Comment 8 for bug 1812274

OK - so at least directories are OK. We can spot the following issues:
- certificates don't have the right type (ca_01.pem, client.pem and cakey.pem)
- the files located in conf.d don't inherits their parent type for some reason (post-deploy.conf, manager-post-deploy.conf and worker-post-deploy.conf).

According to this[1][2], config files are created by ansible ini_file. I'd push the setype in the different calls to that one, and check what's going on.

Next step will be the certificate - octavia won't be allowed to access them as well, for the same reason. Care to check how they are created, and maybe add the requested things?

Cheers,

C.

[1] https://github.com/openstack/tripleo-common/blob/master/playbooks/roles/octavia-controller-post-config/tasks/main.yml#L30-L38
[2] https://github.com/openstack/tripleo-common/blob/master/playbooks/roles/octavia-controller-config/tasks/octavia.yml#L5-L12
(note: there are probably other calls)