Remove puppet selinux management
We've switched the selinux mode management to ansible as part of the deploy-steps and it's always included now so the service is not necessary. Change-Id: I562053ba6767bd9ab7af3cf06b93906568bec5cd
This commit is contained in:
Alex Schultz
parent
e9bb02ebf2
commit
e7dee7bd2e
|
|
@ -1,48 +0,0 @@
|
||||||
heat_template_version: rocky
|
|
||||||
|
|
||||||
description: >
|
|
||||||
Configure SELinux
|
|
||||||
|
|
||||||
parameters:
|
|
||||||
ServiceData:
|
|
||||||
default: {}
|
|
||||||
description: Dictionary packing service data
|
|
||||||
type: json
|
|
||||||
ServiceNetMap:
|
|
||||||
default: {}
|
|
||||||
description: Mapping of service_name -> network name. Typically set
|
|
||||||
via parameter_defaults in the resource registry. This
|
|
||||||
mapping overrides those in ServiceNetMapDefaults.
|
|
||||||
type: json
|
|
||||||
DefaultPasswords:
|
|
||||||
default: {}
|
|
||||||
type: json
|
|
||||||
RoleName:
|
|
||||||
default: ''
|
|
||||||
description: Role name on which the service is applied
|
|
||||||
type: string
|
|
||||||
RoleParameters:
|
|
||||||
default: {}
|
|
||||||
description: Parameters specific to the role
|
|
||||||
type: json
|
|
||||||
EndpointMap:
|
|
||||||
default: {}
|
|
||||||
description: Mapping of service endpoint -> protocol. Typically set
|
|
||||||
via parameter_defaults in the resource registry.
|
|
||||||
type: json
|
|
||||||
SELinuxMode:
|
|
||||||
default: 'enforcing'
|
|
||||||
description: Configures SELinux mode
|
|
||||||
type: string
|
|
||||||
constraints:
|
|
||||||
- allowed_values: [ 'enforcing', 'permissive', 'disabled' ]
|
|
||||||
|
|
||||||
outputs:
|
|
||||||
role_data:
|
|
||||||
description: SELinux configuration
|
|
||||||
value:
|
|
||||||
service_name: selinux
|
|
||||||
config_settings:
|
|
||||||
tripleo::selinux::mode: {get_param: SELinuxMode}
|
|
||||||
step_config: |
|
|
||||||
include ::tripleo::selinux
|
|
||||||
|
|
@ -7,8 +7,6 @@ resource_registry:
|
||||||
OS::TripleO::Standalone::Net::SoftwareConfig: ../net-config-standalone.yaml
|
OS::TripleO::Standalone::Net::SoftwareConfig: ../net-config-standalone.yaml
|
||||||
OS::TripleO::NodeExtraConfigPost: ../extraconfig/post_deploy/standalone_post.yaml
|
OS::TripleO::NodeExtraConfigPost: ../extraconfig/post_deploy/standalone_post.yaml
|
||||||
|
|
||||||
# Manage SELinux
|
|
||||||
OS::TripleO::Services::SELinux: ../deployment/selinux/selinux-baremetal-puppet.yaml
|
|
||||||
OS::TripleO::Services::OpenStackClients: ../deployment/clients/openstack-clients-baremetal-puppet.yaml
|
OS::TripleO::Services::OpenStackClients: ../deployment/clients/openstack-clients-baremetal-puppet.yaml
|
||||||
|
|
||||||
# Disable non-openstack services that are enabled by default
|
# Disable non-openstack services that are enabled by default
|
||||||
|
|
|
||||||
|
|
@ -94,7 +94,6 @@ resource_registry:
|
||||||
OS::TripleO::Services::MistralExecutor: OS::Heat::None
|
OS::TripleO::Services::MistralExecutor: OS::Heat::None
|
||||||
OS::TripleO::Services::OpenStackClients: ../../deployment/clients/openstack-clients-baremetal-puppet.yaml
|
OS::TripleO::Services::OpenStackClients: ../../deployment/clients/openstack-clients-baremetal-puppet.yaml
|
||||||
OS::TripleO::Services::PankoApi: OS::Heat::None
|
OS::TripleO::Services::PankoApi: OS::Heat::None
|
||||||
OS::TripleO::Services::SELinux: ../../deployment/selinux/selinux-baremetal-puppet.yaml
|
|
||||||
OS::TripleO::Services::SaharaApi: OS::Heat::None
|
OS::TripleO::Services::SaharaApi: OS::Heat::None
|
||||||
OS::TripleO::Services::SaharaEngine: OS::Heat::None
|
OS::TripleO::Services::SaharaEngine: OS::Heat::None
|
||||||
OS::TripleO::Services::Tacker: OS::Heat::None
|
OS::TripleO::Services::Tacker: OS::Heat::None
|
||||||
|
|
|
||||||
|
|
@ -115,7 +115,6 @@ resource_registry:
|
||||||
OS::TripleO::Services::PankoApi: OS::Heat::None
|
OS::TripleO::Services::PankoApi: OS::Heat::None
|
||||||
OS::TripleO::Services::Podman: ../../deployment/podman/podman-baremetal-ansible.yaml
|
OS::TripleO::Services::Podman: ../../deployment/podman/podman-baremetal-ansible.yaml
|
||||||
OS::TripleO::Services::Redis: OS::Heat::None
|
OS::TripleO::Services::Redis: OS::Heat::None
|
||||||
OS::TripleO::Services::SELinux: ../../deployment/selinux/selinux-baremetal-puppet.yaml
|
|
||||||
OS::TripleO::Services::SaharaApi: OS::Heat::None
|
OS::TripleO::Services::SaharaApi: OS::Heat::None
|
||||||
OS::TripleO::Services::SaharaEngine: OS::Heat::None
|
OS::TripleO::Services::SaharaEngine: OS::Heat::None
|
||||||
OS::TripleO::Services::Tacker: OS::Heat::None
|
OS::TripleO::Services::Tacker: OS::Heat::None
|
||||||
|
|
|
||||||
|
|
@ -21,8 +21,6 @@ resource_registry:
|
||||||
OS::TripleO::Services::NeutronCorePlugin: ../deployment/neutron/neutron-plugin-ml2-container-puppet.yaml
|
OS::TripleO::Services::NeutronCorePlugin: ../deployment/neutron/neutron-plugin-ml2-container-puppet.yaml
|
||||||
OS::TripleO::Docker::NeutronMl2PluginBase: ../puppet/services/neutron-plugin-ml2.yaml
|
OS::TripleO::Docker::NeutronMl2PluginBase: ../puppet/services/neutron-plugin-ml2.yaml
|
||||||
|
|
||||||
# We managed this in instack-undercloud, so we need to manage it here.
|
|
||||||
OS::TripleO::Services::SELinux: ../deployment/selinux/selinux-baremetal-puppet.yaml
|
|
||||||
OS::TripleO::Services::OpenStackClients: ../deployment/clients/openstack-clients-baremetal-puppet.yaml
|
OS::TripleO::Services::OpenStackClients: ../deployment/clients/openstack-clients-baremetal-puppet.yaml
|
||||||
|
|
||||||
# services we disable by default on the undercloud
|
# services we disable by default on the undercloud
|
||||||
|
|
|
||||||
|
|
@ -189,6 +189,7 @@ resource_registry:
|
||||||
OS::TripleO::Services::TripleoUI: OS::Heat::None
|
OS::TripleO::Services::TripleoUI: OS::Heat::None
|
||||||
OS::TripleO::Services::Tuned: deployment/tuned/tuned-baremetal-puppet.yaml
|
OS::TripleO::Services::Tuned: deployment/tuned/tuned-baremetal-puppet.yaml
|
||||||
OS::TripleO::Services::Securetty: OS::Heat::None
|
OS::TripleO::Services::Securetty: OS::Heat::None
|
||||||
|
# TODO(aschultz): Remove this in U as we switched to a task in the deploy
|
||||||
OS::TripleO::Services::SELinux: OS::Heat::None
|
OS::TripleO::Services::SELinux: OS::Heat::None
|
||||||
OS::TripleO::Services::Sshd: deployment/sshd/sshd-baremetal-puppet.yaml
|
OS::TripleO::Services::Sshd: deployment/sshd/sshd-baremetal-puppet.yaml
|
||||||
OS::TripleO::Services::Redis: deployment/database/redis-container-puppet.yaml
|
OS::TripleO::Services::Redis: deployment/database/redis-container-puppet.yaml
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
deprecations:
|
||||||
|
- |
|
||||||
|
OS::TripleO::Services::SELinux has been deprecated. Management of selinux
|
||||||
|
configuration is now handled via ansible during the deployment.
|
||||||
|
|
@ -160,7 +160,6 @@
|
||||||
- OS::TripleO::Services::SaharaApi
|
- OS::TripleO::Services::SaharaApi
|
||||||
- OS::TripleO::Services::SaharaEngine
|
- OS::TripleO::Services::SaharaEngine
|
||||||
- OS::TripleO::Services::Securetty
|
- OS::TripleO::Services::Securetty
|
||||||
- OS::TripleO::Services::SELinux
|
|
||||||
- OS::TripleO::Services::SensuClient
|
- OS::TripleO::Services::SensuClient
|
||||||
- OS::TripleO::Services::SkydiveAgent
|
- OS::TripleO::Services::SkydiveAgent
|
||||||
- OS::TripleO::Services::SkydiveAnalyzer
|
- OS::TripleO::Services::SkydiveAnalyzer
|
||||||
|
|
|
||||||
|
|
@ -81,7 +81,6 @@
|
||||||
- OS::TripleO::Services::Podman
|
- OS::TripleO::Services::Podman
|
||||||
- OS::TripleO::Services::Redis
|
- OS::TripleO::Services::Redis
|
||||||
- OS::TripleO::Services::Rhsm
|
- OS::TripleO::Services::Rhsm
|
||||||
- OS::TripleO::Services::SELinux
|
|
||||||
- OS::TripleO::Services::Sshd
|
- OS::TripleO::Services::Sshd
|
||||||
- OS::TripleO::Services::SwiftProxy
|
- OS::TripleO::Services::SwiftProxy
|
||||||
- OS::TripleO::Services::SwiftRingBuilder
|
- OS::TripleO::Services::SwiftRingBuilder
|
||||||
|
|
|
||||||
|
|
@ -84,7 +84,6 @@
|
||||||
- OS::TripleO::Services::Podman
|
- OS::TripleO::Services::Podman
|
||||||
- OS::TripleO::Services::Redis
|
- OS::TripleO::Services::Redis
|
||||||
- OS::TripleO::Services::Rhsm
|
- OS::TripleO::Services::Rhsm
|
||||||
- OS::TripleO::Services::SELinux
|
|
||||||
- OS::TripleO::Services::Sshd
|
- OS::TripleO::Services::Sshd
|
||||||
- OS::TripleO::Services::SwiftProxy
|
- OS::TripleO::Services::SwiftProxy
|
||||||
- OS::TripleO::Services::SwiftRingBuilder
|
- OS::TripleO::Services::SwiftRingBuilder
|
||||||
|
|
|
||||||
|
|
@ -65,9 +65,6 @@ environments:
|
||||||
# OVN
|
# OVN
|
||||||
OS::TripleO::Services::OVNDBs: ../../deployment/ovn/ovn-dbs-container-puppet.yaml
|
OS::TripleO::Services::OVNDBs: ../../deployment/ovn/ovn-dbs-container-puppet.yaml
|
||||||
|
|
||||||
# Manage SELinux
|
|
||||||
OS::TripleO::Services::SELinux: ../../deployment/selinux/selinux-baremetal-puppet.yaml
|
|
||||||
|
|
||||||
OS::TripleO::Services::OpenStackClients: ../../deployment/clients/openstack-clients-baremetal-puppet.yaml
|
OS::TripleO::Services::OpenStackClients: ../../deployment/clients/openstack-clients-baremetal-puppet.yaml
|
||||||
|
|
||||||
# Activate container image prepare
|
# Activate container image prepare
|
||||||
|
|
@ -192,9 +189,6 @@ environments:
|
||||||
resource_registry:
|
resource_registry:
|
||||||
OS::TripleO::Standalone::Net::SoftwareConfig: ../../net-config-bridge.yaml
|
OS::TripleO::Standalone::Net::SoftwareConfig: ../../net-config-bridge.yaml
|
||||||
|
|
||||||
# Manage SELinux
|
|
||||||
OS::TripleO::Services::SELinux: ../../deployment/selinux/selinux-baremetal-puppet.yaml
|
|
||||||
|
|
||||||
OS::TripleO::Services::OpenStackClients: ../../deployment/clients/openstack-clients-baremetal-puppet.yaml
|
OS::TripleO::Services::OpenStackClients: ../../deployment/clients/openstack-clients-baremetal-puppet.yaml
|
||||||
|
|
||||||
# Disable non-openstack services that are enabled by default
|
# Disable non-openstack services that are enabled by default
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue