tests: Set lxc-openstack apparmor profile when overlayfs is used
The overlayfs backing store doesn't play well with the unconfined profile and many tools (eg ping, traceroute) are failing to work with the following error: ping: error while loading shared libraries: libcap.so.2: cannot stat shared object: Permission denied As such, lets switch to the lxc-openstack profile is overlayfs is used as the backing store. Change-Id: Ibe1149ee4fedd2b3d487887e504c500c96165467 Related-Bug: #1612412
This commit is contained in:
parent
68f81c679b
commit
887ebaa3ce
|
@ -3,7 +3,8 @@ ansible_host: 10.100.100.3
|
|||
ansible_become: True
|
||||
ansible_user: root
|
||||
lxc_container_config_list:
|
||||
- "lxc.aa_profile=unconfined"
|
||||
# The unconfined profile is causing problems with overlayfs. See https://bugs.launchpad.net/openstack-ansible/+bug/1612412
|
||||
- "lxc.aa_profile={{ (lxc_container_backing_store == 'overlayfs') | ternary('lxc-openstack', 'unconfined') }}"
|
||||
|
||||
# TEST FOR FIXED MAC ADDRESS
|
||||
lxc_container_fixed_mac: true
|
||||
|
|
|
@ -44,7 +44,7 @@
|
|||
- skip_ansible_lint
|
||||
|
||||
- name: Check for the presence of the right aa_profile for container2
|
||||
command: grep "^lxc.aa_profile = unconfined$" /var/lib/lxc/container2/config
|
||||
command: "grep -E '^lxc.aa_profile = {{ (lxc_container_backing_store == 'overlayfs') | ternary('lxc-openstack', 'unconfined') }}$' /var/lib/lxc/container2/config"
|
||||
register: container2_profile
|
||||
failed_when: container2_profile.rc != 0
|
||||
tags:
|
||||
|
|
Loading…
Reference in New Issue