diff options
| author |   Jenkins <jenkins@review.openstack.org> | 2015-07-24 16:24:13 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <review@openstack.org> | 2015-07-24 16:24:13 +0000 |
| commit | 386fc6089060eadf73fbad6123ae096ba2205572 (patch) | |
| tree | 52fd4c7c24977a25592c6b7275e335757287fc70 | |
| parent | 1a0f4eefc8d590ee9da6612b34a018d5055397bd (diff) | |
| parent | 9ab0050e6ec6ace2deb7712d7fde7a12bc466b75 (diff) | |
Merge "Ensure SELinux is permissive on Ceph OSDs"
| -rw-r--r-- | puppet/hieradata/ceph.yaml | 4 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_cephstorage.pp | 16 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_controller.pp | 14 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_controller_pacemaker.pp | 14 |
4 files changed, 46 insertions, 2 deletions
diff --git a/puppet/hieradata/ceph.yaml b/puppet/hieradata/ceph.yaml index 6eb0e671..18a48622 100644 --- a/puppet/hieradata/ceph.yaml +++ b/puppet/hieradata/ceph.yaml @@ -12,4 +12,6 @@ ceph_pools: - vms - images -ceph_classes: []
\ No newline at end of file +ceph_classes: [] + +ceph_osd_selinux_permissive: true diff --git a/puppet/manifests/overcloud_cephstorage.pp b/puppet/manifests/overcloud_cephstorage.pp index cf2626ac..6c5dda42 100644 --- a/puppet/manifests/overcloud_cephstorage.pp +++ b/puppet/manifests/overcloud_cephstorage.pp @@ -21,7 +21,21 @@ if count(hiera('ntp::servers')) > 0 { include ::ntp } +if str2bool(hiera('ceph_osd_selinux_permissive', true)) { + exec { 'set selinux to permissive on boot': + command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config", + onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config", + path => ["/usr/bin", "/usr/sbin"], + } + + exec { 'set selinux to permissive': + command => "setenforce 0", + onlyif => "which setenforce && getenforce | grep -i 'enforcing'", + path => ["/usr/bin", "/usr/sbin"], + } -> Class['ceph::profile::osd'] +} + include ::ceph::profile::client include ::ceph::profile::osd -hiera_include('ceph_classes')
\ No newline at end of file +hiera_include('ceph_classes') diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 27b7328d..09edef50 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -184,6 +184,20 @@ if hiera('step') >= 2 { } if str2bool(hiera('enable_ceph_storage', 'false')) { + if str2bool(hiera('ceph_osd_selinux_permissive', true)) { + exec { 'set selinux to permissive on boot': + command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config", + onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config", + path => ["/usr/bin", "/usr/sbin"], + } + + exec { 'set selinux to permissive': + command => "setenforce 0", + onlyif => "which setenforce && getenforce | grep -i 'enforcing'", + path => ["/usr/bin", "/usr/sbin"], + } -> Class['ceph::profile::osd'] + } + include ::ceph::profile::client include ::ceph::profile::osd } diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index 5f5b06dd..a3eb6e5d 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -492,6 +492,20 @@ MYSQL_HOST=localhost\n", } if str2bool(hiera('enable_ceph_storage', 'false')) { + if str2bool(hiera('ceph_osd_selinux_permissive', true)) { + exec { 'set selinux to permissive on boot': + command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config", + onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config", + path => ["/usr/bin", "/usr/sbin"], + } + + exec { 'set selinux to permissive': + command => "setenforce 0", + onlyif => "which setenforce && getenforce | grep -i 'enforcing'", + path => ["/usr/bin", "/usr/sbin"], + } -> Class['ceph::profile::osd'] + } + include ::ceph::profile::client include ::ceph::profile::osd } |