From 64a8eae55bf09c6b258563230329a8f205a7bc3d Mon Sep 17 00:00:00 2001
From: Dusty Mabe <dusty@dustymabe.com>
Date: Mon, 28 Nov 2016 19:41:19 -0500
Subject: fix selinux issues with etcd container

Make it so that we don't relabel /etc/etcd/ (via `:z`) on every run.
Doing this causes systemd to fail accessing /etc/etcd/etcd.conf when
trying to run the systemd unit file on the next run. Convert it from
`:z` to `:ro` since we only need read-only access to the files.

Fixes #2811
---
 roles/etcd/templates/etcd.docker.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/etcd/templates/etcd.docker.service b/roles/etcd/templates/etcd.docker.service
index cf957ede8..ae059b549 100644
--- a/roles/etcd/templates/etcd.docker.service
+++ b/roles/etcd/templates/etcd.docker.service
@@ -7,7 +7,7 @@ PartOf=docker.service
 [Service]
 EnvironmentFile=/etc/etcd/etcd.conf
 ExecStartPre=-/usr/bin/docker rm -f {{ etcd_service }}
-ExecStart=/usr/bin/docker run --name {{ etcd_service }} --rm -v /var/lib/etcd:/var/lib/etcd:z -v /etc/etcd:/etc/etcd:z --env-file=/etc/etcd/etcd.conf --net=host --entrypoint=/usr/bin/etcd {{ openshift.etcd.etcd_image }}
+ExecStart=/usr/bin/docker run --name {{ etcd_service }} --rm -v /var/lib/etcd:/var/lib/etcd:z -v /etc/etcd:/etc/etcd:ro --env-file=/etc/etcd/etcd.conf --net=host --entrypoint=/usr/bin/etcd {{ openshift.etcd.etcd_image }}
 ExecStop=/usr/bin/docker stop {{ etcd_service }}
 SyslogIdentifier=etcd_container
 Restart=always
-- 
cgit v1.2.3