Merge ~cjwatson/turnip:storage-lxd-profile into turnip:master

Proposed by Colin Watson
Status: Merged
Approved by: Colin Watson
Approved revision: 3bf3d0d2f486551daf7363c824f3d7aef3924adf
Merge reported by: Otto Co-Pilot
Merged at revision: not available
Proposed branch: ~cjwatson/turnip:storage-lxd-profile
Merge into: turnip:master
Diff against target: 16 lines (+10/-0)
1 file modified
charm/layer/turnip-storage/lxd-profile.yaml (+10/-0)
Reviewer Review Type Date Requested Status
Simon Davy (community) Approve
Review via email: mp+372421@code.launchpad.net

Commit message

Add LXD profile for turnip-storage charms

This works as of Juju 2.5.0, and removes the need to set a custom
profile for the whole model to allow NFS mounting.

To post a comment you must log in.
~cjwatson/turnip:storage-lxd-profile updated
3bf3d0d... by Colin Watson

Mark turnip-storage containers as privileged

Linux doesn't mark NFS as usable in user namespaces, so without
security.privileged=true the mount will fail with EPERM.

Revision history for this message
Simon Davy (bloodearnest) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/charm/layer/turnip-storage/lxd-profile.yaml b/charm/layer/turnip-storage/lxd-profile.yaml
2new file mode 100644
3index 0000000..52ba2e3
4--- /dev/null
5+++ b/charm/layer/turnip-storage/lxd-profile.yaml
6@@ -0,0 +1,10 @@
7+name: turnip-storage
8+config:
9+ raw.apparmor: |
10+ mount fstype=nfs,
11+ mount fstype=nfs4,
12+ mount fstype=nfsd,
13+ mount fstype=rpc_pipefs,
14+ security.privileged: true
15+description: "Allow NFS mounting for turnip storage"
16+devices: {}

Subscribers

People subscribed via source and target branches