fix apparmor profile for non-standard nova home

Code Issues Proposed changes

in cases when non-standard path to nova instances is configured with nova_system_home_folder variable there may be problems with instances spawning due to libvirt virt-aa-helper missing permission in apparmor profile, this commit resolves this
Change-Id: I3d37eb5a9635044570690370dfcbc060ff4d9e49

This commit is contained in:

Aleksandr Chudinov

2024年03月12日 15:51:49 +02:00

parent bfa8e12fcc

commit 7bec243c62

2 changed files with 22 additions and 0 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

5
handlers/main.yml

View File

@@ -88,3 +88,8 @@

- "venv changed"

- "cert installed"

- "systemd service changed"

- name:Reload apparmor profile

ansible.builtin.service:

name:apparmor.service

state:reloaded

17
tasks/drivers/kvm/nova_compute_kvm.yml

View File

@@ -135,6 +135,23 @@

- nova-kvm

- nova-libvirt

- name:Set apparmor config (Ubuntu/Debian)

lineinfile:

dest:"/etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper"

line:" {{ nova_system_home_folder }}/instances/_base/* r,"

backup:true

create:true

owner:"root"

group:"root"

mode:"0644"

when:

- ansible_facts['distribution'] == 'Ubuntu' or ansible_facts['distribution'] == 'Debian'

notify:Reload apparmor profile

tags:

- nova-config

- nova-kvm

- nova-libvirt

- name:Including nova_disable_smt tasks

include_tasks:nova_disable_smt.yml

when: