Allow standalone to manage selinux

In some cases we may need to disable selinux (like in CI). The role needs the SELinux service so that the management can be done during the deployment. Change-Id: Ife3c4600f5bd70490a68059eb27c5100743a5298 Closes-Bug: #1797910
2018-10-15 08:47:30 -06:00 · 2018-10-15 08:47:30 -06:00 · 7451fc44de
commit 7451fc44de
parent 50eb9cfc90
6 changed files with 16 additions and 0 deletions
--- a/environments/standalone.yaml
+++ b/environments/standalone.yaml
@ -6,6 +6,9 @@ resource_registry:
  OS::TripleO::Standalone::Net::SoftwareConfig: ../net-config-standalone.yaml
  OS::TripleO::NodeExtraConfigPost: ../extraconfig/post_deploy/standalone_post.yaml

+  # Manage SELinux
+  OS::TripleO::Services::SELinux: ../puppet/services/selinux.yaml
+
  # Disable non-openstack services that are enabled by default
  OS::TripleO::Services::HAproxy: OS::Heat::None
  OS::TripleO::Services::Keepalived: OS::Heat::None
--- a/environments/standalone/standalone-overcloud.yaml
+++ b/environments/standalone/standalone-overcloud.yaml
@ -94,6 +94,7 @@ resource_registry:
  OS::TripleO::Services::MistralEventEngine: OS::Heat::None
  OS::TripleO::Services::MistralExecutor: OS::Heat::None
  OS::TripleO::Services::PankoApi: OS::Heat::None
+  OS::TripleO::Services::SELinux: ../puppet/services/selinux.yaml
  OS::TripleO::Services::SaharaApi: OS::Heat::None
  OS::TripleO::Services::SaharaEngine: OS::Heat::None
  OS::TripleO::Services::Tacker: OS::Heat::None
--- a/environments/standalone/standalone-tripleo.yaml
+++ b/environments/standalone/standalone-tripleo.yaml
@ -102,6 +102,7 @@ resource_registry:
  OS::TripleO::Services::MistralEventEngine: OS::Heat::None
  OS::TripleO::Services::MistralExecutor: OS::Heat::None
  OS::TripleO::Services::PankoApi: OS::Heat::None
+  OS::TripleO::Services::SELinux: ../puppet/services/selinux.yaml
  OS::TripleO::Services::SaharaApi: OS::Heat::None
  OS::TripleO::Services::SaharaEngine: OS::Heat::None
  OS::TripleO::Services::Tacker: OS::Heat::None
--- a/releasenotes/notes/standalone-selinux-configuration-39a0c7285d8e4c66.yaml
+++ b/releasenotes/notes/standalone-selinux-configuration-39a0c7285d8e4c66.yaml
@ -0,0 +1,4 @@
+---
+fixes:
+  - |
+    SELinux can be configured on the Standalone deployment by setting SELinuxMode.
--- a/roles/Standalone.yaml
+++ b/roles/Standalone.yaml
@ -157,6 +157,7 @@
    - OS::TripleO::Services::SaharaApi
    - OS::TripleO::Services::SaharaEngine
    - OS::TripleO::Services::Securetty
+    - OS::TripleO::Services::SELinux
    - OS::TripleO::Services::SensuClient
    - OS::TripleO::Services::SkydiveAgent
    - OS::TripleO::Services::SkydiveAnalyzer
--- a/sample-env-generator/standalone.yaml
+++ b/sample-env-generator/standalone.yaml
@ -55,6 +55,9 @@ environments:
      OS::TripleO::Standalone::Net::SoftwareConfig: ../../net-config-standalone.yaml
      OS::TripleO::NodeExtraConfigPost: ../../extraconfig/post_deploy/standalone_post.yaml

+      # Manage SELinux
+      OS::TripleO::Services::SELinux: ../puppet/services/selinux.yaml
+
      # Disable non-openstack services that are enabled by default
      OS::TripleO::Services::HAproxy: OS::Heat::None
      OS::TripleO::Services::Keepalived: OS::Heat::None
@ -169,6 +172,9 @@ environments:
    resource_registry:
      OS::TripleO::Standalone::Net::SoftwareConfig: ../../net-config-bridge.yaml

+      # Manage SELinux
+      OS::TripleO::Services::SELinux: ../puppet/services/selinux.yaml
+
      # Disable non-openstack services that are enabled by default
      OS::TripleO::Services::Kubernetes::Master: OS::Heat::None
      OS::TripleO::Services::Kubernetes::Worker: OS::Heat::None