Merge "Remove disable-selinux from default DIB elements"

2023-10-26 15:38:50 +00:00 · 2023-10-26 15:38:50 +00:00 · 6c9957f3c5
commit 6c9957f3c5
parent b250fbc10e d149118449
7 changed files with 20 additions and 36 deletions
--- a/ansible/inventory/group_vars/all/bifrost
+++ b/ansible/inventory/group_vars/all/bifrost
@ -28,11 +28,8 @@ kolla_bifrost_dib_os_element: "{{ os_distribution }}"
 # DIB image OS release. Default is {{ os_release }}.
 kolla_bifrost_dib_os_release: "{{ os_release }}"
-# List of default DIB elements. Default is ["disable-selinux",
+# List of default DIB elements. Default is ["enable-serial-console", "vm"].
 # "enable-serial-console", "vm"] when os_distribution is "centos" or "rocky",
 # ["enable-serial-console", "vm"] otherwise.
 kolla_bifrost_dib_elements_default:
  - "{% if os_distribution in ['centos', 'rocky'] %}disable-selinux{% endif %}"
  - "enable-serial-console"
  - "vm"
--- a/ansible/inventory/group_vars/all/overcloud-dib
+++ b/ansible/inventory/group_vars/all/overcloud-dib
@ -32,17 +32,11 @@ overcloud_dib_os_element: "{{ 'rocky-container' if os_distribution == 'rocky' el
 # DIB image OS release. Default is {{ os_release }}.
 overcloud_dib_os_release: "{{ os_release }}"
-# List of default DIB elements. Default is ["centos", "cloud-init-datasources",
+# List of default DIB elements. Default is ["{{ overcloud_dib_os_element }}",
-# "disable-selinux", "enable-serial-console", "vm"] when
+# "cloud-init-datasources", "enable-serial-console", "vm"].
 # overcloud_dib_os_element is "centos", or ["rocky-container",
 # "cloud-init-datasources", "disable-selinux", "enable-serial-console", "vm"]
 # when overcloud_dib_os_element is "rocky" or
 # ["ubuntu", "cloud-init-datasources", "enable-serial-console", "vm"]
 # when overcloud_dib_os_element is "ubuntu".
 overcloud_dib_elements_default:
  - "{{ overcloud_dib_os_element }}"
  - "cloud-init-datasources"
  - "{% if overcloud_dib_os_element in ['centos', 'rocky'] %}disable-selinux{% endif %}"
  - "enable-serial-console"
  - "vm"
--- a/doc/source/configuration/reference/bifrost.rst
+++ b/doc/source/configuration/reference/bifrost.rst
@ -64,11 +64,9 @@ the default method of building images with
    *Added in the Train release. Use kolla_bifrost_dib_elements in earlier
    releases.*
-    List of default DIB elements. Default is ``["disable-selinux",
+    List of default DIB elements. Default is ``["enable-serial-console",
-    "enable-serial-console", "vm"]`` when ``os_distribution`` is ``centos`` or
+    "vm"]``. The ``vm`` element is poorly named, and causes DIB to build a
-    ``rocky``, ``["enable-serial-console", "vm"]`` otherwise. The ``vm`` element
+    whole disk image rather than a single partition.
    is poorly named, and causes DIB to build a whole disk image rather than a
    single partition.
 ``kolla_bifrost_dib_elements_extra``
    *Added in the Train release. Use kolla_bifrost_dib_elements in earlier
    releases.*
--- a/doc/source/configuration/reference/overcloud-dib.rst
+++ b/doc/source/configuration/reference/overcloud-dib.rst
@ -55,15 +55,10 @@ the configuration drive built by Bifrost during provisioning.
 ``overcloud_dib_os_release``
    DIB image OS release. Default is ``{{ os_release }}``.
 ``overcloud_dib_elements_default``
-    List of default DIB elements. Default is ``["centos",
+    List of default DIB elements. Default is ``["{{ overcloud_dib_os_element
-    "cloud-init-datasources", "disable-selinux", "enable-serial-console",
+    }}", "cloud-init-datasources", "enable-serial-console", "vm"]``. The ``vm``
-    "vm"]`` when ``overcloud_dib_os_element`` is ``centos``, or
+    element is poorly named, and causes DIB to build a whole disk image rather
-    ``["rocky-container", "cloud-init-datasources", "disable-selinux",
+    than a single partition.
    "enable-serial-console", "vm"]`` when overcloud_dib_os_element is ``rocky``
    or ``["ubuntu", "cloud-init-datasources", "enable-serial-console", "vm"]``
    when ``overcloud_dib_os_element`` is ``ubuntu``. The ``vm`` element is
    poorly named, and causes DIB to build a whole disk image rather than a
    single partition.
 ``overcloud_dib_elements_extra``
    List of additional DIB elements. Default is none.
 ``overcloud_dib_elements``
--- a/etc/kayobe/bifrost.yml
+++ b/etc/kayobe/bifrost.yml
@ -28,9 +28,7 @@
 # DIB image OS release. Default is {{ os_release }}.
 #kolla_bifrost_dib_os_release:
-# List of default DIB elements. Default is ["disable-selinux",
+# List of default DIB elements. Default is ["enable-serial-console", "vm"].
 # "enable-serial-console", "vm"] when os_distribution is "centos", or
 # ["enable-serial-console", "vm"] otherwise.
 #kolla_bifrost_dib_elements_default:
 # List of additional DIB elements. Default is none.
--- a/etc/kayobe/overcloud-dib.yml
+++ b/etc/kayobe/overcloud-dib.yml
@ -28,13 +28,8 @@
 # DIB image OS release. Default is {{ os_release }}.
 #overcloud_dib_os_release:
-# List of default DIB elements. Default is ["centos", "cloud-init-datasources",
+# List of default DIB elements. Default is ["{{ overcloud_dib_os_element }}",
-# "disable-selinux", "enable-serial-console", "vm"] when
+# "cloud-init-datasources", "enable-serial-console", "vm"].
 # overcloud_dib_os_element is "centos", or ["rocky-container",
 # "cloud-init-datasources", "disable-selinux", "enable-serial-console", "vm"]
 # when overcloud_dib_os_element is "rocky" or
 # ["ubuntu", "cloud-init-datasources", "enable-serial-console", "vm"]
 # when overcloud_dib_os_element is "ubuntu".
 #overcloud_dib_elements_default:
 # List of additional DIB elements. Default is none.
--- a/releasenotes/notes/dib-remove-disable-selinux-11c4fb8823c005fa.yaml
+++ b/releasenotes/notes/dib-remove-disable-selinux-11c4fb8823c005fa.yaml
@ -0,0 +1,7 @@
 ---
 upgrade:
  - |
    Removes the ``disable-selinux`` element from the default lists of DIB
    elements. This makes host images more compatible with the default SELinux
    configuration applied by Kayobe, which is ``permissive`` since the Zed
    release.