]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph-ansible.git/commit
projects / ceph-ansible.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fdf2016) | patch
Turn off SELinux separation for containers MON and RGW
authorTeoman ONAY <tonay@redhat.com>
Mon, 7 Mar 2022 09:31:14 +0000 (10:31 +0100)
committerGuillaume Abrioux <gabrioux@redhat.com>
Thu, 10 Mar 2022 15:17:35 +0000 (16:17 +0100)
commitde447d168e195fdc84de91fc90638780712aeed1
treeff59456ff2c7c05f86ebbdea922bc7e1bb250e84tree | snapshot
parentfdf201686e830e37653717e4e603826fb586a611commit | diff
Turn off SELinux separation for containers MON and RGW

Initially MONs and RGW binded /etc/pki/ca-trust/extracted using the :z flag
(introduced to solve an OSP TripleO issue on RHEL - #3638) but using
this flag prevents local services (like sssd) running on the host from accessing
the certificates/files in that folder.

Signed-off-by: Teoman ONAY <tonay@redhat.com>
(cherry picked from commit 7e8ce2567ec7f163c763547252a7a5bcc983fd98)
roles/ceph-container-common/tasks/prerequisites.yml diff | blob | history
roles/ceph-mon/templates/ceph-mon.service.j2 diff | blob | history
roles/ceph-rgw/templates/ceph-radosgw.service.j2 diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.