Corrects SELinux enablement
- corrects SELinux enablement for Keystone, as RHEL comes with SELinux enabled by default. - removes executable bit from metadata.rb Change-Id: I97e73bcc0d4721283067e41b988bccb1ddf6c031
This commit is contained in:
parent
f83bc81674
commit
36d484e301
|
@ -168,7 +168,7 @@ when 'fedora', 'rhel' # :pragma-foodcritic: ~FC024 - won't fix this
|
|||
# platform specific package and service name options
|
||||
default['openstack']['identity']['platform'] = {
|
||||
'memcache_python_packages' => ['python-memcached'],
|
||||
'keystone_packages' => ['openstack-keystone'],
|
||||
'keystone_packages' => ['openstack-keystone', 'openstack-selinux'],
|
||||
'keystone_service' => 'openstack-keystone',
|
||||
'keystone_process_name' => 'keystone-all',
|
||||
'package_options' => ''
|
||||
|
|
|
@ -28,6 +28,19 @@ class ::Chef::Recipe
|
|||
include ::Openstack
|
||||
end
|
||||
|
||||
# Workaround lifted from openstack-dashboard::apache2-server to install apache2
|
||||
# on a RHEL-ish machine with SELinux set to enforcing.
|
||||
#
|
||||
# TODO(sc): once apache2 is in a place to allow for subscribes to web_app,
|
||||
# this workaround should go away
|
||||
#
|
||||
execute 'set-selinux-permissive' do
|
||||
command '/sbin/setenforce Permissive'
|
||||
action :run
|
||||
|
||||
only_if "[ ! -e /etc/httpd/conf/httpd.conf ] && [ -e /etc/redhat-release ] && [ $(/sbin/sestatus | grep -c '^Current mode:.*enforcing') -eq 1 ]"
|
||||
end
|
||||
|
||||
# include the logging recipe from openstack-common if syslog usage is enbaled
|
||||
if node['openstack']['identity']['syslog']['use']
|
||||
include_recipe 'openstack-common::logging'
|
||||
|
@ -314,5 +327,12 @@ end
|
|||
# restart apache2 after keystone if completely configured
|
||||
execute 'Keystone apache restart' do
|
||||
command 'uname'
|
||||
notifies :run, 'execute[restore-selinux-context]', :immediately
|
||||
notifies :restart, 'service[apache2]', :immediately
|
||||
end
|
||||
|
||||
execute 'restore-selinux-context' do
|
||||
command 'restorecon -Rv /etc/httpd /etc/pki || :'
|
||||
action :nothing
|
||||
only_if { platform_family?('rhel') }
|
||||
end
|
||||
|
|
|
@ -109,7 +109,7 @@ describe 'openstack-identity::server-apache' do
|
|||
end
|
||||
|
||||
it 'has default transport_url/AMQP options set' do
|
||||
[%r{^transport_url = rabbit://guest:mypass@127.0.0.1:5672$}].each do |line|
|
||||
[%r{^transport_url = rabbit://openstack:mypass@127.0.0.1:5672$}].each do |line|
|
||||
expect(chef_run).to render_file(path).with_content(line)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -72,6 +72,7 @@ shared_context 'identity_stubs' do
|
|||
.and_return('thisisfernetkey1')
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:rabbit_transport_url)
|
||||
.with('identity')
|
||||
.and_return('rabbit://guest:mypass@127.0.0.1:5672')
|
||||
.and_return('rabbit://openstack:mypass@127.0.0.1:5672')
|
||||
stub_command("[ ! -e /etc/httpd/conf/httpd.conf ] && [ -e /etc/redhat-release ] && [ $(/sbin/sestatus | grep -c '^Current mode:.*enforcing') -eq 1 ]").and_return(true)
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue