From 887ebaa3ce4538f495729defee65bfde3f1bba05 Mon Sep 17 00:00:00 2001 From: Markos Chandras Date: Thu, 18 Jan 2018 12:28:29 +0000 Subject: [PATCH] tests: Set lxc-openstack apparmor profile when overlayfs is used The overlayfs backing store doesn't play well with the unconfined profile and many tools (eg ping, traceroute) are failing to work with the following error: ping: error while loading shared libraries: libcap.so.2: cannot stat shared object: Permission denied As such, lets switch to the lxc-openstack profile is overlayfs is used as the backing store. Change-Id: Ibe1149ee4fedd2b3d487887e504c500c96165467 Related-Bug: #1612412 --- tests/host_vars/container2.yml | 3 ++- tests/test-containers-functional.yml | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/host_vars/container2.yml b/tests/host_vars/container2.yml index 716fbe2..b57f3b5 100644 --- a/tests/host_vars/container2.yml +++ b/tests/host_vars/container2.yml @@ -3,7 +3,8 @@ ansible_host: 10.100.100.3 ansible_become: True ansible_user: root lxc_container_config_list: - - "lxc.aa_profile=unconfined" + # The unconfined profile is causing problems with overlayfs. See https://bugs.launchpad.net/openstack-ansible/+bug/1612412 + - "lxc.aa_profile={{ (lxc_container_backing_store == 'overlayfs') | ternary('lxc-openstack', 'unconfined') }}" # TEST FOR FIXED MAC ADDRESS lxc_container_fixed_mac: true diff --git a/tests/test-containers-functional.yml b/tests/test-containers-functional.yml index 854fef2..8338c2b 100644 --- a/tests/test-containers-functional.yml +++ b/tests/test-containers-functional.yml @@ -44,7 +44,7 @@ - skip_ansible_lint - name: Check for the presence of the right aa_profile for container2 - command: grep "^lxc.aa_profile = unconfined$" /var/lib/lxc/container2/config + command: "grep -E '^lxc.aa_profile = {{ (lxc_container_backing_store == 'overlayfs') | ternary('lxc-openstack', 'unconfined') }}$' /var/lib/lxc/container2/config" register: container2_profile failed_when: container2_profile.rc != 0 tags: