From ae1ab563e54be81b723cfd6f619d500e2de94835 Mon Sep 17 00:00:00 2001 From: Michael Johnson Date: Tue, 10 Apr 2018 09:35:11 -0700 Subject: [PATCH] Move o-hm0 dhcp config under /etc/dhcp Apparmor will block dhclient from accessing the o-hm0 configuration file under /etc/octavia. This patch moves our dhclient.conf under /etc/dhcp/octavia to allow the dhclient to access the file when apparmor is running. Change-Id: I3153f8bd9237470f406a9edeb4e2a0767fc747b8 Story: 1673269 Task: 5434 --- devstack/plugin.sh | 4 ++-- devstack/settings | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/devstack/plugin.sh b/devstack/plugin.sh index ae9ef9d3b8..cba0058f0e 100644 --- a/devstack/plugin.sh +++ b/devstack/plugin.sh @@ -305,8 +305,8 @@ function octavia_configure { fi # create dhclient.conf file for dhclient - mkdir -m755 -p $OCTAVIA_DHCLIENT_DIR - cp $OCTAVIA_DIR/etc/dhcp/dhclient.conf $OCTAVIA_DHCLIENT_CONF + sudo mkdir -m755 -p $OCTAVIA_DHCLIENT_DIR + sudo cp $OCTAVIA_DIR/etc/dhcp/dhclient.conf $OCTAVIA_DHCLIENT_CONF if [[ "$OCTAVIA_USE_MOD_WSGI" == "True" ]]; then if [[ "$WSGI_MODE" == "uwsgi" ]]; then diff --git a/devstack/settings b/devstack/settings index 52a428f55a..3a4c2bdb1c 100644 --- a/devstack/settings +++ b/devstack/settings @@ -9,7 +9,9 @@ OCTAVIA_BIN_DIR=${OCTAVIA_BIN_DIR:-$(get_python_exec_prefix)} OCTAVIA_CONF_DIR=${OCTAVIA_CONF_DIR:-"/etc/octavia"} OCTAVIA_SSH_DIR=${OCTAVIA_SSH_DIR:-${OCTAVIA_CONF_DIR}/.ssh} OCTAVIA_CERTS_DIR=${OCTAVIA_CERTS_DIR:-${OCTAVIA_CONF_DIR}/certs} -OCTAVIA_DHCLIENT_DIR=${OCTAVIA_DHCLIENT_DIR:-${OCTAVIA_CONF_DIR}/dhcp} +# This needs to be under /etc/dhcp for apparmor +# See https://storyboard.openstack.org/#!/story/1673269 +OCTAVIA_DHCLIENT_DIR=${OCTAVIA_DHCLIENT_DIR:-"/etc/dhcp/octavia"} OCTAVIA_DHCLIENT_CONF=${OCTAVIA_DHCLIENT_CONF:-${OCTAVIA_DHCLIENT_DIR}/dhclient.conf} OCTAVIA_CONF=${OCTAVIA_CONF:-${OCTAVIA_CONF_DIR}/octavia.conf} OCTAVIA_TEMPEST_DIR=${OCTAVIA_TEMPEST_DIR:-${OCTAVIA_DIR}/octavia/tests/tempest}