Have selinux allow docker<=>nginx communication

0551f36d · Toshio Kuratomi · cfda5690 · 0551f36d · 0551f36d
Commit 0551f36d authored Mar 18, 2015 by Toshio Kuratomi
Show whitespace changes
Inline Side-by-side

Showing with 18 additions and 1 deletions

test/integration/roles/test_docker/tasks/docker-tests.yml
+4 -1

test/integration/roles/test_docker/tasks/registry-tests.yml
+14 -0

No files found.
--- a/test/integration/roles/test_docker/tasks/docker-tests.yml
+++ b/test/integration/roles/test_docker/tasks/docker-tests.yml
@@ -72,5 +72,8 @@
    that:
      - "'hello world' in docker_output.stdout_lines"
- name: Remove the busybox image from the local docker
+- name: Remove containers
+  shell: "docker rm $(docker ps -aq)"
+- name: Remove all images from the local docker
  shell: "docker rmi -f $(docker images -q)"
--- a/test/integration/roles/test_docker/tasks/registry-tests.yml
+++ b/test/integration/roles/test_docker/tasks/registry-tests.yml
@@ -90,6 +90,20 @@
    that:
      - "{{ docker_output.stdout_lines| length }} <= 1"
+#
+# Private registry secured with an SSL proxy
+#
+- name: Set selinux to allow docker to connect to nginx
+  seboolean:
+    name: docker_connect_any
+    state: yes
+- name: Set selinux to allow nginx to connect to docker
+  seboolean:
+    name: httpd_can_network_connect
+    state: yes
 - name: Setup nginx with a user/password
  copy:
    src: docker-registry.htpasswd