Skip to content

Commit

Permalink
Add :z to volume mount to fix the selinux context.
Browse files Browse the repository at this point in the history 
After merge of [1], In Downstream cockpit, triggering ruck_rover.py
commands from inside telegraf_py3 container are failing with below
error because of selinux issues.

~~~
[root@telegraf_py3 /]# ./usr/local/bin/ruck_rover.py --release osp16-2 --distro rhel-8 --component ui --influx
.
.
OSError: Could not find a suitable TLS CA certificate bundle, invalid path: /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt

[root@telegraf_py3 pki]# ls
ls: cannot open directory '.': Permission denied
~~~

We are not hitting above issue if we set selinux to
permissive mode(setenforce 0) on host.

As per[2], adding z to mount will automatically set the correct selinux
context on host directory, docker will do this automatically
"chcon -Rt svirt_sandbox_file_t /etc/pki".

[1] https://review.rdoproject.org/r/c/rdo-infra/ci-config/+/39335
[2] https://web.archive.org/web/20190728100417/https://www.projectatomic.io/blog/2015/06/using-volumes-with-docker-can-cause-problems-with-selinux/

Change-Id: Ib7a1dd246a7e23aa00b72e911beb87d3b096c137
  • Loading branch information
@Sandeepyadav93
Sandeepyadav93 authored and Zuul CI committed Apr 7, 2022
1 parent 57660c6 commit ef60d16
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion ci-scripts/infra-setup/roles/rrcockpit/files/docker-compose.yml
View file
Expand Up @@ -84,7 +84,7 @@ services:
- influxdb
volumes:
- telegraf-volume:/tmp/telegraf_py3
- /etc/pki/:/etc/pki/
- /etc/pki/:/etc/pki/:z

compare_rpms:
build: compare_rpms
Expand Down

0 comments on commit ef60d16

Please sign in to comment.