Merge "Configure SELinux state in kolla ansible"
This commit is contained in:
commit
7b2519bbfa
|
@ -223,3 +223,10 @@
|
|||
- role: kolla-ansible
|
||||
kolla_external_fqdn_cert: "{{ kolla_config_path }}/certificates/haproxy.pem"
|
||||
kolla_ansible_passwords_path: "{{ kayobe_config_path }}/kolla/passwords.yml"
|
||||
# NOTE: This differs from the default SELinux mode in kolla ansible,
|
||||
# which is permissive. The justification for using this mode is twofold:
|
||||
# 1. it avoids filling up the audit log
|
||||
# 2. it avoids an issue seen when using diskimage-builder in the bifrost
|
||||
# container.
|
||||
# We could look at making the SELinux mode configurable in future.
|
||||
kolla_selinux_state: disabled
|
||||
|
|
|
@ -255,3 +255,9 @@ kolla_ansible_custom_passwords: {}
|
|||
# When set, this will copy the contents of this variable into place for
|
||||
# use by HAProxy.
|
||||
kolla_tls_cert:
|
||||
|
||||
###############################################################################
|
||||
# SELinux
|
||||
|
||||
# Desired SELinux state.
|
||||
kolla_selinux_state:
|
||||
|
|
|
@ -398,6 +398,10 @@ bifrost_install_type: source
|
|||
grafana_admin_username: "{{ grafana_local_admin_user_name }}"
|
||||
{% endif %}
|
||||
|
||||
{% if kolla_selinux_state is not none %}
|
||||
selinux_state: {{ kolla_selinux_state }}
|
||||
{% endif %}
|
||||
|
||||
{% if kolla_extra_globals %}
|
||||
#######################
|
||||
# Extra configuration
|
||||
|
|
Loading…
Reference in New Issue