Merge "Ensure SELinux is permissive on Ceph OSDs"

changes/78/205278/4
Jenkins 7 years ago committed by Gerrit Code Review
commit 386fc60890
  1. 4
      puppet/hieradata/ceph.yaml
  2. 16
      puppet/manifests/overcloud_cephstorage.pp
  3. 14
      puppet/manifests/overcloud_controller.pp
  4. 14
      puppet/manifests/overcloud_controller_pacemaker.pp

@ -12,4 +12,6 @@ ceph_pools:
- vms
- images
ceph_classes: []
ceph_classes: []
ceph_osd_selinux_permissive: true

@ -21,7 +21,21 @@ if count(hiera('ntp::servers')) > 0 {
include ::ntp
}
if str2bool(hiera('ceph_osd_selinux_permissive', true)) {
exec { 'set selinux to permissive on boot':
command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config",
onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config",
path => ["/usr/bin", "/usr/sbin"],
}
exec { 'set selinux to permissive':
command => "setenforce 0",
onlyif => "which setenforce && getenforce | grep -i 'enforcing'",
path => ["/usr/bin", "/usr/sbin"],
} -> Class['ceph::profile::osd']
}
include ::ceph::profile::client
include ::ceph::profile::osd
hiera_include('ceph_classes')
hiera_include('ceph_classes')

@ -184,6 +184,20 @@ if hiera('step') >= 2 {
}
if str2bool(hiera('enable_ceph_storage', 'false')) {
if str2bool(hiera('ceph_osd_selinux_permissive', true)) {
exec { 'set selinux to permissive on boot':
command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config",
onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config",
path => ["/usr/bin", "/usr/sbin"],
}
exec { 'set selinux to permissive':
command => "setenforce 0",
onlyif => "which setenforce && getenforce | grep -i 'enforcing'",
path => ["/usr/bin", "/usr/sbin"],
} -> Class['ceph::profile::osd']
}
include ::ceph::profile::client
include ::ceph::profile::osd
}

@ -492,6 +492,20 @@ MYSQL_HOST=localhost\n",
}
if str2bool(hiera('enable_ceph_storage', 'false')) {
if str2bool(hiera('ceph_osd_selinux_permissive', true)) {
exec { 'set selinux to permissive on boot':
command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config",
onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config",
path => ["/usr/bin", "/usr/sbin"],
}
exec { 'set selinux to permissive':
command => "setenforce 0",
onlyif => "which setenforce && getenforce | grep -i 'enforcing'",
path => ["/usr/bin", "/usr/sbin"],
} -> Class['ceph::profile::osd']
}
include ::ceph::profile::client
include ::ceph::profile::osd
}

Loading…
Cancel
Save