Ben Vincent
fee0bde604
- add facts to manage the /var/www/cobbler and /data/cobbler directories - move /var/www/cobbler -> /data/cobbler - create symlink from /var/www/cobbler -> /data/cobbler - ensure that cobbler nodes are set to permissive selinux mode
49 lines
1.4 KiB
Puppet
49 lines
1.4 KiB
Puppet
# profiles::cobbler::selinux
|
|
class profiles::cobbler::selinux inherits profiles::cobbler::params {
|
|
|
|
include profiles::cobbler::params
|
|
|
|
$tftpboot_path = $profiles::cobbler::params::tftpboot_path
|
|
|
|
# manage selinux requirements for cobbler
|
|
if $::facts['os']['selinux']['config_mode'] == 'enforcing' {
|
|
|
|
$enable_sebooleans = [
|
|
'httpd_can_network_connect_cobbler',
|
|
'httpd_serve_cobbler_files',
|
|
'cobbler_can_network_connect'
|
|
]
|
|
|
|
$enable_sebooleans.each |$bool| {
|
|
selboolean { $bool:
|
|
value => on,
|
|
persistent => true,
|
|
}
|
|
}
|
|
|
|
selinux::fcontext { $tftpboot_path:
|
|
ensure => 'present',
|
|
seltype => 'cobbler_var_lib_t',
|
|
pathspec => "${tftpboot_path}(/.*)?",
|
|
}
|
|
selinux::fcontext { '/data/cobbler':
|
|
ensure => 'present',
|
|
seltype => 'cobbler_var_lib_t',
|
|
pathspec => '/data/cobbler(/.*)?',
|
|
}
|
|
|
|
exec { "restorecon_${tftpboot_path}":
|
|
path => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'],
|
|
command => "restorecon -Rv ${tftpboot_path}",
|
|
refreshonly => true,
|
|
subscribe => Selinux::Fcontext[$tftpboot_path],
|
|
}
|
|
exec { 'restorecon_/data/cobbler':
|
|
path => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'],
|
|
command => 'restorecon -Rv /data/cobbler',
|
|
refreshonly => true,
|
|
subscribe => Selinux::Fcontext['/data/cobbler'],
|
|
}
|
|
}
|
|
}
|