Browse Source

Remove puppet selinux management

We've switched the selinux mode management to ansible as part of the
deploy-steps and it's always included now so the service is not
necessary.

Change-Id: I562053ba6767bd9ab7af3cf06b93906568bec5cd
changes/25/653625/2
Alex Schultz 3 years ago
parent
commit
e7dee7bd2e
  1. 48
      deployment/selinux/selinux-baremetal-puppet.yaml
  2. 2
      environments/standalone.yaml
  3. 1
      environments/standalone/standalone-overcloud.yaml
  4. 1
      environments/standalone/standalone-tripleo.yaml
  5. 2
      environments/undercloud.yaml
  6. 1
      overcloud-resource-registry-puppet.j2.yaml
  7. 5
      releasenotes/notes/deprecate-puppet-selinux-config-cc8d2788c534d628.yaml
  8. 1
      roles/Standalone.yaml
  9. 1
      roles/Undercloud.yaml
  10. 1
      roles_data_undercloud.yaml
  11. 6
      sample-env-generator/standalone.yaml

48
deployment/selinux/selinux-baremetal-puppet.yaml

@ -1,48 +0,0 @@
heat_template_version: rocky
description: >
Configure SELinux
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
SELinuxMode:
default: 'enforcing'
description: Configures SELinux mode
type: string
constraints:
- allowed_values: [ 'enforcing', 'permissive', 'disabled' ]
outputs:
role_data:
description: SELinux configuration
value:
service_name: selinux
config_settings:
tripleo::selinux::mode: {get_param: SELinuxMode}
step_config: |
include ::tripleo::selinux

2
environments/standalone.yaml

@ -7,8 +7,6 @@ resource_registry:
OS::TripleO::Standalone::Net::SoftwareConfig: ../net-config-standalone.yaml
OS::TripleO::NodeExtraConfigPost: ../extraconfig/post_deploy/standalone_post.yaml
# Manage SELinux
OS::TripleO::Services::SELinux: ../deployment/selinux/selinux-baremetal-puppet.yaml
OS::TripleO::Services::OpenStackClients: ../deployment/clients/openstack-clients-baremetal-puppet.yaml
# Disable non-openstack services that are enabled by default

1
environments/standalone/standalone-overcloud.yaml

@ -94,7 +94,6 @@ resource_registry:
OS::TripleO::Services::MistralExecutor: OS::Heat::None
OS::TripleO::Services::OpenStackClients: ../../deployment/clients/openstack-clients-baremetal-puppet.yaml
OS::TripleO::Services::PankoApi: OS::Heat::None
OS::TripleO::Services::SELinux: ../../deployment/selinux/selinux-baremetal-puppet.yaml
OS::TripleO::Services::SaharaApi: OS::Heat::None
OS::TripleO::Services::SaharaEngine: OS::Heat::None
OS::TripleO::Services::Tacker: OS::Heat::None

1
environments/standalone/standalone-tripleo.yaml

@ -115,7 +115,6 @@ resource_registry:
OS::TripleO::Services::PankoApi: OS::Heat::None
OS::TripleO::Services::Podman: ../../deployment/podman/podman-baremetal-ansible.yaml
OS::TripleO::Services::Redis: OS::Heat::None
OS::TripleO::Services::SELinux: ../../deployment/selinux/selinux-baremetal-puppet.yaml
OS::TripleO::Services::SaharaApi: OS::Heat::None
OS::TripleO::Services::SaharaEngine: OS::Heat::None
OS::TripleO::Services::Tacker: OS::Heat::None

2
environments/undercloud.yaml

@ -21,8 +21,6 @@ resource_registry:
OS::TripleO::Services::NeutronCorePlugin: ../deployment/neutron/neutron-plugin-ml2-container-puppet.yaml
OS::TripleO::Docker::NeutronMl2PluginBase: ../puppet/services/neutron-plugin-ml2.yaml
# We managed this in instack-undercloud, so we need to manage it here.
OS::TripleO::Services::SELinux: ../deployment/selinux/selinux-baremetal-puppet.yaml
OS::TripleO::Services::OpenStackClients: ../deployment/clients/openstack-clients-baremetal-puppet.yaml
# services we disable by default on the undercloud

1
overcloud-resource-registry-puppet.j2.yaml

@ -189,6 +189,7 @@ resource_registry:
OS::TripleO::Services::TripleoUI: OS::Heat::None
OS::TripleO::Services::Tuned: deployment/tuned/tuned-baremetal-puppet.yaml
OS::TripleO::Services::Securetty: OS::Heat::None
# TODO(aschultz): Remove this in U as we switched to a task in the deploy
OS::TripleO::Services::SELinux: OS::Heat::None
OS::TripleO::Services::Sshd: deployment/sshd/sshd-baremetal-puppet.yaml
OS::TripleO::Services::Redis: deployment/database/redis-container-puppet.yaml

5
releasenotes/notes/deprecate-puppet-selinux-config-cc8d2788c534d628.yaml

@ -0,0 +1,5 @@
---
deprecations:
- |
OS::TripleO::Services::SELinux has been deprecated. Management of selinux
configuration is now handled via ansible during the deployment.

1
roles/Standalone.yaml

@ -160,7 +160,6 @@
- OS::TripleO::Services::SaharaApi
- OS::TripleO::Services::SaharaEngine
- OS::TripleO::Services::Securetty
- OS::TripleO::Services::SELinux
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::SkydiveAgent
- OS::TripleO::Services::SkydiveAnalyzer

1
roles/Undercloud.yaml

@ -81,7 +81,6 @@
- OS::TripleO::Services::Podman
- OS::TripleO::Services::Redis
- OS::TripleO::Services::Rhsm
- OS::TripleO::Services::SELinux
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::SwiftProxy
- OS::TripleO::Services::SwiftRingBuilder

1
roles_data_undercloud.yaml

@ -84,7 +84,6 @@
- OS::TripleO::Services::Podman
- OS::TripleO::Services::Redis
- OS::TripleO::Services::Rhsm
- OS::TripleO::Services::SELinux
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::SwiftProxy
- OS::TripleO::Services::SwiftRingBuilder

6
sample-env-generator/standalone.yaml

@ -65,9 +65,6 @@ environments:
# OVN
OS::TripleO::Services::OVNDBs: ../../deployment/ovn/ovn-dbs-container-puppet.yaml
# Manage SELinux
OS::TripleO::Services::SELinux: ../../deployment/selinux/selinux-baremetal-puppet.yaml
OS::TripleO::Services::OpenStackClients: ../../deployment/clients/openstack-clients-baremetal-puppet.yaml
# Activate container image prepare
@ -192,9 +189,6 @@ environments:
resource_registry:
OS::TripleO::Standalone::Net::SoftwareConfig: ../../net-config-bridge.yaml
# Manage SELinux
OS::TripleO::Services::SELinux: ../../deployment/selinux/selinux-baremetal-puppet.yaml
OS::TripleO::Services::OpenStackClients: ../../deployment/clients/openstack-clients-baremetal-puppet.yaml
# Disable non-openstack services that are enabled by default

Loading…
Cancel
Save