Merge "Ensure SELinux context persist across restorecon and reboot"
This commit is contained in:
commit
f8676c05f1
|
@ -1,3 +1,11 @@
|
||||||
|
- name: Create fcontext entry for container-config-scripts
|
||||||
|
sefcontext:
|
||||||
|
target: "/var/lib/container-config-scripts(/.*)?"
|
||||||
|
setype: container_file_t
|
||||||
|
state: present
|
||||||
|
tags:
|
||||||
|
- container_config_scripts
|
||||||
|
|
||||||
- name: Create /var/lib/container-config-scripts
|
- name: Create /var/lib/container-config-scripts
|
||||||
become: true
|
become: true
|
||||||
file:
|
file:
|
||||||
|
|
|
@ -107,6 +107,11 @@ outputs:
|
||||||
cinder_common_host_prep_tasks:
|
cinder_common_host_prep_tasks:
|
||||||
description: Common host prep tasks for cinder-volume and cinder-backup services
|
description: Common host prep tasks for cinder-volume and cinder-backup services
|
||||||
value: &cinder_common_host_prep_tasks
|
value: &cinder_common_host_prep_tasks
|
||||||
|
- name: create fcontext entry for cinder data
|
||||||
|
sefcontext:
|
||||||
|
target: "/var/lib/cinder(/.*)?"
|
||||||
|
setype: container_file_t
|
||||||
|
state: present
|
||||||
- name: create persistent directories
|
- name: create persistent directories
|
||||||
file:
|
file:
|
||||||
path: "{{ item.path }}"
|
path: "{{ item.path }}"
|
||||||
|
|
|
@ -261,6 +261,11 @@ outputs:
|
||||||
deploy_steps_tasks:
|
deploy_steps_tasks:
|
||||||
get_attr: [MysqlBase, role_data, deploy_steps_tasks]
|
get_attr: [MysqlBase, role_data, deploy_steps_tasks]
|
||||||
host_prep_tasks:
|
host_prep_tasks:
|
||||||
|
- name: create fcontext entry for mysql data
|
||||||
|
sefcontext:
|
||||||
|
target: "/var/lib/mysql(/.*)?"
|
||||||
|
setype: container_file_t
|
||||||
|
state: present
|
||||||
- name: create persistent directories
|
- name: create persistent directories
|
||||||
file:
|
file:
|
||||||
path: "{{ item.path }}"
|
path: "{{ item.path }}"
|
||||||
|
|
|
@ -240,6 +240,11 @@ outputs:
|
||||||
- {get_param: RedisCertificateKeySize}
|
- {get_param: RedisCertificateKeySize}
|
||||||
ca: ipa
|
ca: ipa
|
||||||
host_prep_tasks:
|
host_prep_tasks:
|
||||||
|
- name: create fcontext entry for redis data
|
||||||
|
sefcontext:
|
||||||
|
target: "/var/run/redis(/.*)?" # conflicts with equivalency rule '/run /var/run' - have to use /var/run here...
|
||||||
|
setype: container_file_t
|
||||||
|
state: present
|
||||||
- name: create persistent directories
|
- name: create persistent directories
|
||||||
file:
|
file:
|
||||||
path: "{{ item.path }}"
|
path: "{{ item.path }}"
|
||||||
|
|
|
@ -586,6 +586,11 @@ outputs:
|
||||||
vars:
|
vars:
|
||||||
modules:
|
modules:
|
||||||
- name: iscsi_tcp
|
- name: iscsi_tcp
|
||||||
|
- name: create fcontext entry for ironic data
|
||||||
|
sefcontext:
|
||||||
|
target: "/var/lib/ironic(/.*)?"
|
||||||
|
setype: container_file_t
|
||||||
|
state: present
|
||||||
- name: create persistent directories
|
- name: create persistent directories
|
||||||
file:
|
file:
|
||||||
path: "{{ item.path }}"
|
path: "{{ item.path }}"
|
||||||
|
|
|
@ -519,6 +519,11 @@ outputs:
|
||||||
environment:
|
environment:
|
||||||
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
||||||
host_prep_tasks:
|
host_prep_tasks:
|
||||||
|
- name: create fcontext entry for ironic-inspector data
|
||||||
|
sefcontext:
|
||||||
|
target: "/var/lib/ironic-inspector/dhcp-hostsdir(/.*)?"
|
||||||
|
setype: container_file_t
|
||||||
|
state: present
|
||||||
- name: create persistent directories
|
- name: create persistent directories
|
||||||
file:
|
file:
|
||||||
path: "{{ item.path }}"
|
path: "{{ item.path }}"
|
||||||
|
|
|
@ -144,6 +144,15 @@ outputs:
|
||||||
environment:
|
environment:
|
||||||
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
||||||
host_prep_tasks:
|
host_prep_tasks:
|
||||||
|
- name: create fcontext entry for iscsi
|
||||||
|
sefcontext:
|
||||||
|
target: "{{ item.path }}(/.*)?"
|
||||||
|
setype: "{{ item.setype }}"
|
||||||
|
state: present
|
||||||
|
with_items:
|
||||||
|
- { 'path': /etc/iscsi, 'setype': container_file_t }
|
||||||
|
- { 'path': /etc/target, 'setype': container_file_t }
|
||||||
|
- { 'path': /var/lib/iscsi, 'setype': container_file_t }
|
||||||
- name: create persistent directories
|
- name: create persistent directories
|
||||||
file:
|
file:
|
||||||
path: "{{ item.path }}"
|
path: "{{ item.path }}"
|
||||||
|
|
|
@ -178,6 +178,11 @@ outputs:
|
||||||
volumes: {get_attr: [ManilaShareCommon, manila_share_volumes]}
|
volumes: {get_attr: [ManilaShareCommon, manila_share_volumes]}
|
||||||
environment: {get_attr: [ManilaShareCommon, manila_share_environment]}
|
environment: {get_attr: [ManilaShareCommon, manila_share_environment]}
|
||||||
host_prep_tasks:
|
host_prep_tasks:
|
||||||
|
- name: create fcontext entry for manila data
|
||||||
|
sefcontext:
|
||||||
|
target: "/var/lib/manila(/.*)?"
|
||||||
|
setype: container_file_t
|
||||||
|
state: present
|
||||||
- name: create persistent directories
|
- name: create persistent directories
|
||||||
file:
|
file:
|
||||||
path: "{{ item.path }}"
|
path: "{{ item.path }}"
|
||||||
|
|
|
@ -140,6 +140,11 @@ outputs:
|
||||||
environment:
|
environment:
|
||||||
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
||||||
host_prep_tasks:
|
host_prep_tasks:
|
||||||
|
- name: create fcontext entry for qdrouterd data
|
||||||
|
sefcontext:
|
||||||
|
target: "/var/lib/qdrouterd(/.*)?"
|
||||||
|
setype: container_file_t
|
||||||
|
state: present
|
||||||
- name: create persistent logs directory
|
- name: create persistent logs directory
|
||||||
file:
|
file:
|
||||||
path: "{{ item.path }}"
|
path: "{{ item.path }}"
|
||||||
|
|
|
@ -130,6 +130,11 @@ outputs:
|
||||||
environment:
|
environment:
|
||||||
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
||||||
host_prep_tasks:
|
host_prep_tasks:
|
||||||
|
- name: create fcontext entry for qrouterd data
|
||||||
|
sefcontext:
|
||||||
|
target: "/var/lib/qdrouterd(/.*)?"
|
||||||
|
setype: container_file_t
|
||||||
|
state: present
|
||||||
- name: create persistent directories
|
- name: create persistent directories
|
||||||
file:
|
file:
|
||||||
path: "{{ item.path }}"
|
path: "{{ item.path }}"
|
||||||
|
|
|
@ -387,6 +387,11 @@ outputs:
|
||||||
- {get_param: RabbitmqCertificateKeySize}
|
- {get_param: RabbitmqCertificateKeySize}
|
||||||
ca: ipa
|
ca: ipa
|
||||||
host_prep_tasks:
|
host_prep_tasks:
|
||||||
|
- name: creat fcontext entry for rabbitmq data
|
||||||
|
sefcontext:
|
||||||
|
target: "/var/lib/rabbitmq(/.*)?"
|
||||||
|
setype: container_file_t
|
||||||
|
state: present
|
||||||
- name: create persistent directories
|
- name: create persistent directories
|
||||||
file:
|
file:
|
||||||
path: "{{ item.path }}"
|
path: "{{ item.path }}"
|
||||||
|
|
|
@ -322,6 +322,11 @@ outputs:
|
||||||
- {get_param: RabbitmqMessageCertificateKeySize}
|
- {get_param: RabbitmqMessageCertificateKeySize}
|
||||||
ca: ipa
|
ca: ipa
|
||||||
host_prep_tasks:
|
host_prep_tasks:
|
||||||
|
- name: create fcontext for rabbitmq data
|
||||||
|
sefcontext:
|
||||||
|
target: "/var/lib/rabbitmq(/.*)?"
|
||||||
|
setype: container_file_t
|
||||||
|
state: present
|
||||||
- name: create persistent directories
|
- name: create persistent directories
|
||||||
file:
|
file:
|
||||||
path: "{{ item.path }}"
|
path: "{{ item.path }}"
|
||||||
|
|
|
@ -221,6 +221,11 @@ outputs:
|
||||||
# update (scale-out, etc.)
|
# update (scale-out, etc.)
|
||||||
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
|
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
|
||||||
host_prep_tasks:
|
host_prep_tasks:
|
||||||
|
- name: create fcontext for rabbitmq data
|
||||||
|
sefcontext:
|
||||||
|
target: "/var/lib/rabbitmq(/.*)?"
|
||||||
|
setype: container_file_t
|
||||||
|
state: present
|
||||||
- name: create persistent directories
|
- name: create persistent directories
|
||||||
file:
|
file:
|
||||||
path: "{{ item.path }}"
|
path: "{{ item.path }}"
|
||||||
|
|
|
@ -322,6 +322,11 @@ outputs:
|
||||||
- {get_param: RpcCertificateKeySize}
|
- {get_param: RpcCertificateKeySize}
|
||||||
ca: ipa
|
ca: ipa
|
||||||
host_prep_tasks:
|
host_prep_tasks:
|
||||||
|
- name: create fcontext for rabbitmq data
|
||||||
|
sefcontext:
|
||||||
|
target: "/var/lib/rabbitmq(/.*)?"
|
||||||
|
setype: container_file_t
|
||||||
|
state: present
|
||||||
- name: create persistent directories
|
- name: create persistent directories
|
||||||
file:
|
file:
|
||||||
path: "{{ item.path }}"
|
path: "{{ item.path }}"
|
||||||
|
|
|
@ -223,6 +223,11 @@ outputs:
|
||||||
metadata_settings:
|
metadata_settings:
|
||||||
get_attr: [RabbitmqBase, role_data, metadata_settings]
|
get_attr: [RabbitmqBase, role_data, metadata_settings]
|
||||||
host_prep_tasks:
|
host_prep_tasks:
|
||||||
|
- name: create fcontext for rabbitmq data
|
||||||
|
sefcontext:
|
||||||
|
target: "/var/lib/rabbitmq(/.*)?"
|
||||||
|
setype: container_file_t
|
||||||
|
state: present
|
||||||
- name: create persistent directories
|
- name: create persistent directories
|
||||||
file:
|
file:
|
||||||
path: "{{ item.path }}"
|
path: "{{ item.path }}"
|
||||||
|
|
|
@ -602,6 +602,10 @@ outputs:
|
||||||
- {}
|
- {}
|
||||||
|
|
||||||
host_prep_tasks:
|
host_prep_tasks:
|
||||||
|
# NOTE: we can't set fcontext for swift locations since they are
|
||||||
|
# already set in openstack-selinux package. In order to work around
|
||||||
|
# this specific case, the following change is being pushed:
|
||||||
|
# https://github.com/redhat-openstack/openstack-selinux/pull/73
|
||||||
- name: create persistent directories
|
- name: create persistent directories
|
||||||
file:
|
file:
|
||||||
path: "{{ item.path }}"
|
path: "{{ item.path }}"
|
||||||
|
|
Loading…
Reference in New Issue