unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request 'fix: use fact to determine if selinux in use' (#112) from neoloc/selinux_enhancements into develop

Browse Source 
Reviewed-on: unkinben/puppet-prod#112
This commit is contained in:
Ben Vincent 2024-02-11 19:38:59 +09:30
commit c690fe5816
3 changed files with 3 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
site/profiles/manifests/puppet/puppetboard.pp
View File

@ -20,7 +20,6 @@ class profiles::puppet::puppetboard (
Integer $gunicorn_threads = 4, Integer $gunicorn_threads = 4,
String $nginx_vhost = 'puppetboard.main.unkin.net', String $nginx_vhost = 'puppetboard.main.unkin.net',
Integer $nginx_port = 80, Integer $nginx_port = 80,
Boolean $selinux = true,
#String[1] $secret_key = "${fqdn_rand_string(32)}", #String[1] $secret_key = "${fqdn_rand_string(32)}",
) { ) {
@ -124,7 +123,7 @@ class profiles::puppet::puppetboard (
# if selinux is defined, manage it # if selinux is defined, manage it
if $selinux { if $::facts['os']['selinux']['config_mode'] == 'enforcing' {
# call the nginx selinux class # call the nginx selinux class
class { 'profiles::selinux::nginx': class { 'profiles::selinux::nginx':

3
site/profiles/manifests/reposync/webserver.pp
View File

@ -4,7 +4,6 @@ class profiles::reposync::webserver (
String $nginx_vhost = 'repos.main.unkin.net', String $nginx_vhost = 'repos.main.unkin.net',
Integer $nginx_port = 80, Integer $nginx_port = 80,
Boolean $favicon = true, Boolean $favicon = true,
Boolean $selinux = true,
) { ) {
class { 'nginx': } class { 'nginx': }
@ -39,7 +38,7 @@ class profiles::reposync::webserver (
order => 10, order => 10,
} }
if $selinux { if $::facts['os']['selinux']['config_mode'] == 'enforcing' {
# include packages that are required # include packages that are required
include profiles::packages::selinux include profiles::packages::selinux

3
site/profiles/manifests/sql/galera_member.pp
View File

@ -30,7 +30,6 @@ class profiles::sql::galera_member (
Boolean $package_manage = true, Boolean $package_manage = true,
String $package_name = 'mariadb-server', String $package_name = 'mariadb-server',
Boolean $epel_needed = false, Boolean $epel_needed = false,
Boolean $selinux = true,
Boolean $manage_repo = true, Boolean $manage_repo = true,
) { ) {
@ -59,7 +58,7 @@ class profiles::sql::galera_member (
if length($servers_array) >= 3 { if length($servers_array) >= 3 {
# if selinux is defined, manage it # if selinux is defined, manage it
if $selinux { if $::facts['os']['selinux']['config_mode'] == 'enforcing' {
# set permissive on first run, as we need mariadb installed/started at a custom path before adding fcontext # set permissive on first run, as we need mariadb installed/started at a custom path before adding fcontext
if $::facts['mariadb_acti'] { $selinux_mode = 'enforcing' }else{ $selinux_mode = 'permissive' } if $::facts['mariadb_acti'] { $selinux_mode = 'enforcing' }else{ $selinux_mode = 'permissive' }