Merge "Ensure SELinux is permissive on Ceph OSDs"
This commit is contained in:
commit
386fc60890
|
@ -12,4 +12,6 @@ ceph_pools:
|
||||||
- vms
|
- vms
|
||||||
- images
|
- images
|
||||||
|
|
||||||
ceph_classes: []
|
ceph_classes: []
|
||||||
|
|
||||||
|
ceph_osd_selinux_permissive: true
|
||||||
|
|
|
@ -21,7 +21,21 @@ if count(hiera('ntp::servers')) > 0 {
|
||||||
include ::ntp
|
include ::ntp
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if str2bool(hiera('ceph_osd_selinux_permissive', true)) {
|
||||||
|
exec { 'set selinux to permissive on boot':
|
||||||
|
command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config",
|
||||||
|
onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config",
|
||||||
|
path => ["/usr/bin", "/usr/sbin"],
|
||||||
|
}
|
||||||
|
|
||||||
|
exec { 'set selinux to permissive':
|
||||||
|
command => "setenforce 0",
|
||||||
|
onlyif => "which setenforce && getenforce | grep -i 'enforcing'",
|
||||||
|
path => ["/usr/bin", "/usr/sbin"],
|
||||||
|
} -> Class['ceph::profile::osd']
|
||||||
|
}
|
||||||
|
|
||||||
include ::ceph::profile::client
|
include ::ceph::profile::client
|
||||||
include ::ceph::profile::osd
|
include ::ceph::profile::osd
|
||||||
|
|
||||||
hiera_include('ceph_classes')
|
hiera_include('ceph_classes')
|
||||||
|
|
|
@ -184,6 +184,20 @@ if hiera('step') >= 2 {
|
||||||
}
|
}
|
||||||
|
|
||||||
if str2bool(hiera('enable_ceph_storage', 'false')) {
|
if str2bool(hiera('enable_ceph_storage', 'false')) {
|
||||||
|
if str2bool(hiera('ceph_osd_selinux_permissive', true)) {
|
||||||
|
exec { 'set selinux to permissive on boot':
|
||||||
|
command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config",
|
||||||
|
onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config",
|
||||||
|
path => ["/usr/bin", "/usr/sbin"],
|
||||||
|
}
|
||||||
|
|
||||||
|
exec { 'set selinux to permissive':
|
||||||
|
command => "setenforce 0",
|
||||||
|
onlyif => "which setenforce && getenforce | grep -i 'enforcing'",
|
||||||
|
path => ["/usr/bin", "/usr/sbin"],
|
||||||
|
} -> Class['ceph::profile::osd']
|
||||||
|
}
|
||||||
|
|
||||||
include ::ceph::profile::client
|
include ::ceph::profile::client
|
||||||
include ::ceph::profile::osd
|
include ::ceph::profile::osd
|
||||||
}
|
}
|
||||||
|
|
|
@ -492,6 +492,20 @@ MYSQL_HOST=localhost\n",
|
||||||
}
|
}
|
||||||
|
|
||||||
if str2bool(hiera('enable_ceph_storage', 'false')) {
|
if str2bool(hiera('enable_ceph_storage', 'false')) {
|
||||||
|
if str2bool(hiera('ceph_osd_selinux_permissive', true)) {
|
||||||
|
exec { 'set selinux to permissive on boot':
|
||||||
|
command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config",
|
||||||
|
onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config",
|
||||||
|
path => ["/usr/bin", "/usr/sbin"],
|
||||||
|
}
|
||||||
|
|
||||||
|
exec { 'set selinux to permissive':
|
||||||
|
command => "setenforce 0",
|
||||||
|
onlyif => "which setenforce && getenforce | grep -i 'enforcing'",
|
||||||
|
path => ["/usr/bin", "/usr/sbin"],
|
||||||
|
} -> Class['ceph::profile::osd']
|
||||||
|
}
|
||||||
|
|
||||||
include ::ceph::profile::client
|
include ::ceph::profile::client
|
||||||
include ::ceph::profile::osd
|
include ::ceph::profile::osd
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue