tripleo-heat-templates/deployment/octavia
Cédric Jeanneret ae5fa916f7 Enable CAP_AUDIT_WRITE for some containers/steps
Usually, db_sync involves call to "sudo". Such call are now logging a
warning/error in the host log due to a recently removed capability in
podman, the CAP_AUDIT_WRITE. This capability allows containers to write
in the audit log whenever there's a security related thing.

Sudo isn't the only one needing this access - sshd also writes in the
audit. Since the nova-migration-target runs sshd, enabling the
capability in there will ensure we're keeping clean track of the
accesses.

Change-Id: I8972b16254b141e7102ea87cb6c0d489d8426751
Closes-Bug: #1991219
2022-10-03 13:31:59 +02:00
..
providers Fix typos in comments and parameter descriptions 2022-08-03 17:07:11 +05:30
octavia-api-container-puppet.yaml Enable CAP_AUDIT_WRITE for some containers/steps 2022-10-03 13:31:59 +02:00
octavia-base.yaml Revert "Disable [oslo_messaging_rabbit] heartbeat_in_pthread" 2022-08-30 18:58:32 +09:00
octavia-deployment-config.j2.yaml Fix typos in comments and parameter descriptions 2022-08-03 17:07:11 +05:30
octavia-health-manager-container-puppet.yaml Filter excluded nodes from ansible delegates 2022-09-20 12:54:22 +09:00
octavia-housekeeping-container-puppet.yaml Filter excluded nodes from ansible delegates 2022-09-20 12:54:22 +09:00
octavia-worker-container-puppet.yaml Filter excluded nodes from ansible delegates 2022-09-20 12:54:22 +09:00