: - - { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/httpd/aodh-api, setype: svirt_sandbox_file_t } + - { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t, 'mode': '0750' } + - { 'path': /var/log/containers/httpd/aodh-api, setype: svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/aodh, setype: svirt_sandbox_file_t } - name: aodh logs readme copy: diff --git a/deployment/aodh/aodh-evaluator-container-puppet.yaml b/deployment/aodh/aodh-evaluator-container-puppet.yaml index db12e0289b..87e16d2a3e 100644 --- a/deployment/aodh/aodh-evaluator-container-puppet.yaml +++ b/deployment/aodh/aodh-evaluator-container-puppet.yaml @@ -114,7 +114,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/aodh, 'setype': svirt_sandbox_file_t } - name: aodh logs readme copy: diff --git a/deployment/aodh/aodh-listener-container-puppet.yaml b/deployment/aodh/aodh-listener-container-puppet.yaml index 981707b533..35ef262d64 100644 --- a/deployment/aodh/aodh-listener-container-puppet.yaml +++ b/deployment/aodh/aodh-listener-container-puppet.yaml @@ -114,7 +114,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/aodh, 'setype': svirt_sandbox_file_t } - name: aodh logs readme copy: diff --git a/deployment/aodh/aodh-notifier-container-puppet.yaml b/deployment/aodh/aodh-notifier-container-puppet.yaml index a3b42d8eec..11ce25ab9a 100644 --- a/deployment/aodh/aodh-notifier-container-puppet.yaml +++ b/deployment/aodh/aodh-notifier-container-puppet.yaml @@ -114,7 +114,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/aodh, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/aodh, 'setype': svirt_sandbox_file_t } - name: aodh logs readme copy: diff --git a/deployment/ceilometer/ceilometer-agent-central-container-puppet.yaml b/deployment/ceilometer/ceilometer-agent-central-container-puppet.yaml index bd92d63dbc..cb24299f4c 100644 --- a/deployment/ceilometer/ceilometer-agent-central-container-puppet.yaml +++ b/deployment/ceilometer/ceilometer-agent-central-container-puppet.yaml @@ -151,7 +151,7 @@ outputs: setype: "{{ item.setype }}" with_items: - { 'path': /var/log/ceilometer, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/ceilometer, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/ceilometer, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - name: ceilometer logs readme copy: dest: /var/log/ceilometer/readme.txt diff --git a/deployment/ceilometer/ceilometer-agent-compute-container-puppet.yaml b/deployment/ceilometer/ceilometer-agent-compute-container-puppet.yaml index b606ecfa06..bcbdf38685 100644 --- a/deployment/ceilometer/ceilometer-agent-compute-container-puppet.yaml +++ b/deployment/ceilometer/ceilometer-agent-compute-container-puppet.yaml @@ -119,7 +119,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/ceilometer, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/ceilometer, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/ceilometer, 'setype': svirt_sandbox_file_t } - name: ceilometer logs readme copy: diff --git a/deployment/ceilometer/ceilometer-agent-ipmi-container-puppet.yaml b/deployment/ceilometer/ceilometer-agent-ipmi-container-puppet.yaml index 4443e44d52..6134328bf3 100644 --- a/deployment/ceilometer/ceilometer-agent-ipmi-container-puppet.yaml +++ b/deployment/ceilometer/ceilometer-agent-ipmi-container-puppet.yaml @@ -137,7 +137,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/ceilometer, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/ceilometer, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/ceilometer, 'setype': svirt_sandbox_file_t } - name: ceilometer logs readme copy: diff --git a/deployment/ceilometer/ceilometer-agent-notification-container-puppet.yaml b/deployment/ceilometer/ceilometer-agent-notification-container-puppet.yaml index 2d20330b3e..2d7be0767d 100644 --- a/deployment/ceilometer/ceilometer-agent-notification-container-puppet.yaml +++ b/deployment/ceilometer/ceilometer-agent-notification-container-puppet.yaml @@ -124,7 +124,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/ceilometer, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/ceilometer, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/ceilometer, 'setype': svirt_sandbox_file_t } - name: ceilometer logs readme copy: diff --git a/deployment/cinder/cinder-api-container-puppet.yaml b/deployment/cinder/cinder-api-container-puppet.yaml index 438498490b..90b15b0459 100644 --- a/deployment/cinder/cinder-api-container-puppet.yaml +++ b/deployment/cinder/cinder-api-container-puppet.yaml @@ -341,8 +341,8 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/httpd/cinder-api, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t, 'mode': '0750' } + - { 'path': /var/log/containers/httpd/cinder-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/cinder, 'setype': svirt_sandbox_file_t } - name: cinder logs readme copy: diff --git a/deployment/cinder/cinder-common-container-puppet.yaml b/deployment/cinder/cinder-common-container-puppet.yaml index 58d4dc7cd0..2a269a0085 100644 --- a/deployment/cinder/cinder-common-container-puppet.yaml +++ b/deployment/cinder/cinder-common-container-puppet.yaml @@ -72,7 +72,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/lib/cinder, 'setype': svirt_sandbox_file_t } - { 'path': /var/log/cinder, 'setype': svirt_sandbox_file_t } - name: cinder logs readme diff --git a/deployment/cinder/cinder-scheduler-container-puppet.yaml b/deployment/cinder/cinder-scheduler-container-puppet.yaml index daa78aa5a6..5a0e311fcf 100644 --- a/deployment/cinder/cinder-scheduler-container-puppet.yaml +++ b/deployment/cinder/cinder-scheduler-container-puppet.yaml @@ -135,7 +135,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/cinder, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/cinder, 'setype': svirt_sandbox_file_t } - name: cinder logs readme copy: diff --git a/deployment/database/mysql-container-puppet.yaml b/deployment/database/mysql-container-puppet.yaml index 228000088b..f060639b7a 100644 --- a/deployment/database/mysql-container-puppet.yaml +++ b/deployment/database/mysql-container-puppet.yaml @@ -241,9 +241,9 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - {'path': /var/log/containers/mysql, 'setype': 'svirt_sandbox_file_t'} + - {'path': /var/log/containers/mysql, 'setype': 'svirt_sandbox_file_t', 'mode': '0750'} - {'path': /var/lib/mysql, 'setype': 'svirt_sandbox_file_t'} - - {'path': /var/log/mariadb, 'setype': 'svirt_sandbox_file_t'} + - {'path': /var/log/mariadb, 'setype': 'svirt_sandbox_file_t', 'mode': '0750'} - name: mysql logs readme copy: dest: /var/log/mariadb/readme.txt diff --git a/deployment/database/mysql-pacemaker-puppet.yaml b/deployment/database/mysql-pacemaker-puppet.yaml index 059449fda6..f97eba5751 100644 --- a/deployment/database/mysql-pacemaker-puppet.yaml +++ b/deployment/database/mysql-pacemaker-puppet.yaml @@ -301,9 +301,9 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - {'path': /var/log/containers/mysql, 'setype': 'svirt_sandbox_file_t'} + - {'path': /var/log/containers/mysql, 'setype': 'svirt_sandbox_file_t', 'mode': '0750'} - {'path': /var/lib/mysql, 'setype': 'svirt_sandbox_file_t'} - - {'path': /var/log/mariadb, 'setype': 'svirt_sandbox_file_t'} + - {'path': /var/log/mariadb, 'setype': 'svirt_sandbox_file_t', 'mode': '0750'} - name: mysql logs readme copy: dest: /var/log/mariadb/readme.txt diff --git a/deployment/database/redis-container-puppet.yaml b/deployment/database/redis-container-puppet.yaml index 6a6e97632e..d286d0c428 100644 --- a/deployment/database/redis-container-puppet.yaml +++ b/deployment/database/redis-container-puppet.yaml @@ -219,7 +219,7 @@ outputs: path: "{{ item.path }}" state: directory with_items: - - { 'path': /var/log/containers/redis, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/redis, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/run/redis, 'setype': svirt_sandbox_file_t } - { 'path': /var/log/redis, 'setype': svirt_sandbox_file_t } - name: ensure /var/run/redis is present upon reboot diff --git a/deployment/database/redis-pacemaker-puppet.yaml b/deployment/database/redis-pacemaker-puppet.yaml index d30aa921a3..4d44d750e9 100644 --- a/deployment/database/redis-pacemaker-puppet.yaml +++ b/deployment/database/redis-pacemaker-puppet.yaml @@ -278,7 +278,7 @@ outputs: setype: "{{ item.setype }}" with_items: - { 'path': /var/lib/redis, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/redis, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/redis, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/run/redis, 'setype': svirt_sandbox_file_t } - { 'path': /var/log/redis, 'setype': svirt_sandbox_file_t } - name: ensure /var/run/redis is present upon reboot diff --git a/deployment/experimental/designate/designate-api-container-puppet.yaml b/deployment/experimental/designate/designate-api-container-puppet.yaml index a140103565..9523fa3eb1 100644 --- a/deployment/experimental/designate/designate-api-container-puppet.yaml +++ b/deployment/experimental/designate/designate-api-container-puppet.yaml @@ -160,7 +160,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/designate, 'setype': svirt_sandbox_file_t } - name: designate logs readme copy: diff --git a/deployment/experimental/designate/designate-central-container-puppet.yaml b/deployment/experimental/designate/designate-central-container-puppet.yaml index b59464b76c..bbce0590de 100644 --- a/deployment/experimental/designate/designate-central-container-puppet.yaml +++ b/deployment/experimental/designate/designate-central-container-puppet.yaml @@ -210,7 +210,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/designate, 'setype': svirt_sandbox_file_t } - name: designate logs readme copy: diff --git a/deployment/experimental/designate/designate-mdns-container-puppet.yaml b/deployment/experimental/designate/designate-mdns-container-puppet.yaml index ae915c3949..fcb8f95bb5 100644 --- a/deployment/experimental/designate/designate-mdns-container-puppet.yaml +++ b/deployment/experimental/designate/designate-mdns-container-puppet.yaml @@ -177,7 +177,7 @@ outputs: setype: "{{ item.setype }}" with_items: - { 'path': /var/log/designate, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - name: designate logs readme copy: dest: /var/log/designate/readme.txt diff --git a/deployment/experimental/designate/designate-producer-container-puppet.yaml b/deployment/experimental/designate/designate-producer-container-puppet.yaml index 1dcdddf49b..52de2c51e0 100644 --- a/deployment/experimental/designate/designate-producer-container-puppet.yaml +++ b/deployment/experimental/designate/designate-producer-container-puppet.yaml @@ -134,7 +134,7 @@ outputs: setype: "{{ item.setype }}" with_items: - { 'path': /var/log/designate, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - name: designate logs readme copy: dest: /var/log/designate/readme.txt diff --git a/deployment/experimental/designate/designate-sink-container-puppet.yaml b/deployment/experimental/designate/designate-sink-container-puppet.yaml index 5b2474889d..66bc08986c 100644 --- a/deployment/experimental/designate/designate-sink-container-puppet.yaml +++ b/deployment/experimental/designate/designate-sink-container-puppet.yaml @@ -126,7 +126,7 @@ outputs: setype: "{{ item.setype }}" with_items: - { 'path': /var/log/designate, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - name: designate logs readme copy: dest: /var/log/designate/readme.txt diff --git a/deployment/experimental/designate/designate-worker-container-puppet.yaml b/deployment/experimental/designate/designate-worker-container-puppet.yaml index 976d99fe71..56dba945c9 100644 --- a/deployment/experimental/designate/designate-worker-container-puppet.yaml +++ b/deployment/experimental/designate/designate-worker-container-puppet.yaml @@ -227,7 +227,7 @@ outputs: setype: "{{ item.setype }}" with_items: - { 'path': /var/log/designate, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/designate, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - name: designate logs readme copy: dest: /var/log/designate/readme.txt diff --git a/deployment/glance/glance-api-logging-file-container.yaml b/deployment/glance/glance-api-logging-file-container.yaml index 6ec35db447..02c92071f4 100644 --- a/deployment/glance/glance-api-logging-file-container.yaml +++ b/deployment/glance/glance-api-logging-file-container.yaml @@ -37,7 +37,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/glance, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/glance, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/glance, 'setype': svirt_sandbox_file_t } - name: glance logs readme copy: diff --git a/deployment/gnocchi/gnocchi-api-container-puppet.yaml b/deployment/gnocchi/gnocchi-api-container-puppet.yaml index e0f93b1a2b..46e80a0336 100644 --- a/deployment/gnocchi/gnocchi-api-container-puppet.yaml +++ b/deployment/gnocchi/gnocchi-api-container-puppet.yaml @@ -354,8 +354,8 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/gnocchi, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/httpd/gnocchi-api, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/gnocchi, 'setype': svirt_sandbox_file_t, 'mode': '0750' } + - { 'path': /var/log/containers/httpd/gnocchi-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': {get_param: GnocchiFileBasePath}, 'setype': svirt_sandbox_file_t } - { 'path': /var/log/gnocchi, 'setype': svirt_sandbox_file_t } - name: gnocchi logs readme diff --git a/deployment/gnocchi/gnocchi-metricd-container-puppet.yaml b/deployment/gnocchi/gnocchi-metricd-container-puppet.yaml index 1d97051259..0ea9e1906d 100644 --- a/deployment/gnocchi/gnocchi-metricd-container-puppet.yaml +++ b/deployment/gnocchi/gnocchi-metricd-container-puppet.yaml @@ -159,7 +159,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/gnocchi, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/gnocchi, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/gnocchi, 'setype': svirt_sandbox_file_t } - name: gnocchi logs readme copy: diff --git a/deployment/gnocchi/gnocchi-statsd-container-puppet.yaml b/deployment/gnocchi/gnocchi-statsd-container-puppet.yaml index d8c217d32a..16642257a6 100644 --- a/deployment/gnocchi/gnocchi-statsd-container-puppet.yaml +++ b/deployment/gnocchi/gnocchi-statsd-container-puppet.yaml @@ -153,7 +153,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/gnocchi, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/gnocchi, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/gnocchi, 'setype': svirt_sandbox_file_t } - name: gnocchi logs readme copy: diff --git a/deployment/haproxy/haproxy-container-puppet.yaml b/deployment/haproxy/haproxy-container-puppet.yaml index c81ba031b8..a623b32eab 100644 --- a/deployment/haproxy/haproxy-container-puppet.yaml +++ b/deployment/haproxy/haproxy-container-puppet.yaml @@ -372,7 +372,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/haproxy, 'setype': var_log_t } + - { 'path': /var/log/containers/haproxy, 'setype': var_log_t, 'mode': '0750' } - { 'path': /var/lib/haproxy, 'setype': svirt_sandbox_file_t } - { 'path': /var/log/haproxy, 'setype': svirt_sandbox_file_t } - name: haproxy logs readme diff --git a/deployment/haproxy/haproxy-pacemaker-puppet.yaml b/deployment/haproxy/haproxy-pacemaker-puppet.yaml index 9a46eca54a..db833c4699 100644 --- a/deployment/haproxy/haproxy-pacemaker-puppet.yaml +++ b/deployment/haproxy/haproxy-pacemaker-puppet.yaml @@ -300,7 +300,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/haproxy, 'setype': var_log_t } + - { 'path': /var/log/containers/haproxy, 'setype': var_log_t, 'mode': '0750' } - { 'path': /var/lib/haproxy, 'setype': svirt_sandbox_file_t } - { 'path': /var/log/haproxy, 'setype': svirt_sandbox_file_t } metadata_settings: diff --git a/deployment/horizon/horizon-container-puppet.yaml b/deployment/horizon/horizon-container-puppet.yaml index 705b14d268..c64dfdb339 100644 --- a/deployment/horizon/horizon-container-puppet.yaml +++ b/deployment/horizon/horizon-container-puppet.yaml @@ -319,8 +319,8 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/horizon, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/httpd/horizon, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/horizon, 'setype': svirt_sandbox_file_t, 'mode': '0750' } + - { 'path': /var/log/containers/httpd/horizon, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/www, 'setype': svirt_sandbox_file_t } - { 'path': /var/log/horizon, 'setype': svirt_sandbox_file_t } - name: horizon logs readme diff --git a/deployment/ironic/ironic-api-container-puppet.yaml b/deployment/ironic/ironic-api-container-puppet.yaml index 4adecfdd67..904a00c7e1 100644 --- a/deployment/ironic/ironic-api-container-puppet.yaml +++ b/deployment/ironic/ironic-api-container-puppet.yaml @@ -267,8 +267,8 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/ironic, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/httpd/ironic-api, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/ironic, 'setype': svirt_sandbox_file_t, 'mode': '0750' } + - { 'path': /var/log/containers/httpd/ironic-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/ironic, 'setype': svirt_sandbox_file_t } - name: ironic logs readme copy: diff --git a/deployment/ironic/ironic-conductor-container-puppet.yaml b/deployment/ironic/ironic-conductor-container-puppet.yaml index ea4fd10534..bd24962b77 100644 --- a/deployment/ironic/ironic-conductor-container-puppet.yaml +++ b/deployment/ironic/ironic-conductor-container-puppet.yaml @@ -554,7 +554,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/ironic, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/ironic, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/lib/ironic, 'setype': svirt_sandbox_file_t } - { 'path': /var/log/ironic, 'setype': svirt_sandbox_file_t } - name: ironic logs readme diff --git a/deployment/ironic/ironic-inspector-container-puppet.yaml b/deployment/ironic/ironic-inspector-container-puppet.yaml index 6745a327e1..263f1615f3 100644 --- a/deployment/ironic/ironic-inspector-container-puppet.yaml +++ b/deployment/ironic/ironic-inspector-container-puppet.yaml @@ -479,7 +479,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/ironic-inspector, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/ironic-inspector, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/ironic-inspector, 'setype': svirt_sandbox_file_t } - name: ironic-inspector logs readme copy: diff --git a/deployment/ironic/ironic-pxe-container-puppet.yaml b/deployment/ironic/ironic-pxe-container-puppet.yaml index 0d1ad896e8..5b9f88d82c 100644 --- a/deployment/ironic/ironic-pxe-container-puppet.yaml +++ b/deployment/ironic/ironic-pxe-container-puppet.yaml @@ -154,8 +154,8 @@ outputs: setype: "{{ item.setype }}" with_items: - { 'path': /var/lib/ironic, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/ironic, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/httpd/ironic-pxe, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/ironic, 'setype': svirt_sandbox_file_t, 'mode': '0750' } + - { 'path': /var/log/containers/httpd/ironic-pxe, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/ironic, 'setype': svirt_sandbox_file_t } - name: ironic logs readme copy: diff --git a/deployment/keepalived/keepalived-container-puppet.yaml b/deployment/keepalived/keepalived-container-puppet.yaml index 22ce5081c8..8477bda53b 100644 --- a/deployment/keepalived/keepalived-container-puppet.yaml +++ b/deployment/keepalived/keepalived-container-puppet.yaml @@ -149,7 +149,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/keepalived, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/keepalived, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/keepalived, 'setype': svirt_sandbox_file_t } - name: keepalived logs readme copy: diff --git a/deployment/logging/files/barbican-api.yaml b/deployment/logging/files/barbican-api.yaml index 55cb3b91ff..581173a1a0 100644 --- a/deployment/logging/files/barbican-api.yaml +++ b/deployment/logging/files/barbican-api.yaml @@ -39,8 +39,8 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/barbican, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/httpd/barbican-api, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/barbican, 'setype': svirt_sandbox_file_t, 'mode': '0750' } + - { 'path': /var/log/containers/httpd/barbican-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/barbican, 'setype': var_log_t } - name: barbican logs readme copy: diff --git a/deployment/logging/files/heat-api-cfn.yaml b/deployment/logging/files/heat-api-cfn.yaml index 010f751617..55cbd83f90 100644 --- a/deployment/logging/files/heat-api-cfn.yaml +++ b/deployment/logging/files/heat-api-cfn.yaml @@ -25,8 +25,8 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/heat, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/httpd/heat-api-cfn, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/heat, 'setype': svirt_sandbox_file_t, 'mode': '0750' } + - { 'path': /var/log/containers/httpd/heat-api-cfn, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/heat, 'setype': var_log_t } - name: heat logs readme copy: diff --git a/deployment/logging/files/heat-api.yaml b/deployment/logging/files/heat-api.yaml index 463b862fff..eb8743de90 100644 --- a/deployment/logging/files/heat-api.yaml +++ b/deployment/logging/files/heat-api.yaml @@ -25,8 +25,8 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/heat, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/httpd/heat-api, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/heat, 'setype': svirt_sandbox_file_t, 'mode': '0750' } + - { 'path': /var/log/containers/httpd/heat-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/heat, 'setype': var_log_t } - name: heat logs readme copy: diff --git a/deployment/logging/files/heat-engine.yaml b/deployment/logging/files/heat-engine.yaml index 980ae8cdbd..341730c56f 100644 --- a/deployment/logging/files/heat-engine.yaml +++ b/deployment/logging/files/heat-engine.yaml @@ -40,7 +40,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/heat, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/heat, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/heat, 'setype': var_log_t } - name: heat logs readme copy: diff --git a/deployment/logging/files/keystone.yaml b/deployment/logging/files/keystone.yaml index 3c43f9a98f..576ab36453 100644 --- a/deployment/logging/files/keystone.yaml +++ b/deployment/logging/files/keystone.yaml @@ -40,8 +40,8 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/keystone, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/httpd/keystone, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/keystone, 'setype': svirt_sandbox_file_t, 'mode': '0750' } + - { 'path': /var/log/containers/httpd/keystone, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/keystone, 'setype': var_log_t } - name: keystone logs readme copy: diff --git a/deployment/logging/files/neutron-api.yaml b/deployment/logging/files/neutron-api.yaml index a2331e26bf..598677f219 100644 --- a/deployment/logging/files/neutron-api.yaml +++ b/deployment/logging/files/neutron-api.yaml @@ -48,8 +48,8 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/neutron, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/httpd/neutron-api, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/neutron, 'setype': svirt_sandbox_file_t, 'mode': '0750' } + - { 'path': /var/log/containers/httpd/neutron-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/neutron, 'setype': var_log_t } - name: neutron logs readme copy: diff --git a/deployment/logging/files/neutron-common.yaml b/deployment/logging/files/neutron-common.yaml index b38b90299d..ac23705684 100644 --- a/deployment/logging/files/neutron-common.yaml +++ b/deployment/logging/files/neutron-common.yaml @@ -36,8 +36,8 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/neutron, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/neutron, 'setype': var_log_t } + - { 'path': /var/log/containers/neutron, 'setype': svirt_sandbox_file_t, 'mode': '0750' } + - { 'path': /var/log/neutron, 'setype': var_log_t, 'mode': '0750' } - name: neutron logs readme copy: dest: /var/log/neutron/readme.txt diff --git a/deployment/logging/files/nova-api.yaml b/deployment/logging/files/nova-api.yaml index a0f1e151c1..895f30ec94 100644 --- a/deployment/logging/files/nova-api.yaml +++ b/deployment/logging/files/nova-api.yaml @@ -48,8 +48,8 @@ outputs: setype: "{{ item.setype }}" state: directory with_items: - - { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/httpd/nova-api, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t, 'mode': '0750' } + - { 'path': /var/log/containers/httpd/nova-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/nova, 'setype': var_log_t } - name: nova logs readme copy: diff --git a/deployment/logging/files/nova-common.yaml b/deployment/logging/files/nova-common.yaml index 593521e943..76eebca34d 100644 --- a/deployment/logging/files/nova-common.yaml +++ b/deployment/logging/files/nova-common.yaml @@ -68,7 +68,7 @@ outputs: setype: "{{ item.setype }}" state: directory with_items: - - { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/nova, 'setype': var_log_t } - name: nova logs readme copy: diff --git a/deployment/logging/files/nova-libvirt.yaml b/deployment/logging/files/nova-libvirt.yaml index 48110a744b..0922fc01d9 100644 --- a/deployment/logging/files/nova-libvirt.yaml +++ b/deployment/logging/files/nova-libvirt.yaml @@ -38,7 +38,7 @@ outputs: setype: "{{ item.setype }}" state: directory with_items: - - { 'path': /var/log/containers/libvirt, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/libvirt, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - name: libvirt logs readme copy: dest: /var/log/libvirt/readme.txt diff --git a/deployment/logging/files/nova-metadata.yaml b/deployment/logging/files/nova-metadata.yaml index 27577881b6..0b06934072 100644 --- a/deployment/logging/files/nova-metadata.yaml +++ b/deployment/logging/files/nova-metadata.yaml @@ -37,8 +37,8 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/httpd/nova-metadata, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t, 'mode': '0750' } + - { 'path': /var/log/containers/httpd/nova-metadata, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/nova, 'setype': var_log_t } - name: nova logs readme copy: diff --git a/deployment/logging/files/placement-api.yaml b/deployment/logging/files/placement-api.yaml index 557adc885e..8a49d4f247 100644 --- a/deployment/logging/files/placement-api.yaml +++ b/deployment/logging/files/placement-api.yaml @@ -37,8 +37,8 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/placement, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/httpd/placement, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/placement, 'setype': svirt_sandbox_file_t, 'mode': '0750' } + - { 'path': /var/log/containers/httpd/placement, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/placement, 'setype': var_log_t } - name: Placement logs readme copy: diff --git a/deployment/logging/rsyslog-container-puppet.yaml b/deployment/logging/rsyslog-container-puppet.yaml index 8bf5b5df3f..30bcda4d5c 100644 --- a/deployment/logging/rsyslog-container-puppet.yaml +++ b/deployment/logging/rsyslog-container-puppet.yaml @@ -221,6 +221,7 @@ outputs: path: /var/log/containers/rsyslog state: directory setype: svirt_sandbox_file_t + mode: '0750' - name: create persistent state directory for rsyslog file: path: /var/lib/rsyslog.container diff --git a/deployment/manila/manila-api-container-puppet.yaml b/deployment/manila/manila-api-container-puppet.yaml index 297a1a6985..5fe10a82f6 100644 --- a/deployment/manila/manila-api-container-puppet.yaml +++ b/deployment/manila/manila-api-container-puppet.yaml @@ -241,8 +241,8 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/httpd/manila-api, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t, 'mode': '0750' } + - { 'path': /var/log/containers/httpd/manila-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/manila, 'setype': svirt_sandbox_file_t } - name: manila logs readme copy: diff --git a/deployment/manila/manila-scheduler-container-puppet.yaml b/deployment/manila/manila-scheduler-container-puppet.yaml index 08e4a495b7..c220c94b95 100644 --- a/deployment/manila/manila-scheduler-container-puppet.yaml +++ b/deployment/manila/manila-scheduler-container-puppet.yaml @@ -109,7 +109,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/manila, 'setype': svirt_sandbox_file_t } - name: manila logs readme copy: diff --git a/deployment/manila/manila-share-container-puppet.yaml b/deployment/manila/manila-share-container-puppet.yaml index fc3bcf9e96..58155e4bd3 100644 --- a/deployment/manila/manila-share-container-puppet.yaml +++ b/deployment/manila/manila-share-container-puppet.yaml @@ -164,7 +164,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/lib/manila, 'setype': svirt_sandbox_file_t } - { 'path': /var/log/manila, 'setype': svirt_sandbox_file_t } - name: manila logs readme diff --git a/deployment/manila/manila-share-pacemaker-puppet.yaml b/deployment/manila/manila-share-pacemaker-puppet.yaml index 2206cd9840..b4778e9c7c 100644 --- a/deployment/manila/manila-share-pacemaker-puppet.yaml +++ b/deployment/manila/manila-share-pacemaker-puppet.yaml @@ -189,7 +189,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/manila, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/lib/manila, 'setype': svirt_sandbox_file_t } - { 'path': /var/log/manila, 'setype': svirt_sandbox_file_t } - name: manila logs readme diff --git a/deployment/messaging/rpc-qdrouterd-container-puppet.yaml b/deployment/messaging/rpc-qdrouterd-container-puppet.yaml index 4473274e6f..d0c6800455 100644 --- a/deployment/messaging/rpc-qdrouterd-container-puppet.yaml +++ b/deployment/messaging/rpc-qdrouterd-container-puppet.yaml @@ -150,7 +150,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/qdrouterd, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/qdrouterd, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/lib/qdrouterd, 'setype': svirt_sandbox_file_t } metadata_settings: {} post_upgrade_tasks: diff --git a/deployment/metrics/collectd-container-puppet.yaml b/deployment/metrics/collectd-container-puppet.yaml index c883ea0dc4..4325d1f42f 100644 --- a/deployment/metrics/collectd-container-puppet.yaml +++ b/deployment/metrics/collectd-container-puppet.yaml @@ -643,7 +643,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/collectd, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/collectd, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/collectd, 'setype': svirt_sandbox_file_t } - name: collectd logs readme copy: diff --git a/deployment/metrics/qdr-container-puppet.yaml b/deployment/metrics/qdr-container-puppet.yaml index 1ecb0b3316..450f99b4ec 100644 --- a/deployment/metrics/qdr-container-puppet.yaml +++ b/deployment/metrics/qdr-container-puppet.yaml @@ -297,7 +297,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/metrics-qdr, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/metrics-qdr, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/lib/metrics-qdr, 'setype': svirt_sandbox_file_t } - name: qrouterd logs readme copy: diff --git a/deployment/mistral/mistral-api-container-puppet.yaml b/deployment/mistral/mistral-api-container-puppet.yaml index 2f6496fcdb..17343257c5 100644 --- a/deployment/mistral/mistral-api-container-puppet.yaml +++ b/deployment/mistral/mistral-api-container-puppet.yaml @@ -222,7 +222,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/mistral, 'setype': svirt_sandbox_file_t } - name: mistral logs readme copy: diff --git a/deployment/mistral/mistral-engine-container-puppet.yaml b/deployment/mistral/mistral-engine-container-puppet.yaml index 897c112c93..18822768fe 100644 --- a/deployment/mistral/mistral-engine-container-puppet.yaml +++ b/deployment/mistral/mistral-engine-container-puppet.yaml @@ -138,7 +138,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/mistral, 'setype': svirt_sandbox_file_t } - name: mistral logs readme copy: diff --git a/deployment/mistral/mistral-event-engine-container-puppet.yaml b/deployment/mistral/mistral-event-engine-container-puppet.yaml index 2f5479d05f..fb71314f4e 100644 --- a/deployment/mistral/mistral-event-engine-container-puppet.yaml +++ b/deployment/mistral/mistral-event-engine-container-puppet.yaml @@ -113,7 +113,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/mistral, 'setype': svirt_sandbox_file_t } - name: mistral logs readme copy: diff --git a/deployment/mistral/mistral-executor-container-puppet.yaml b/deployment/mistral/mistral-executor-container-puppet.yaml index 1da2b5935f..b286c5ce47 100644 --- a/deployment/mistral/mistral-executor-container-puppet.yaml +++ b/deployment/mistral/mistral-executor-container-puppet.yaml @@ -219,7 +219,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/mistral, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/lib/mistral, 'setype': svirt_sandbox_file_t } - { 'path': /var/log/mistral, 'setype': svirt_sandbox_file_t } - name: create mistral/.ssh directory diff --git a/deployment/nova/nova-ironic-container-puppet.yaml b/deployment/nova/nova-ironic-container-puppet.yaml index 2c2d25ec34..62592388ee 100644 --- a/deployment/nova/nova-ironic-container-puppet.yaml +++ b/deployment/nova/nova-ironic-container-puppet.yaml @@ -221,7 +221,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/nova, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/lib/nova, 'setype': svirt_sandbox_file_t } - { 'path': /var/log/nova, 'setype': svirt_sandbox_file_t } - name: nova logs readme diff --git a/deployment/nova/novajoin-container-puppet.yaml b/deployment/nova/novajoin-container-puppet.yaml index b2adb114a1..78b44458f5 100644 --- a/deployment/nova/novajoin-container-puppet.yaml +++ b/deployment/nova/novajoin-container-puppet.yaml @@ -241,7 +241,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/novajoin, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/novajoin, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/novajoin, 'setype': svirt_sandbox_file_t } - name: novajoin logs readme copy: diff --git a/deployment/octavia/octavia-api-container-puppet.yaml b/deployment/octavia/octavia-api-container-puppet.yaml index 4e61f0d961..c917c12d0a 100644 --- a/deployment/octavia/octavia-api-container-puppet.yaml +++ b/deployment/octavia/octavia-api-container-puppet.yaml @@ -296,8 +296,8 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/httpd/octavia-api, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t, 'mode': '0750' } + - { 'path': /var/log/containers/httpd/octavia-api, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/octavia, 'setype': svirt_sandbox_file_t } - name: octavia logs readme copy: diff --git a/deployment/octavia/octavia-health-manager-container-puppet.yaml b/deployment/octavia/octavia-health-manager-container-puppet.yaml index 0a8b233383..7ae35fb37f 100644 --- a/deployment/octavia/octavia-health-manager-container-puppet.yaml +++ b/deployment/octavia/octavia-health-manager-container-puppet.yaml @@ -154,7 +154,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/octavia, 'setype': svirt_sandbox_file_t } - name: octavia logs readme copy: diff --git a/deployment/octavia/octavia-housekeeping-container-puppet.yaml b/deployment/octavia/octavia-housekeeping-container-puppet.yaml index 3b9453ec26..f14771af87 100644 --- a/deployment/octavia/octavia-housekeeping-container-puppet.yaml +++ b/deployment/octavia/octavia-housekeeping-container-puppet.yaml @@ -153,7 +153,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/octavia, 'setype': svirt_sandbox_file_t } - name: octavia logs readme copy: diff --git a/deployment/octavia/octavia-worker-container-puppet.yaml b/deployment/octavia/octavia-worker-container-puppet.yaml index 44670fc0ff..52cefbf8e5 100644 --- a/deployment/octavia/octavia-worker-container-puppet.yaml +++ b/deployment/octavia/octavia-worker-container-puppet.yaml @@ -140,7 +140,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/octavia, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/octavia, 'setype': svirt_sandbox_file_t } - name: octavia logs readme copy: diff --git a/deployment/ovn/ovn-controller-container-puppet.yaml b/deployment/ovn/ovn-controller-container-puppet.yaml index 6e88984057..cb8767fa22 100644 --- a/deployment/ovn/ovn-controller-container-puppet.yaml +++ b/deployment/ovn/ovn-controller-container-puppet.yaml @@ -273,7 +273,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/openvswitch, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/openvswitch, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/openvswitch, 'setype': openvswitch_log_t } - name: openvswitch logs readme copy: diff --git a/deployment/ovn/ovn-dbs-container-puppet.yaml b/deployment/ovn/ovn-dbs-container-puppet.yaml index 3aafc7fae7..ed3fe2c1d0 100644 --- a/deployment/ovn/ovn-dbs-container-puppet.yaml +++ b/deployment/ovn/ovn-dbs-container-puppet.yaml @@ -207,7 +207,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/openvswitch, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/openvswitch, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/lib/openvswitch/ovn, 'setype': svirt_sandbox_file_t } - { 'path': /var/log/openvswitch, 'setype': openvswitch_log_t } - name: openvswitch logs readme diff --git a/deployment/ovn/ovn-dbs-pacemaker-puppet.yaml b/deployment/ovn/ovn-dbs-pacemaker-puppet.yaml index 4a45f84e4b..1b0c7f316c 100644 --- a/deployment/ovn/ovn-dbs-pacemaker-puppet.yaml +++ b/deployment/ovn/ovn-dbs-pacemaker-puppet.yaml @@ -240,7 +240,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/openvswitch, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/openvswitch, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/lib/openvswitch/ovn, 'setype': svirt_sandbox_file_t } - { 'path': /var/log/openvswitch, 'setype': openvswitch_log_t } - name: openvswitch logs readme diff --git a/deployment/qdr/qdrouterd-container-puppet.yaml b/deployment/qdr/qdrouterd-container-puppet.yaml index 8586675d3e..25b572acce 100644 --- a/deployment/qdr/qdrouterd-container-puppet.yaml +++ b/deployment/qdr/qdrouterd-container-puppet.yaml @@ -139,7 +139,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/qdrouterd, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/qdrouterd, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/lib/qdrouterd, 'setype': svirt_sandbox_file_t } - { 'path': /var/log/qdrouterd, 'setype': svirt_sandbox_file_t } - name: qrouterd logs readme diff --git a/deployment/rabbitmq/rabbitmq-container-puppet.yaml b/deployment/rabbitmq/rabbitmq-container-puppet.yaml index 8418412507..630a5c8281 100644 --- a/deployment/rabbitmq/rabbitmq-container-puppet.yaml +++ b/deployment/rabbitmq/rabbitmq-container-puppet.yaml @@ -348,7 +348,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t } - { 'path': /var/log/rabbitmq, 'setype': svirt_sandbox_file_t } - name: rabbitmq logs readme diff --git a/deployment/rabbitmq/rabbitmq-messaging-notify-container-puppet.yaml b/deployment/rabbitmq/rabbitmq-messaging-notify-container-puppet.yaml index 8bb9427b2a..afa8e49b15 100644 --- a/deployment/rabbitmq/rabbitmq-messaging-notify-container-puppet.yaml +++ b/deployment/rabbitmq/rabbitmq-messaging-notify-container-puppet.yaml @@ -293,7 +293,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t } - { 'path': /var/log/rabbitmq, 'setype': svirt_sandbox_file_t } - name: rabbitmq logs readme diff --git a/deployment/rabbitmq/rabbitmq-messaging-notify-pacemaker-puppet.yaml b/deployment/rabbitmq/rabbitmq-messaging-notify-pacemaker-puppet.yaml index b29d12c06c..7528ddb6be 100644 --- a/deployment/rabbitmq/rabbitmq-messaging-notify-pacemaker-puppet.yaml +++ b/deployment/rabbitmq/rabbitmq-messaging-notify-pacemaker-puppet.yaml @@ -233,7 +233,7 @@ outputs: setype: "{{ item.setype }}" with_items: - { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/rabbitmq, 'setype': svirt_sandbox_file_t } - name: rabbitmq logs readme copy: diff --git a/deployment/rabbitmq/rabbitmq-messaging-pacemaker-puppet.yaml b/deployment/rabbitmq/rabbitmq-messaging-pacemaker-puppet.yaml index 2bab53dd02..6d8765a975 100644 --- a/deployment/rabbitmq/rabbitmq-messaging-pacemaker-puppet.yaml +++ b/deployment/rabbitmq/rabbitmq-messaging-pacemaker-puppet.yaml @@ -233,7 +233,7 @@ outputs: setype: "{{ item.setype }}" with_items: - { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/rabbitmq, 'setype': svirt_sandbox_file_t } - name: rabbitmq logs readme copy: diff --git a/deployment/rabbitmq/rabbitmq-messaging-rpc-container-puppet.yaml b/deployment/rabbitmq/rabbitmq-messaging-rpc-container-puppet.yaml index 2fa9e7a240..3d996f3be9 100644 --- a/deployment/rabbitmq/rabbitmq-messaging-rpc-container-puppet.yaml +++ b/deployment/rabbitmq/rabbitmq-messaging-rpc-container-puppet.yaml @@ -293,7 +293,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t } - { 'path': /var/log/rabbitmq, 'setype': svirt_sandbox_file_t } - name: rabbitmq logs readme diff --git a/deployment/rabbitmq/rabbitmq-messaging-rpc-pacemaker-puppet.yaml b/deployment/rabbitmq/rabbitmq-messaging-rpc-pacemaker-puppet.yaml index 65325cdb5f..84122785d5 100644 --- a/deployment/rabbitmq/rabbitmq-messaging-rpc-pacemaker-puppet.yaml +++ b/deployment/rabbitmq/rabbitmq-messaging-rpc-pacemaker-puppet.yaml @@ -241,7 +241,7 @@ outputs: setype: "{{ item.setype }}" with_items: - { 'path': /var/lib/rabbitmq, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/rabbitmq, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/rabbitmq, 'setype': svirt_sandbox_file_t } - name: rabbitmq logs readme copy: diff --git a/deployment/sahara/sahara-api-container-puppet.yaml b/deployment/sahara/sahara-api-container-puppet.yaml index 319a3205d0..5fb35df142 100644 --- a/deployment/sahara/sahara-api-container-puppet.yaml +++ b/deployment/sahara/sahara-api-container-puppet.yaml @@ -198,7 +198,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/sahara, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/sahara, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/lib/sahara, 'setype': svirt_sandbox_file_t } - { 'path': /var/log/sahara, 'setype': svirt_sandbox_file_t } - name: sahara logs readme diff --git a/deployment/sahara/sahara-engine-container-puppet.yaml b/deployment/sahara/sahara-engine-container-puppet.yaml index fd67b51df2..7defddf414 100644 --- a/deployment/sahara/sahara-engine-container-puppet.yaml +++ b/deployment/sahara/sahara-engine-container-puppet.yaml @@ -127,7 +127,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/sahara, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/sahara, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/lib/sahara, 'setype': svirt_sandbox_file_t } - { 'path': /var/log/sahara, 'setype': svirt_sandbox_file_t } - name: sahara logs readme diff --git a/deployment/swift/swift-proxy-container-puppet.yaml b/deployment/swift/swift-proxy-container-puppet.yaml index caba156504..35396c4ff2 100644 --- a/deployment/swift/swift-proxy-container-puppet.yaml +++ b/deployment/swift/swift-proxy-container-puppet.yaml @@ -437,7 +437,7 @@ outputs: with_items: - { 'path': /srv/node, 'setype': svirt_sandbox_file_t } - { 'path': /var/log/swift, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/swift, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/swift, 'setype': svirt_sandbox_file_t, 'mode': '0750' } deploy_steps_tasks: - name: Configure rsyslog for swift-proxy when: step|int == 1 diff --git a/deployment/swift/swift-storage-container-puppet.yaml b/deployment/swift/swift-storage-container-puppet.yaml index 7ac6eaa228..f856e7584b 100644 --- a/deployment/swift/swift-storage-container-puppet.yaml +++ b/deployment/swift/swift-storage-container-puppet.yaml @@ -588,9 +588,8 @@ outputs: with_items: - { 'path': /srv/node, 'setype': svirt_sandbox_file_t } - { 'path': /var/cache/swift, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/swift, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/swift, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/swift, 'setype': var_log_t } - - { 'path': /var/log/containers, 'setype': svirt_sandbox_file_t } - name: Set swift_use_local_disks fact set_fact: swift_use_local_disks: {get_param: SwiftUseLocalDir} diff --git a/deployment/undercloud/tempest-container-puppet.yaml b/deployment/undercloud/tempest-container-puppet.yaml index 6b57c1d1a2..64c9f22c5f 100644 --- a/deployment/undercloud/tempest-container-puppet.yaml +++ b/deployment/undercloud/tempest-container-puppet.yaml @@ -59,7 +59,7 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/tempest, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/tempest, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/tempest, 'setype': svirt_sandbox_file_t } - { 'path': /var/lib/tempestdata, 'setype': svirt_sandbox_file_t } - { 'path': /var/lib/tempest, 'setype': svirt_sandbox_file_t } diff --git a/deployment/zaqar/zaqar-container-puppet.yaml b/deployment/zaqar/zaqar-container-puppet.yaml index 64b65fea7c..8afee593e9 100644 --- a/deployment/zaqar/zaqar-container-puppet.yaml +++ b/deployment/zaqar/zaqar-container-puppet.yaml @@ -370,8 +370,8 @@ outputs: state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/zaqar, 'setype': svirt_sandbox_file_t } - - { 'path': /var/log/containers/httpd/zaqar, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/zaqar, 'setype': svirt_sandbox_file_t, 'mode': '0750' } + - { 'path': /var/log/containers/httpd/zaqar, 'setype': svirt_sandbox_file_t, 'mode': '0750' } - { 'path': /var/log/zaqar, 'setype': svirt_sandbox_file_t } - name: zaqar logs readme copy: