]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph-ansible.git/commit
projects / ceph-ansible.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 45b3e50) | patch
Turn off SELinux separation for containers MON and RGW
authorTeoman ONAY <tonay@redhat.com>
Mon, 7 Mar 2022 09:31:14 +0000 (10:31 +0100)
committerGuillaume Abrioux <gabrioux@redhat.com>
Mon, 9 May 2022 11:44:04 +0000 (13:44 +0200)
commitb22e1b87d12d7374f2a76b63d37877b84a3b0e03
tree832dd02ca9818eea02b1e7907f65d5d16396fb36tree | snapshot
parent45b3e50e25e6a94d2b841773ed0902032ae41b01commit | diff
Turn off SELinux separation for containers MON and RGW

Initially MONs and RGW binded /etc/pki/ca-trust/extracted using the :z flag
(introduced to solve an OSP TripleO issue on RHEL - #3638) but using
this flag prevents local services (like sssd) running on the host from accessing
the certificates/files in that folder.

Signed-off-by: Teoman ONAY <tonay@redhat.com>
(cherry picked from commit 7e8ce2567ec7f163c763547252a7a5bcc983fd98)
(cherry picked from commit cf44ad76f6858520bae97940bb3aaf171f74e24c)
roles/ceph-container-common/tasks/prerequisites.yml diff | blob | history
roles/ceph-mon/templates/ceph-mon.service.j2 diff | blob | history
roles/ceph-rgw/templates/ceph-radosgw.service.j2 diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.