From 74d8e65040ce007f18bf4ab518b454e288e4b699 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Jeanneret?= Date: Wed, 26 Sep 2018 17:09:59 +0200 Subject: [PATCH] Do not load dm-multipath module from the container The module must be loaded from the host directly in order to avoid any SELinux issues. There are examples in kolla-ansible and tripleo-heat-templates: - https://review.openstack.org/#/c/605624/ - https://review.openstack.org/#/c/605450/ Change-Id: Ieebb2564e816d83ec4111c211677f0a44488a224 Related-Bug: 1794550 --- docker/multipathd/Dockerfile.j2 | 3 --- docker/multipathd/extend_start.sh | 2 -- releasenotes/notes/do-not-load-modules-9b651e40d3479c39.yaml | 4 ++++ 3 files changed, 4 insertions(+), 5 deletions(-) delete mode 100644 docker/multipathd/extend_start.sh create mode 100644 releasenotes/notes/do-not-load-modules-9b651e40d3479c39.yaml diff --git a/docker/multipathd/Dockerfile.j2 b/docker/multipathd/Dockerfile.j2 index e2fcba2e5b..60c8774c8c 100644 --- a/docker/multipathd/Dockerfile.j2 +++ b/docker/multipathd/Dockerfile.j2 @@ -13,8 +13,5 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {{ macros.install_packages(multipathd_packages | customizable("packages")) }} -COPY extend_start.sh /usr/local/bin/kolla_extend_start -RUN chmod 755 /usr/local/bin/kolla_extend_start - {% block multipathd_footer %}{% endblock %} {% block footer %}{% endblock %} diff --git a/docker/multipathd/extend_start.sh b/docker/multipathd/extend_start.sh deleted file mode 100644 index 42c145da3b..0000000000 --- a/docker/multipathd/extend_start.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/bash -modprobe dm-multipath diff --git a/releasenotes/notes/do-not-load-modules-9b651e40d3479c39.yaml b/releasenotes/notes/do-not-load-modules-9b651e40d3479c39.yaml new file mode 100644 index 0000000000..87c1ac0aea --- /dev/null +++ b/releasenotes/notes/do-not-load-modules-9b651e40d3479c39.yaml @@ -0,0 +1,4 @@ +--- +upgrade: + - Remove kernel module loading from within containers. This must now be done + on the host directly.