site/profiles/manifests/puppet/puppetboard.pp

@@ -20,6 +20,7 @@ class profiles::puppet::puppetboard (
   Integer $gunicorn_threads     = 4,
   String  $nginx_vhost          = 'puppetboard.main.unkin.net',
   Integer $nginx_port           = 80,
+  Boolean $selinux              = true,
   #String[1] $secret_key         = "${fqdn_rand_string(32)}",
 ) {
 
@@ -120,4 +121,14 @@ class profiles::puppet::puppetboard (
       server         => $nginx_vhost,
       location_alias => "${virtualenv_dir}/lib/python${python_version}/site-packages/puppetboard/static",
   }
+
+
+    # if selinux is defined, manage it
+    if $selinux {
+
+      # call the nginx selinux class
+      class { 'profiles::selinux::nginx':
+        require      => Class['Nginx'],
+      }
+    }
 }

site/profiles/manifests/selinux/nginx.pp

@@ -0,0 +1,22 @@
+# profiles::selinux::nginx
+# selinux settings for nginx
+class profiles::selinux::nginx (
+  Boolean $persistent = true,
+  Boolean $httpd_can_network_connect = true,
+  String  $selinux_mode = 'enforcing',
+){
+  # include packages that are required
+  include profiles::packages::selinux
+
+  # setenforce
+  class { 'profiles::selinux::setenforce':
+    mode => $selinux_mode,
+  }
+
+  # make sure we can connect to network resources
+  selboolean { 'httpd_can_network_connect':
+    persistent => $persistent,
+    value      => $httpd_can_network_connect,
+  }
+}
+