Disable selinux defaults enforcement in File/Concat resources
Last selinux-policy in CentOS Stream adds patch for [1] which modifies
default context for symlinks under /etc/httpd. That's breaking
idempotency for files created with File/Concat resources under that directory
because of [2].
This patch is disabling default selinux context enforcement for all
File/Concat resources until we have a fix for [2].
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1900650
[2] https://tickets.puppetlabs.com/browse/PUP-7559
Conflicts:
fixtures/scenario001.pp
fixtures/scenario004.pp
Change-Id: Ic92889cc480c316df9454186ffadf3a77fd8ed26
(cherry picked from commit 0f00dde757
)
This commit is contained in:
parent
de71d3fc3f
commit
0cc3bc6c63
|
@ -53,6 +53,13 @@ if ($::os['family'] == 'RedHat' and Integer.new($::os['release']['major']) > 7)
|
|||
$ceph = true
|
||||
}
|
||||
|
||||
if $::osfamily == 'RedHat' {
|
||||
# (amoralej) - disable selinux defaults until
|
||||
# https://tickets.puppetlabs.com/browse/PUP-7559 is fixed
|
||||
Concat { selinux_ignore_defaults => true }
|
||||
File { selinux_ignore_defaults => true }
|
||||
}
|
||||
|
||||
case $::osfamily {
|
||||
'Debian': {
|
||||
$ipv6 = false
|
||||
|
|
|
@ -44,6 +44,13 @@ if ($::os['name'] == 'Ubuntu') or ($::os['name'] == 'Fedora') or
|
|||
$ssl = true
|
||||
}
|
||||
|
||||
if $::osfamily == 'RedHat' {
|
||||
# (amoralej) - disable selinux defaults until
|
||||
# https://tickets.puppetlabs.com/browse/PUP-7559 is fixed
|
||||
Concat { selinux_ignore_defaults => true }
|
||||
File { selinux_ignore_defaults => true }
|
||||
}
|
||||
|
||||
case $::osfamily {
|
||||
'Debian': {
|
||||
$ipv6 = false
|
||||
|
|
|
@ -44,6 +44,13 @@ if ($::os['name'] == 'Ubuntu') or ($::os['name'] == 'Fedora') or
|
|||
$ssl = true
|
||||
}
|
||||
|
||||
if $::osfamily == 'RedHat' {
|
||||
# (amoralej) - disable selinux defaults until
|
||||
# https://tickets.puppetlabs.com/browse/PUP-7559 is fixed
|
||||
Concat { selinux_ignore_defaults => true }
|
||||
File { selinux_ignore_defaults => true }
|
||||
}
|
||||
|
||||
case $::osfamily {
|
||||
'Debian': {
|
||||
$ipv6 = false
|
||||
|
|
|
@ -53,6 +53,13 @@ if ($::os['family'] == 'RedHat' and Integer.new($::os['release']['major']) > 7)
|
|||
$ceph = true
|
||||
}
|
||||
|
||||
if $::osfamily == 'RedHat' {
|
||||
# (amoralej) - disable selinux defaults until
|
||||
# https://tickets.puppetlabs.com/browse/PUP-7559 is fixed
|
||||
Concat { selinux_ignore_defaults => true }
|
||||
File { selinux_ignore_defaults => true }
|
||||
}
|
||||
|
||||
if $::operatingsystem == 'Ubuntu' {
|
||||
$ipv6 = false
|
||||
# Watcher packages are not available in Ubuntu repository.
|
||||
|
|
Loading…
Reference in New Issue