Ensure some directories are created with the correct SELinux label

As Podman doesn't create host location for bind-mount, we have to ensure directories actually exists. SELinux labels are also important, since Podman has selinux enabled by default, and there is currently no way to disable it like in Docker. Change-Id: Ic1bede203e8199a296944273cb334027dab940fe
2018-09-05 13:59:21 +02:00 · 2018-09-05 13:59:21 +02:00 · 7719263c27
parent 46ed8d8483
commit 7719263c27
1 changed files with 11 additions and 0 deletions
--- a/common/deploy-steps-tasks.yaml
+++ b/common/deploy-steps-tasks.yaml
@ -42,6 +42,7 @@
          file:
            path: /var/lib/docker-config-scripts
            state: directory
+            setype: svirt_sandbox_file_t


        # The container config files
@ -58,6 +59,7 @@
            dest: "/var/lib/docker-config-scripts/{{ item.key }}"
            force: yes
            mode: "{{ item.value.mode | default('0600', true) }}"
+            setype: svirt_sandbox_file_t
          with_dict: "{{ role_data_docker_config_scripts }}"
          vars:
            role_data_docker_config_scripts: "{{ lookup('file', tripleo_role_name + '/docker_config_scripts.yaml', errors='ignore') | default({}, True) | from_yaml }}"
@ -104,12 +106,21 @@
            selevel: s0
            recurse: true

+        - name: Create /var/lib/config-data directory
+          file:
+            path: /var/lib/config-data
+            state: directory
+            setype: svirt_sandbox_file_t
+            selevel: s0
+            recurse: true
+
        - name: Write kolla config json files
          copy:
            content: "{{ item.value | to_json }}"
            dest: "{{ item.key }}"
            force: yes
            mode: '0600'
+            setype: svirt_sandbox_file_t
          with_dict: "{{ lookup('file', tripleo_role_name + '/kolla_config.yaml', errors='ignore') | default([], True) | from_yaml }}"

        ########################################################