Merge "Add flag to enable SELinux in docker profile"
This commit is contained in:
commit
f9cb553bf9
@ -30,9 +30,7 @@
|
||||
# (defaults to false)
|
||||
#
|
||||
# [*docker_options*]
|
||||
# OPTIONS that are used to startup the docker service. NOTE:
|
||||
# --selinux-enabled is dropped due to recommendations here:
|
||||
# https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.2_Release_Notes/technology-preview-file_systems.html
|
||||
# OPTIONS that are used to startup the docker service.
|
||||
# Defaults to '--log-driver=journald --signature-verification=false --iptables=false --live-restore'
|
||||
#
|
||||
# [*configure_network*]
|
||||
@ -58,6 +56,12 @@
|
||||
# String. Value to configure the deployment user.
|
||||
# Defaults to hiera('deployment_user', undef)
|
||||
#
|
||||
# [*selinux_enabled*]
|
||||
# Boolean. Whether to enable SELinux for docker or not. NOTE:
|
||||
# --selinux-enabled is disabled by default due to recommendations here:
|
||||
# https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.2_Release_Notes/technology-preview-file_systems.html
|
||||
# Defaults to false
|
||||
#
|
||||
# DEPRECATED PARAMETERS
|
||||
#
|
||||
# [*insecure_registry_address*]
|
||||
@ -85,6 +89,7 @@ class tripleo::profile::base::docker (
|
||||
$step = Integer(hiera('step')),
|
||||
$debug = false,
|
||||
$deployment_user = hiera('deployment_user', undef),
|
||||
$selinux_enabled = false,
|
||||
# DEPRECATED PARAMETERS
|
||||
$insecure_registry_address = undef,
|
||||
$docker_namespace = undef,
|
||||
@ -122,7 +127,12 @@ class tripleo::profile::base::docker (
|
||||
}
|
||||
|
||||
if $docker_options {
|
||||
$options_changes = [ "set OPTIONS '\"${docker_options}\"'" ]
|
||||
if $selinux_enabled {
|
||||
$selinux_enabled_string = ' --selinux-enabled'
|
||||
} else {
|
||||
$selinux_enabled_string = ''
|
||||
}
|
||||
$options_changes = [ "set OPTIONS '\"${docker_options}${selinux_enabled_string}\"'" ]
|
||||
} else {
|
||||
$options_changes = [ 'rm OPTIONS' ]
|
||||
}
|
||||
|
@ -126,6 +126,23 @@ describe 'tripleo::profile::base::docker' do
|
||||
}
|
||||
end
|
||||
|
||||
context 'with step 1 and selinux enabled' do
|
||||
let(:params) { {
|
||||
:step => 1,
|
||||
:selinux_enabled => true,
|
||||
} }
|
||||
|
||||
it { is_expected.to contain_class('tripleo::profile::base::docker') }
|
||||
it { is_expected.to contain_package('docker') }
|
||||
it { is_expected.to contain_service('docker') }
|
||||
it { is_expected.to contain_file('/etc/systemd/system/docker.service.d/99-unset-mountflags.conf') }
|
||||
it {
|
||||
is_expected.to contain_augeas('docker-sysconfig-options').with_changes([
|
||||
"set OPTIONS '\"--log-driver=journald --signature-verification=false --iptables=false --live-restore --selinux-enabled\"'",
|
||||
])
|
||||
}
|
||||
end
|
||||
|
||||
context 'with step 1 and storage_options configured' do
|
||||
let(:params) { {
|
||||
:step => 1,
|
||||
|
Loading…
x
Reference in New Issue
Block a user