Do not load iscsi_tcp from within a container.

The module must be loaded from the host directly in order
to avoid any SELinux issues.

There are examples in kolla-ansible and tripleo-heat-templates:
- https://review.openstack.org/#/c/605624/
- https://review.openstack.org/#/c/605450/

Change-Id: Ica68a109c3ed577e6a339ef315b576061cd557e5
Related-Bug: 1794550
This commit is contained in:
Cédric Jeanneret 2018-09-26 17:06:50 +02:00
parent 188c46cc4a
commit b4a7bcae62
3 changed files with 0 additions and 9 deletions

View File

@ -103,11 +103,6 @@ RUN {{ macros.install_pip(ironic_conductor_pip_packages | customizable("pip_pack
{{ macros.install_packages(ironic_conductor_packages | customizable("packages")) }}
COPY extend_start.sh /usr/local/bin/kolla_ironic_extend_start
COPY iscsi_tcp_sudoers /etc/sudoers.d/kolla_iscsi_tcp_sudoers
RUN chmod 755 /usr/local/bin/kolla_ironic_extend_start \
&& chmod 440 /etc/sudoers.d/kolla_iscsi_tcp_sudoers
{% block ironic_conductor_footer %}{% endblock %}
{% block footer %}{% endblock %}

View File

@ -1,3 +0,0 @@
#!/bin/bash
sudo modprobe iscsi_tcp

View File

@ -1 +0,0 @@
ironic ALL=(root) NOPASSWD: /usr/sbin/modprobe iscsi_tcp, /sbin/modprobe iscsi_tcp