80f0176f6a
We have seen this container fail in selinux enforcing mode (rhbz#1698555): A) Enforcing on podman run -it --rm -user=root --net=host -e KOLLA_INSTALL_METATYPE=rhos -e KOLLA_INSTALL_TYPE=binary \ -e KOLLA_BASE_DISTRO=rhel -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS -e KOLLA_DISTRO_PYTHON_VERSION=3.6 \ -v /home/stack/undercloud.conf:/var/lib/undercloud.conf \ -v /var/lib/kolla/config_files/mistral_executor.json:/var/lib/kolla/config_files/config.json \ -v /var/lib/config-data/puppet-generated/mistral/:/var/lib/kolla/config_files/src 68c1f09c2bfa sh ()[root@undercloud-0 /]$ kolla_set_configs INFO:__main__:Loading config file at /var/lib/kolla/config_files/config.json ....snip.... INFO:__main__:Copying /var/lib/kolla/config_files/src/var/www/cgi-bin/mistral/app to /var/www/cgi-bin/mistral/app ERROR:__main__:MissingRequiredSource: /var/lib/undercloud.conf file is not found The error is a bit misleading because the file is actually there: ()[root@undercloud-0 /]$ ls -1 /var/lib/ |grep -i undercloud.conf undercloud.conf The problem is that we cannot access it because selinux is denying us: ()[root@undercloud-0 /]$ ls -lZ /var/lib/undercloud.conf ls: cannot access '/var/lib/undercloud.conf': Permission denied [root@undercloud-0 ~]# ls -ldZ /home/stack/ ; ls -lZ /home/stack/undercloud.conf drwx------. 9 stack stack unconfined_u:object_r:user_home_dir_t:s0 4096 Apr 10 11:06 /home/stack/ -rwxr-xr-x. 1 stack stack unconfined_u:object_r:user_home_t:s0 891 Apr 10 10:23 /home/stack/undercloud.conf Adding ',z' to the undercloud.conf bind mount fixed it for us. What is still left unclear is why we did not get specific 'denied' messages for this access problem. Co-Authored-By: Julie Pichon <jpichon@redhat.com> Change-Id: If061d496a26c84e5027916c0d8f9153b129b451a |
||
|---|---|---|
| .. | ||
| mistral-api-container-puppet.yaml | ||
| mistral-base.yaml | ||
| mistral-engine-container-puppet.yaml | ||
| mistral-event-engine-container-puppet.yaml | ||
| mistral-executor-container-puppet.yaml | ||