openstack
/
tripleo-heat-templates
Code Issues Proposed changes
Browse Source

Merge "Ensure SELinux context persist across restorecon and reboot"

changes/88/782288/2
Zuul 2 weeks ago
committed by Gerrit Code Review
parent
243e8e0a43 d77fe55516
commit
f8676c05f1
16 changed files with 86 additions and 0 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +8
    -0
      common/common-container-config-scripts.yaml
  2. +5
    -0
      deployment/cinder/cinder-common-container-puppet.yaml
  3. +5
    -0
      deployment/database/mysql-container-puppet.yaml
  4. +5
    -0
      deployment/database/redis-container-puppet.yaml
  5. +5
    -0
      deployment/ironic/ironic-conductor-container-puppet.yaml
  6. +5
    -0
      deployment/ironic/ironic-inspector-container-puppet.yaml
  7. +9
    -0
      deployment/iscsid/iscsid-container-puppet.yaml
  8. +5
    -0
      deployment/manila/manila-share-container-puppet.yaml
  9. +5
    -0
      deployment/messaging/rpc-qdrouterd-container-puppet.yaml
  10. +5
    -0
      deployment/qdr/qdrouterd-container-puppet.yaml
  11. +5
    -0
      deployment/rabbitmq/rabbitmq-container-puppet.yaml
  12. +5
    -0
      deployment/rabbitmq/rabbitmq-messaging-notify-container-puppet.yaml
  13. +5
    -0
      deployment/rabbitmq/rabbitmq-messaging-pacemaker-puppet.yaml
  14. +5
    -0
      deployment/rabbitmq/rabbitmq-messaging-rpc-container-puppet.yaml
  15. +5
    -0
      deployment/rabbitmq/rabbitmq-messaging-rpc-pacemaker-puppet.yaml
  16. +4
    -0
      deployment/swift/swift-storage-container-puppet.yaml

+ 8
- 0
common/common-container-config-scripts.yaml View File

@ -1,3 +1,11 @@
- name: Create fcontext entry for container-config-scripts
sefcontext:
target: "/var/lib/container-config-scripts(/.*)?"
setype: container_file_t
state: present
tags:
- container_config_scripts
- name: Create /var/lib/container-config-scripts
become: true
file:


+ 5
- 0
deployment/cinder/cinder-common-container-puppet.yaml View File

@ -107,6 +107,11 @@ outputs:
cinder_common_host_prep_tasks:
description: Common host prep tasks for cinder-volume and cinder-backup services
value: &cinder_common_host_prep_tasks
- name: create fcontext entry for cinder data
sefcontext:
target: "/var/lib/cinder(/.*)?"
setype: container_file_t
state: present
- name: create persistent directories
file:
path: "{{ item.path }}"


+ 5
- 0
deployment/database/mysql-container-puppet.yaml View File

@ -261,6 +261,11 @@ outputs:
deploy_steps_tasks:
get_attr: [MysqlBase, role_data, deploy_steps_tasks]
host_prep_tasks:
- name: create fcontext entry for mysql data
sefcontext:
target: "/var/lib/mysql(/.*)?"
setype: container_file_t
state: present
- name: create persistent directories
file:
path: "{{ item.path }}"


+ 5
- 0
deployment/database/redis-container-puppet.yaml View File

@ -240,6 +240,11 @@ outputs:
- {get_param: RedisCertificateKeySize}
ca: ipa
host_prep_tasks:
- name: create fcontext entry for redis data
sefcontext:
target: "/var/run/redis(/.*)?" # conflicts with equivalency rule '/run /var/run' - have to use /var/run here...
setype: container_file_t
state: present
- name: create persistent directories
file:
path: "{{ item.path }}"


+ 5
- 0
deployment/ironic/ironic-conductor-container-puppet.yaml View File

@ -586,6 +586,11 @@ outputs:
vars:
modules:
- name: iscsi_tcp
- name: create fcontext entry for ironic data
sefcontext:
target: "/var/lib/ironic(/.*)?"
setype: container_file_t
state: present
- name: create persistent directories
file:
path: "{{ item.path }}"


+ 5
- 0
deployment/ironic/ironic-inspector-container-puppet.yaml View File

@ -519,6 +519,11 @@ outputs:
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
host_prep_tasks:
- name: create fcontext entry for ironic-inspector data
sefcontext:
target: "/var/lib/ironic-inspector/dhcp-hostsdir(/.*)?"
setype: container_file_t
state: present
- name: create persistent directories
file:
path: "{{ item.path }}"


+ 9
- 0
deployment/iscsid/iscsid-container-puppet.yaml View File

@ -144,6 +144,15 @@ outputs:
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
host_prep_tasks:
- name: create fcontext entry for iscsi
sefcontext:
target: "{{ item.path }}(/.*)?"
setype: "{{ item.setype }}"
state: present
with_items:
- { 'path': /etc/iscsi, 'setype': container_file_t }
- { 'path': /etc/target, 'setype': container_file_t }
- { 'path': /var/lib/iscsi, 'setype': container_file_t }
- name: create persistent directories
file:
path: "{{ item.path }}"


+ 5
- 0
deployment/manila/manila-share-container-puppet.yaml View File

@ -178,6 +178,11 @@ outputs:
volumes: {get_attr: [ManilaShareCommon, manila_share_volumes]}
environment: {get_attr: [ManilaShareCommon, manila_share_environment]}
host_prep_tasks:
- name: create fcontext entry for manila data
sefcontext:
target: "/var/lib/manila(/.*)?"
setype: container_file_t
state: present
- name: create persistent directories
file:
path: "{{ item.path }}"


+ 5
- 0
deployment/messaging/rpc-qdrouterd-container-puppet.yaml View File

@ -140,6 +140,11 @@ outputs:
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
host_prep_tasks:
- name: create fcontext entry for qdrouterd data
sefcontext:
target: "/var/lib/qdrouterd(/.*)?"
setype: container_file_t
state: present
- name: create persistent logs directory
file:
path: "{{ item.path }}"


+ 5
- 0
deployment/qdr/qdrouterd-container-puppet.yaml View File

@ -130,6 +130,11 @@ outputs:
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
host_prep_tasks:
- name: create fcontext entry for qrouterd data
sefcontext:
target: "/var/lib/qdrouterd(/.*)?"
setype: container_file_t
state: present
- name: create persistent directories
file:
path: "{{ item.path }}"


+ 5
- 0
deployment/rabbitmq/rabbitmq-container-puppet.yaml View File

@ -387,6 +387,11 @@ outputs:
- {get_param: RabbitmqCertificateKeySize}
ca: ipa
host_prep_tasks:
- name: creat fcontext entry for rabbitmq data
sefcontext:
target: "/var/lib/rabbitmq(/.*)?"
setype: container_file_t
state: present
- name: create persistent directories
file:
path: "{{ item.path }}"


+ 5
- 0
deployment/rabbitmq/rabbitmq-messaging-notify-container-puppet.yaml View File

@ -322,6 +322,11 @@ outputs:
- {get_param: RabbitmqMessageCertificateKeySize}
ca: ipa
host_prep_tasks:
- name: create fcontext for rabbitmq data
sefcontext:
target: "/var/lib/rabbitmq(/.*)?"
setype: container_file_t
state: present
- name: create persistent directories
file:
path: "{{ item.path }}"


+ 5
- 0
deployment/rabbitmq/rabbitmq-messaging-pacemaker-puppet.yaml View File

@ -221,6 +221,11 @@ outputs:
# update (scale-out, etc.)
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
host_prep_tasks:
- name: create fcontext for rabbitmq data
sefcontext:
target: "/var/lib/rabbitmq(/.*)?"
setype: container_file_t
state: present
- name: create persistent directories
file:
path: "{{ item.path }}"


+ 5
- 0
deployment/rabbitmq/rabbitmq-messaging-rpc-container-puppet.yaml View File

@ -322,6 +322,11 @@ outputs:
- {get_param: RpcCertificateKeySize}
ca: ipa
host_prep_tasks:
- name: create fcontext for rabbitmq data
sefcontext:
target: "/var/lib/rabbitmq(/.*)?"
setype: container_file_t
state: present
- name: create persistent directories
file:
path: "{{ item.path }}"


+ 5
- 0
deployment/rabbitmq/rabbitmq-messaging-rpc-pacemaker-puppet.yaml View File

@ -223,6 +223,11 @@ outputs:
metadata_settings:
get_attr: [RabbitmqBase, role_data, metadata_settings]
host_prep_tasks:
- name: create fcontext for rabbitmq data
sefcontext:
target: "/var/lib/rabbitmq(/.*)?"
setype: container_file_t
state: present
- name: create persistent directories
file:
path: "{{ item.path }}"


+ 4
- 0
deployment/swift/swift-storage-container-puppet.yaml View File

@ -602,6 +602,10 @@ outputs:
- {}
host_prep_tasks:
# NOTE: we can't set fcontext for swift locations since they are
# already set in openstack-selinux package. In order to work around
# this specific case, the following change is being pushed:
# https://github.com/redhat-openstack/openstack-selinux/pull/73
- name: create persistent directories
file:
path: "{{ item.path }}"


Write Preview
Loading…
Cancel
Save