feat: setup galera cluster member profile
- add eyaml support for role - add /data volume for galera cluster members - create profiles::selinux namespace for defining selinux configuration - create profiles::selinux::mysqld for managing specifics for mysqld - create profiles::selinux::setenforce to manage selinux mode - parameterised options required in mysqld::server module - add mariadb repo - add additional facts for managing mysqld and galera
This commit is contained in:
@@ -0,0 +1,44 @@
|
||||
# profiles::selinux::mysqld
|
||||
# selinux settings for mysqld and galera
|
||||
class profiles::selinux::mysqld (
|
||||
Stdlib::Absolutepath $datadir = '/var/lib/mysql',
|
||||
Boolean $persistent = true,
|
||||
Boolean $mysql_connect_any = true,
|
||||
Boolean $selinuxuser_mysql_connect_enabled = true,
|
||||
String $selinux_mode = 'enforcing',
|
||||
){
|
||||
# include packages that are required
|
||||
include profiles::packages::selinux
|
||||
|
||||
# setenforce
|
||||
class { 'profiles::selinux::setenforce':
|
||||
mode => $selinux_mode,
|
||||
}
|
||||
|
||||
# set mysqld_db_t to all files under the datadir
|
||||
selinux::fcontext { $datadir:
|
||||
ensure => 'present',
|
||||
seltype => 'mysqld_db_t',
|
||||
pathspec => "${datadir}(/.*)?",
|
||||
}
|
||||
|
||||
# make sure we can connect to mysql on the local system
|
||||
selboolean { 'selinuxuser_mysql_connect_enabled':
|
||||
persistent => $persistent,
|
||||
value => $selinuxuser_mysql_connect_enabled,
|
||||
}
|
||||
|
||||
# make sure mysql can connect to other hosts
|
||||
selboolean { 'mysql_connect_any':
|
||||
persistent => $persistent,
|
||||
value => $mysql_connect_any,
|
||||
}
|
||||
|
||||
exec { "restorecon_${datadir}":
|
||||
path => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'],
|
||||
command => "restorecon -Rv ${datadir}",
|
||||
refreshonly => true,
|
||||
subscribe => Selinux::Fcontext[$datadir],
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,9 @@
|
||||
# profiles::selinux::setenforce
|
||||
class profiles::selinux::setenforce (
|
||||
Enum['enforcing', 'permissive', 'disabled'] $mode = 'enforcing',
|
||||
) {
|
||||
class { 'selinux':
|
||||
mode => $mode,
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user