puppet-openstack-integration/fixtures/scenario002.pp
Alfredo Moralejo 0f00dde757 Disable selinux defaults enforcement in File/Concat resources
Last selinux-policy in CentOS Stream adds patch for [1] which modifies
default context for symlinks under /etc/httpd. That's breaking
idempotency for files created with File/Concat resources under that directory
because of [2].

This patch is disabling default selinux context enforcement for all
File/Concat resources until we have a fix for [2].

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1900650
[2] https://tickets.puppetlabs.com/browse/PUP-7559

Change-Id: Ic92889cc480c316df9454186ffadf3a77fd8ed26
2021-01-11 13:20:53 +01:00

94 lines
2.5 KiB
Puppet

#
# Copyright 2015 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
if ($::os['name'] == 'Ubuntu') or ($::os['name'] == 'Fedora') or
($::os['family'] == 'RedHat' and Integer.new($::os['release']['major']) > 7) {
# FIXME(ykarel) Disable SSL until services are ready to work with SSL + Python3
$ssl = false
} else {
$ssl = true
}
if $::osfamily == 'RedHat' {
# (amoralej) - disable selinux defaults until
# https://tickets.puppetlabs.com/browse/PUP-7559 is fixed
Concat { selinux_ignore_defaults => true }
File { selinux_ignore_defaults => true }
}
case $::osfamily {
'Debian': {
$ipv6 = false
# ec2api is not packaged on UCA
$ec2api_enabled = false
}
'RedHat': {
$ipv6 = true
$ec2api_enabled = true
}
default: {
fail("Unsupported osfamily (${::osfamily})")
}
}
include openstack_integration
class { 'openstack_integration::config':
ssl => $ssl,
ipv6 => $ipv6,
}
if $ssl {
include openstack_integration::cacert
}
include openstack_integration::apache
include openstack_integration::memcached
include openstack_integration::rabbitmq
include openstack_integration::mysql
include openstack_integration::keystone
class { 'openstack_integration::glance':
backend => 'swift',
}
include openstack_integration::neutron
include openstack_integration::swift
include openstack_integration::ironic
include openstack_integration::zaqar
include openstack_integration::provision
include openstack_integration::placement
class { 'openstack_integration::nova':
volume_encryption => true,
}
class { 'openstack_integration::cinder':
volume_encryption => true,
cinder_backup => 'swift',
}
include openstack_integration::barbican
if $ec2api_enabled {
include openstack_integration::ec2api
}
class { 'openstack_integration::tempest':
cinder => true,
cinder_backup => true,
swift => true,
ironic => true,
zaqar => true,
attach_encrypted_volume => true,
ec2api => $ec2api_enabled,
}