Allow standalone to manage selinux

In some cases we may need to disable selinux (like in CI). The role
needs the SELinux service so that the management can be done during the
deployment.

Change-Id: Ife3c4600f5bd70490a68059eb27c5100743a5298
Closes-Bug: #1797910

environments/standalone.yaml

@@ -6,6 +6,9 @@ resource_registry:
   OS::TripleO::Standalone::Net::SoftwareConfig: ../net-config-standalone.yaml
   OS::TripleO::NodeExtraConfigPost: ../extraconfig/post_deploy/standalone_post.yaml
 
+  # Manage SELinux
+  OS::TripleO::Services::SELinux: ../puppet/services/selinux.yaml
+
   # Disable non-openstack services that are enabled by default
   OS::TripleO::Services::HAproxy: OS::Heat::None
   OS::TripleO::Services::Keepalived: OS::Heat::None

environments/standalone/standalone-overcloud.yaml

@@ -94,6 +94,7 @@ resource_registry:
   OS::TripleO::Services::MistralEventEngine: OS::Heat::None
   OS::TripleO::Services::MistralExecutor: OS::Heat::None
   OS::TripleO::Services::PankoApi: OS::Heat::None
+  OS::TripleO::Services::SELinux: ../puppet/services/selinux.yaml
   OS::TripleO::Services::SaharaApi: OS::Heat::None
   OS::TripleO::Services::SaharaEngine: OS::Heat::None
   OS::TripleO::Services::Tacker: OS::Heat::None

environments/standalone/standalone-tripleo.yaml

@@ -102,6 +102,7 @@ resource_registry:
   OS::TripleO::Services::MistralEventEngine: OS::Heat::None
   OS::TripleO::Services::MistralExecutor: OS::Heat::None
   OS::TripleO::Services::PankoApi: OS::Heat::None
+  OS::TripleO::Services::SELinux: ../puppet/services/selinux.yaml
   OS::TripleO::Services::SaharaApi: OS::Heat::None
   OS::TripleO::Services::SaharaEngine: OS::Heat::None
   OS::TripleO::Services::Tacker: OS::Heat::None

releasenotes/notes/standalone-selinux-configuration-39a0c7285d8e4c66.yaml

@@ -0,0 +1,4 @@
+---
+fixes:
+  - |
+    SELinux can be configured on the Standalone deployment by setting SELinuxMode.

roles/Standalone.yaml

@@ -157,6 +157,7 @@
     - OS::TripleO::Services::SaharaApi
     - OS::TripleO::Services::SaharaEngine
     - OS::TripleO::Services::Securetty
+    - OS::TripleO::Services::SELinux
     - OS::TripleO::Services::SensuClient
     - OS::TripleO::Services::SkydiveAgent
     - OS::TripleO::Services::SkydiveAnalyzer

sample-env-generator/standalone.yaml

@@ -55,6 +55,9 @@ environments:
       OS::TripleO::Standalone::Net::SoftwareConfig: ../../net-config-standalone.yaml
       OS::TripleO::NodeExtraConfigPost: ../../extraconfig/post_deploy/standalone_post.yaml
 
+      # Manage SELinux
+      OS::TripleO::Services::SELinux: ../puppet/services/selinux.yaml
+
       # Disable non-openstack services that are enabled by default
       OS::TripleO::Services::HAproxy: OS::Heat::None
       OS::TripleO::Services::Keepalived: OS::Heat::None
@@ -169,6 +172,9 @@ environments:
     resource_registry:
       OS::TripleO::Standalone::Net::SoftwareConfig: ../../net-config-bridge.yaml
 
+      # Manage SELinux
+      OS::TripleO::Services::SELinux: ../puppet/services/selinux.yaml
+
       # Disable non-openstack services that are enabled by default
       OS::TripleO::Services::Kubernetes::Master: OS::Heat::None
       OS::TripleO::Services::Kubernetes::Worker: OS::Heat::None