Add proper permission for selinux

author Sébastien Han <seb@redhat.com>

Wed, 21 Oct 2015 10:02:50 +0000 (12:02 +0200)

committer Sébastien Han <seb@redhat.com>

Wed, 21 Oct 2015 10:11:32 +0000 (12:11 +0200)
author Sébastien Han <seb@redhat.com>
Wed, 21 Oct 2015 10:02:50 +0000 (12:02 +0200)
committer Sébastien Han <seb@redhat.com>
Wed, 21 Oct 2015 10:11:32 +0000 (12:11 +0200)
diff --git a/roles/ceph-mds/tasks/docker/main.yml b/roles/ceph-mds/tasks/docker/main.yml

index fe9ca1d53c7bdaeaea02ac8f7a5d045654d7b75f..1c92d484560423187b6f41f3724b64b7e459819c 100644 (file)
--- a/roles/ceph-mds/tasks/docker/main.yml
+++ b/roles/ceph-mds/tasks/docker/main.yml
@@ -9,5 +9,8 @@
    when: ceph_health.rc != 0
  
  - include: pre_requisite.yml
+- include: selinux.yml
+  when: ansible_os_family == 'RedHat'
+
  - include: fetch_configs.yml
  - include: start_docker_mds.yml
diff --git a/roles/ceph-mds/tasks/docker/selinux.yml b/roles/ceph-mds/tasks/docker/selinux.yml

new file mode 100644 (file)

index 0000000..3630824
--- /dev/null
+++ b/roles/ceph-mds/tasks/docker/selinux.yml
@@ -0,0 +1,13 @@
+---
+- name: check if selinux is enabled
+  command: getenforce
+  register: sestatus
+  changed_when: false
+
+- name: set selinux permissions
+  shell: chcon -Rt svirt_sandbox_file_t {{ item }}
+  with_items:
+    - /etc/ceph
+    - /var/lib/ceph
+  changed_when: false
+  when: sestatus.stdout != 'Disabled'
diff --git a/roles/ceph-mon/tasks/docker/main.yml b/roles/ceph-mon/tasks/docker/main.yml

index d59291b153a5b1ebe8ed6e0b707fbbf5a2eef25f..22489ff99921b230f8839537802850846b1fefd0 100644 (file)
--- a/roles/ceph-mon/tasks/docker/main.yml
+++ b/roles/ceph-mon/tasks/docker/main.yml
@@ -9,6 +9,9 @@
    when: ceph_health.rc != 0
  
  - include: pre_requisite.yml
+- include: selinux.yml
+  when: ansible_os_family == 'RedHat'
+
  - include: fetch_configs.yml
  - include: start_docker_monitor.yml
  - include: copy_configs.yml
diff --git a/roles/ceph-mon/tasks/docker/selinux.yml b/roles/ceph-mon/tasks/docker/selinux.yml

new file mode 100644 (file)

index 0000000..3630824
--- /dev/null
+++ b/roles/ceph-mon/tasks/docker/selinux.yml
@@ -0,0 +1,13 @@
+---
+- name: check if selinux is enabled
+  command: getenforce
+  register: sestatus
+  changed_when: false
+
+- name: set selinux permissions
+  shell: chcon -Rt svirt_sandbox_file_t {{ item }}
+  with_items:
+    - /etc/ceph
+    - /var/lib/ceph
+  changed_when: false
+  when: sestatus.stdout != 'Disabled'
diff --git a/roles/ceph-osd/tasks/docker/main.yml b/roles/ceph-osd/tasks/docker/main.yml

index 956ac924e833984146a20de974356c18737461f8..b0a2a27fda2f6cd8dfc1137425f6c87643715f3d 100644 (file)
--- a/roles/ceph-osd/tasks/docker/main.yml
+++ b/roles/ceph-osd/tasks/docker/main.yml
@@ -9,5 +9,8 @@
    when: ceph_health.rc != 0
  
  - include: pre_requisite.yml
+- include: selinux.yml
+  when: ansible_os_family == 'RedHat'
+
  - include: fetch_configs.yml
  - include: start_docker_osd.yml
diff --git a/roles/ceph-osd/tasks/docker/selinux.yml b/roles/ceph-osd/tasks/docker/selinux.yml

new file mode 100644 (file)

index 0000000..3630824
--- /dev/null
+++ b/roles/ceph-osd/tasks/docker/selinux.yml
@@ -0,0 +1,13 @@
+---
+- name: check if selinux is enabled
+  command: getenforce
+  register: sestatus
+  changed_when: false
+
+- name: set selinux permissions
+  shell: chcon -Rt svirt_sandbox_file_t {{ item }}
+  with_items:
+    - /etc/ceph
+    - /var/lib/ceph
+  changed_when: false
+  when: sestatus.stdout != 'Disabled'
diff --git a/roles/ceph-rgw/tasks/docker/main.yml b/roles/ceph-rgw/tasks/docker/main.yml

index 48ef901b9a372c5d0190b7dc1efc8bc24fe98da9..ffd5db2e60a960be6f78b0a17fe64d3c8b546939 100644 (file)
--- a/roles/ceph-rgw/tasks/docker/main.yml
+++ b/roles/ceph-rgw/tasks/docker/main.yml
@@ -9,5 +9,8 @@
    when: ceph_health.rc != 0
  
  - include: pre_requisite.yml
+- include: selinux.yml
+  when: ansible_os_family == 'RedHat'
+
  - include: fetch_configs.yml
  - include: start_docker_rgw.yml
diff --git a/roles/ceph-rgw/tasks/docker/selinux.yml b/roles/ceph-rgw/tasks/docker/selinux.yml

new file mode 100644 (file)

index 0000000..3630824
--- /dev/null
+++ b/roles/ceph-rgw/tasks/docker/selinux.yml
@@ -0,0 +1,13 @@
+---
+- name: check if selinux is enabled
+  command: getenforce
+  register: sestatus
+  changed_when: false
+
+- name: set selinux permissions
+  shell: chcon -Rt svirt_sandbox_file_t {{ item }}
+  with_items:
+    - /etc/ceph
+    - /var/lib/ceph
+  changed_when: false
+  when: sestatus.stdout != 'Disabled'
author	Sébastien Han <seb@redhat.com>
	Wed, 21 Oct 2015 10:02:50 +0000 (12:02 +0200)
committer	Sébastien Han <seb@redhat.com>
	Wed, 21 Oct 2015 10:11:32 +0000 (12:11 +0200)
roles/ceph-mds/tasks/docker/main.yml		patch \| blob \| history
roles/ceph-mds/tasks/docker/selinux.yml	[new file with mode: 0644]	patch \| blob
roles/ceph-mon/tasks/docker/main.yml		patch \| blob \| history
roles/ceph-mon/tasks/docker/selinux.yml	[new file with mode: 0644]	patch \| blob
roles/ceph-osd/tasks/docker/main.yml		patch \| blob \| history
roles/ceph-osd/tasks/docker/selinux.yml	[new file with mode: 0644]	patch \| blob
roles/ceph-rgw/tasks/docker/main.yml		patch \| blob \| history
roles/ceph-rgw/tasks/docker/selinux.yml	[new file with mode: 0644]	patch \| blob