feat: add edgecache role
- add edge-caching role - add mirror for debian, almalinux and epel repositories - export service as edgecache in consul
This commit is contained in:
@@ -0,0 +1,56 @@
|
||||
# profiles::edgecache::selinux
|
||||
class profiles::edgecache::selinux {
|
||||
|
||||
include profiles::edgecache::params
|
||||
|
||||
$data_root = $profiles::edgecache::params::data_root
|
||||
|
||||
if $::facts['os']['selinux']['config_mode'] == 'enforcing' {
|
||||
|
||||
# set httpd_sys_content_t to all files under the www_root
|
||||
selinux::fcontext { "${data_root}/pub":
|
||||
ensure => 'present',
|
||||
seltype => 'httpd_sys_content_t',
|
||||
pathspec => "${data_root}/pub(/.*)?",
|
||||
}
|
||||
|
||||
# set httpd_sys_rw_content_t to all files under the cache_root
|
||||
selinux::fcontext { "${data_root}/cache":
|
||||
ensure => 'present',
|
||||
seltype => 'httpd_sys_rw_content_t',
|
||||
pathspec => "${data_root}/cache(/.*)?",
|
||||
}
|
||||
selinux::fcontext { "${data_root}/cache_tmp":
|
||||
ensure => 'present',
|
||||
seltype => 'httpd_sys_rw_content_t',
|
||||
pathspec => "${data_root}/cache_tmp(/.*)?",
|
||||
}
|
||||
|
||||
# make sure we can connect to other hosts
|
||||
selboolean { 'httpd_can_network_connect':
|
||||
persistent => true,
|
||||
value => 'on',
|
||||
}
|
||||
|
||||
exec { "restorecon_${data_root}/pub":
|
||||
path => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'],
|
||||
command => "restorecon -Rv ${data_root}/pub",
|
||||
refreshonly => true,
|
||||
subscribe => Selinux::Fcontext["${data_root}/pub"],
|
||||
}
|
||||
|
||||
exec { "restorecon_${data_root}/cache":
|
||||
path => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'],
|
||||
command => "restorecon -Rv ${data_root}/cache",
|
||||
refreshonly => true,
|
||||
subscribe => Selinux::Fcontext["${data_root}/cache"],
|
||||
}
|
||||
|
||||
exec { "restorecon_${data_root}/cache_tmp":
|
||||
path => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'],
|
||||
command => "restorecon -Rv ${data_root}/cache_tmp",
|
||||
refreshonly => true,
|
||||
subscribe => Selinux::Fcontext["${data_root}/cache_tmp"],
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user