diff --git a/roles/ceph-mds/tasks/docker/main.yml b/roles/ceph-mds/tasks/docker/main.yml index fe9ca1d53..1c92d4845 100644 --- a/roles/ceph-mds/tasks/docker/main.yml +++ b/roles/ceph-mds/tasks/docker/main.yml @@ -9,5 +9,8 @@ when: ceph_health.rc != 0 - include: pre_requisite.yml +- include: selinux.yml + when: ansible_os_family == 'RedHat' + - include: fetch_configs.yml - include: start_docker_mds.yml diff --git a/roles/ceph-mds/tasks/docker/selinux.yml b/roles/ceph-mds/tasks/docker/selinux.yml new file mode 100644 index 000000000..3630824d7 --- /dev/null +++ b/roles/ceph-mds/tasks/docker/selinux.yml @@ -0,0 +1,13 @@ +--- +- name: check if selinux is enabled + command: getenforce + register: sestatus + changed_when: false + +- name: set selinux permissions + shell: chcon -Rt svirt_sandbox_file_t {{ item }} + with_items: + - /etc/ceph + - /var/lib/ceph + changed_when: false + when: sestatus.stdout != 'Disabled' diff --git a/roles/ceph-mon/tasks/docker/main.yml b/roles/ceph-mon/tasks/docker/main.yml index d59291b15..22489ff99 100644 --- a/roles/ceph-mon/tasks/docker/main.yml +++ b/roles/ceph-mon/tasks/docker/main.yml @@ -9,6 +9,9 @@ when: ceph_health.rc != 0 - include: pre_requisite.yml +- include: selinux.yml + when: ansible_os_family == 'RedHat' + - include: fetch_configs.yml - include: start_docker_monitor.yml - include: copy_configs.yml diff --git a/roles/ceph-mon/tasks/docker/selinux.yml b/roles/ceph-mon/tasks/docker/selinux.yml new file mode 100644 index 000000000..3630824d7 --- /dev/null +++ b/roles/ceph-mon/tasks/docker/selinux.yml @@ -0,0 +1,13 @@ +--- +- name: check if selinux is enabled + command: getenforce + register: sestatus + changed_when: false + +- name: set selinux permissions + shell: chcon -Rt svirt_sandbox_file_t {{ item }} + with_items: + - /etc/ceph + - /var/lib/ceph + changed_when: false + when: sestatus.stdout != 'Disabled' diff --git a/roles/ceph-osd/tasks/docker/main.yml b/roles/ceph-osd/tasks/docker/main.yml index 956ac924e..b0a2a27fd 100644 --- a/roles/ceph-osd/tasks/docker/main.yml +++ b/roles/ceph-osd/tasks/docker/main.yml @@ -9,5 +9,8 @@ when: ceph_health.rc != 0 - include: pre_requisite.yml +- include: selinux.yml + when: ansible_os_family == 'RedHat' + - include: fetch_configs.yml - include: start_docker_osd.yml diff --git a/roles/ceph-osd/tasks/docker/selinux.yml b/roles/ceph-osd/tasks/docker/selinux.yml new file mode 100644 index 000000000..3630824d7 --- /dev/null +++ b/roles/ceph-osd/tasks/docker/selinux.yml @@ -0,0 +1,13 @@ +--- +- name: check if selinux is enabled + command: getenforce + register: sestatus + changed_when: false + +- name: set selinux permissions + shell: chcon -Rt svirt_sandbox_file_t {{ item }} + with_items: + - /etc/ceph + - /var/lib/ceph + changed_when: false + when: sestatus.stdout != 'Disabled' diff --git a/roles/ceph-rgw/tasks/docker/main.yml b/roles/ceph-rgw/tasks/docker/main.yml index 48ef901b9..ffd5db2e6 100644 --- a/roles/ceph-rgw/tasks/docker/main.yml +++ b/roles/ceph-rgw/tasks/docker/main.yml @@ -9,5 +9,8 @@ when: ceph_health.rc != 0 - include: pre_requisite.yml +- include: selinux.yml + when: ansible_os_family == 'RedHat' + - include: fetch_configs.yml - include: start_docker_rgw.yml diff --git a/roles/ceph-rgw/tasks/docker/selinux.yml b/roles/ceph-rgw/tasks/docker/selinux.yml new file mode 100644 index 000000000..3630824d7 --- /dev/null +++ b/roles/ceph-rgw/tasks/docker/selinux.yml @@ -0,0 +1,13 @@ +--- +- name: check if selinux is enabled + command: getenforce + register: sestatus + changed_when: false + +- name: set selinux permissions + shell: chcon -Rt svirt_sandbox_file_t {{ item }} + with_items: + - /etc/ceph + - /var/lib/ceph + changed_when: false + when: sestatus.stdout != 'Disabled'