]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph-ansible.git/commit
projects / ceph-ansible.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c618712) | patch
Turn off SELinux separation for containers MON and RGW
authorTeoman ONAY <tonay@redhat.com>
Mon, 7 Mar 2022 09:31:14 +0000 (10:31 +0100)
committerGuillaume Abrioux <gabrioux@redhat.com>
Thu, 10 Mar 2022 15:16:04 +0000 (16:16 +0100)
commitf1f64f0f4f458135e8a9cd880ad63250826d7e3a
tree0581718ebf8fbfc8639154a21462e4812d1c2ef7tree | snapshot
parentc618712f1462fbb5f8431b98780a01d70034837fcommit | diff
Turn off SELinux separation for containers MON and RGW

Initially MONs and RGW binded /etc/pki/ca-trust/extracted using the :z flag
(introduced to solve an OSP TripleO issue on RHEL - #3638) but using
this flag prevents local services (like sssd) running on the host from accessing
the certificates/files in that folder.

Signed-off-by: Teoman ONAY <tonay@redhat.com>
(cherry picked from commit 7e8ce2567ec7f163c763547252a7a5bcc983fd98)
roles/ceph-container-common/tasks/prerequisites.yml diff | blob | history
roles/ceph-mon/templates/ceph-mon.service.j2 diff | blob | history
roles/ceph-rgw/templates/ceph-radosgw.service.j2 diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.