puppet-prod/site/profiles/manifests/haproxy/selinux.pp

# profiles::haproxy::selinux
class profiles::haproxy::selinux (
  Array[String]       $sebooleans = [],
  Array[Stdlib::Port] $ports      = [],
) {

  # manage enforcing mode
  include profiles::selinux::setenforce

  # manage selinux requirements for haproxy
  if $::facts['os']['selinux']['config_mode'] == 'enforcing' {

    # set context for ports
    $ports.each |$port| {
      selinux::port { "haproxy_port_${port}":
        ensure   => 'present',
        seltype  => 'http_port_t',
        protocol => 'tcp',
        port     => $port,
      }
    }

    # enable sebooleans
    $sebooleans.each |$bool| {
      selboolean { $bool:
        value      => on,
        persistent => true,
      }
    }
  }
}