feat: add edgecache role

- add edge-caching role
- add mirror for debian, almalinux and epel repositories
- export service as edgecache in consul
This commit is contained in:
2024-05-11 21:46:20 +10:00
parent 9edd060367
commit 4171427e7b
6 changed files with 283 additions and 0 deletions
@@ -0,0 +1,56 @@
# profiles::edgecache::selinux
class profiles::edgecache::selinux {
include profiles::edgecache::params
$data_root = $profiles::edgecache::params::data_root
if $::facts['os']['selinux']['config_mode'] == 'enforcing' {
# set httpd_sys_content_t to all files under the www_root
selinux::fcontext { "${data_root}/pub":
ensure => 'present',
seltype => 'httpd_sys_content_t',
pathspec => "${data_root}/pub(/.*)?",
}
# set httpd_sys_rw_content_t to all files under the cache_root
selinux::fcontext { "${data_root}/cache":
ensure => 'present',
seltype => 'httpd_sys_rw_content_t',
pathspec => "${data_root}/cache(/.*)?",
}
selinux::fcontext { "${data_root}/cache_tmp":
ensure => 'present',
seltype => 'httpd_sys_rw_content_t',
pathspec => "${data_root}/cache_tmp(/.*)?",
}
# make sure we can connect to other hosts
selboolean { 'httpd_can_network_connect':
persistent => true,
value => 'on',
}
exec { "restorecon_${data_root}/pub":
path => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'],
command => "restorecon -Rv ${data_root}/pub",
refreshonly => true,
subscribe => Selinux::Fcontext["${data_root}/pub"],
}
exec { "restorecon_${data_root}/cache":
path => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'],
command => "restorecon -Rv ${data_root}/cache",
refreshonly => true,
subscribe => Selinux::Fcontext["${data_root}/cache"],
}
exec { "restorecon_${data_root}/cache_tmp":
path => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'],
command => "restorecon -Rv ${data_root}/cache_tmp",
refreshonly => true,
subscribe => Selinux::Fcontext["${data_root}/cache_tmp"],
}
}
}