Skip to content

Instantly share code, notes, and snippets.

View cjeanner's full-sized avatar

Cédric Jeanneret cjeanner

10 followers · 0 following
View GitHub Profile
@cjeanner
cjeanner / tlsconfig.yaml
Last active May 25, 2018 15:09
tls-ansible
---
- name: get parameters
set_fact:
cert_path: {get_param: DeployedSSLCertificatePath}
cert_content: {get_param: SSLCertificate}
chain_content: {get_param: SSLIntermediateCertificate}
key_content: {get_param: SSLKey}
no_log: true
- name: get DeployedSSLCertificatePath attributes
@cjeanner
cjeanner / validation_example.yaml
Created August 14, 2018 08:59
Possible way to run validations from t-h-t
heat_template_version: rocky
description: >
OpenStack containerized Cinder API service
parameters: {}
outputs:
role_data: {}
...
@cjeanner
cjeanner / log.txt
Created August 16, 2018 10:38
paunch error
2018-08-16 10:34:32.735 1613 ERROR tripleoclient.v1.tripleo_deploy.Deploy [ ] [
[
"Debug output for task which failed: Start containers for step 1",
{
"changed": false,
"failed_when_result": true,
"_ansible_no_log": false,
"_ansible_verbose_always": true,
"outputs.stdout_lines | default([]) | union(outputs.stderr_lines | default([]))": [
"'module' object has no attribute 'PodmanBuilder'",
@cjeanner
cjeanner / podman-cert_t.te
Created August 22, 2018 14:26
podman-cert_t.te
module podman-cert_t 1.0;
require {
type cert_t;
type container_t;
class file { open read };
class dir read;
}
#============= container_t ==============
@cjeanner
cjeanner / podman-ovs.te
Created August 22, 2018 14:27
podman-ovs
module podman-ovs 1.0;
require {
type openvswitch_t;
type container_t;
class unix_stream_socket connectto;
}
#============= container_t ==============
@cjeanner
cjeanner / default.md
Created August 28, 2018 13:03
podman.diff

diff --git a/common/deploy-steps-tasks.yaml b/common/deploy-steps-tasks.yaml index 5b41317d9..ac7c85325 100644 --- a/common/deploy-steps-tasks.yaml +++ b/common/deploy-steps-tasks.yaml @@ -100,7 +100,7 @@ file: path: /var/lib/kolla/config_files state: directory

  •        setype: svirt_sandbox_file_t
  • setype: container_var_lib_t
@cjeanner
cjeanner / Dockerfile
Created September 3, 2018 12:21
podman-builder
FROM centos:latest
RUN yum update -y && \
yum install -y atomic-registries \
btrfs-progs-devel \
conmon \
containernetworking-cni \
device-mapper-devel \
git \
glib2-devel \
glibc-devel \
@cjeanner
cjeanner / podman-list.txt
Created October 2, 2018 14:44
podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES IS INFRA
88d30d241d7f docker.io/tripleomaster/centos-binary-nova-api:1e2db34c7fabe8591b3a84edaf92e313016caaaa_9e598812 /usr/bin/bootstrap_... 10 minutes ago Exited (0) 10 minutes ago nova_online_migrations false
1e32a2fa2c0d docker.io/tripleomaster/centos-binary-ironic-api:1e2db34c7fabe8591b3a84edaf92e313016caaaa_9e598812 /usr/bin/bootstrap_... 10 minutes ago Exited (0) 10 minutes ago ironic_online_migrations false
ce94f8ec6469 docker.io/tripleomaster/centos-binary-nova-api:1e2db34c7fabe8591b3a84edaf92e313016caaaa_9e598812 /usr/bin/bootstrap_... 11 minutes ago Exited (0) 10 minutes ago nova_api_discover_hosts
@cjeanner
cjeanner / TODO
Last active October 2, 2018 18:05
podman-in-podman and selinux
[root@undercloud ~]# podman run --rm --user root -ti --security-opt label=disable -v /var/lib/containers:/var/lib/containers:rw -v /etc/containers:/etc/containers:ro -v /usr/bin:/usr/bin:ro -v /dev/shm:/dev/shm:rw -v /usr/libexec/podman/conmon:/usr/libexec/podman/conmon:ro -v /usr/lib64/libseccomp.so.2:/usr/lib64/libseccomp.so.2:ro -v /usr/lib64/libseccomp.so.2.3.1:/usr/lib64/libseccomp.so.2.3.1:ro docker.io/tripleomaster/centos-binary-neutron-server:965941f1e62cef16967e7a7cd6d98263e52acb62_0989b280 /bin/bash
()[root@f79e547c44ef /]# podman ps
ERRO[0000] 'overlay' is not supported over xfs at "/var/lib/containers/storage/overlay"
error creating libpod runtime: kernel does not support overlay fs: 'overlay' is not supported over xfs at "/var/lib/containers/storage/overlay": backing file system is unsupported for this graph driver
()[root@f79e547c44ef /]#
@cjeanner
cjeanner / foo
Created October 2, 2018 18:44
error
-bash-4.2# podman --log-level=debug pull 192.168.24.1:8787/tripleomaster/centos-binary-heat-engine:current-tripleo-updated-20181002154658
DEBU[0000] [graphdriver] trying provided driver "overlay"
DEBU[0000] overlay: override_kernelcheck=true
DEBU[0000] overlay test mount with multiple lowers succeeded
DEBU[0000] backingFs=extfs, projectQuotaSupported=false, useNativeDiff=true
INFO[0000] Found CNI network podman (type=bridge) at /etc/cni/net.d/87-podman-bridge.conflist
DEBU[0000] Initializing boltdb state at /var/lib/containers/storage/libpod/bolt_state.db
DEBU[0000] Set libpod namespace to ""
DEBU[0000] parsed reference into "[overlay@/var/lib/containers/storage+/var/run/containers/storage:overlay.override_kernel_check=true]192.168.24.1:8787/tripleomaster/centos-binary-heat-engine
:current-tripleo-updated-20181002154658"