From: John McEleney <john.mceleney@netservers.co.uk>
Date: Wed, 19 Apr 2017 09:12:04 +0000 (+0100)
Subject: Apparmor on Ubuntu Xenial will not permit containers to mount devices, even with... 
X-Git-Tag: v2.3.0rc1~44^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=f1388dc2c211c68e2c0b8e89fde86c1bc205c45a;p=ceph-ansible.git

Apparmor on Ubuntu Xenial will not permit containers to mount devices, even with CAP SYS_ADMIN.
---

diff --git a/roles/ceph-osd/templates/ceph-osd-run.sh.j2 b/roles/ceph-osd/templates/ceph-osd-run.sh.j2
index 8ddd5fff7..bf5ee9b38 100644
--- a/roles/ceph-osd/templates/ceph-osd-run.sh.j2
+++ b/roles/ceph-osd/templates/ceph-osd-run.sh.j2
@@ -24,6 +24,9 @@ fi
   --rm \
   --net=host \
   --cap-add SYS_ADMIN \
+  {% if ansible_distribution == 'Ubuntu' -%}
+  --security-opt apparmor:unconfined \
+  {% endif -%}
   --pid=host \
   {% if not osd_containerized_deployment_with_kv -%}
   -v /var/lib/ceph:/var/lib/ceph \