refacto: move run_puppet & catch_selinux_alerts into functions

Change-Id: I78324c8787b129e91f1ac32694085bde5b6043fe
2016-06-08 11:44:10 -04:00
parent c7ad920283
commit 5210671dbb
2 changed files with 29 additions and 32 deletions
--- a/26
+++ b/26
@@ -140,3 +140,29 @@ install_puppet() {
        $SUDO yum install -y ${PUPPET_PKG}
    fi
 }
+
+function run_puppet() {
+    local manifest=$1
+    $SUDO $PUPPET_FULL_PATH apply $PUPPET_ARGS fixtures/${manifest}.pp
+    local res=$?
+    return $res
+}
+
+function catch_selinux_alerts() {
+    if is_fedora; then
+        $SUDO sealert -a /var/log/audit/audit.log
+        if $SUDO grep -iq 'type=AVC' /var/log/audit/audit.log; then
+            echo "AVC detected in /var/log/audit/audit.log"
+            # TODO: figure why latest rabbitmq deployed with SSL tries to write in SSL pem file.
+            # https://bugzilla.redhat.com/show_bug.cgi?id=1341738
+            if $SUDO grep -iqE 'denied.*system_r:rabbitmq_t' /var/log/audit/audit.log; then
+                echo "non-critical RabbitMQ AVC, ignoring it now."
+            else
+                echo "Please file a bug on https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20OpenStack&component=openstack-selinux showing sealert output."
+                exit 1
+            fi
+        else
+            echo 'No AVC detected in /var/log/audit/audit.log'
+        fi
+    fi
+}