tripleo

  1. Bug #1682179
  2. Comment #11

Comment 11 for bug 1682179

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-heat-templates (master)

Reviewed: https://review.openstack.org/513669
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=1fc928512590b119318e7089e5f3d45f8839b385
Submitter: Zuul
Branch: master

commit 1fc928512590b119318e7089e5f3d45f8839b385
Author: Bogdan Dobrelya <email address hidden>
Date: Fri Oct 20 11:00:18 2017 +0200

    Allow containerized undercloud deploy with SELinux

    When SELinux is enforcing, use the docker volume mount flag
    :z for the docker-puppet tool's bind-mounted volumes in RW mode.
    Note, if a volume mount with a Z, then the label will be specific
    to the container, and not be able to be shared between containers.

    Volumes from /etc/pki mounted RO do not require the context changes.
    For those RO volumes that do require it, use :ro,z.

    For deploy-steps, make sure ansible file resources in /var/lib/
    are enforced the same SELinux context attributes what docker's :z
    provides.

    Partial-bug: #1682179
    Related-bug: #1723003

    Change-Id: Idc0caa49573bd88e8410d3d4217fd39e9aabf8f2
    Signed-off-by: Bogdan Dobrelya <email address hidden>