tripleo-heat-templates/deployment/undercloud/tempest-container-puppet.yaml
Cédric Jeanneret 0875895553 Replace svirt_sandbox_file_t by container_file_t
While they are, at SELinux level, exactly the same (one is an alias to
the other), the "container_file_t" name is easier to understand (and
shorter to write).

A second pass in a couple of days or weeks will be needed in order to
change files that were merged after this first pass.

Change-Id: Ib4b3e65dbaeb5894403301251866b9817240a9d5
2020-02-07 13:33:20 +01:00

70 lines
2.2 KiB
YAML

heat_template_version: rocky
description: >
OpenStack containerized Tempest
parameters:
ContainerTempestImage:
description: image
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
outputs:
role_data:
description: Role data for the tempest service
value:
# It just adds a fake tempest service so that it will be
# available on undercloud.
service_name: tempest
docker_config:
step_2:
tempest_init_logs:
image: &tempest_image {get_param: ContainerTempestImage}
net: none
privileged: false
user: root
volumes:
- /var/log/containers/tempest:/var/log/tempest:z
- /var/lib/tempestdata:/var/lib/tempest:z
command: ['/bin/bash', '-c', 'chown -R tempest:tempest /var/log/tempest /var/lib/tempest']
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/tempest, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/lib/tempestdata, 'setype': container_file_t }
- { 'path': /var/lib/tempest, 'setype': container_file_t }
puppet_config:
config_volume: ''
step_config: ''
config_image: {get_param: ContainerTempestImage}
config_settings: {}