diff options
| author |   Jenkins <jenkins@review.openstack.org> | 2015-07-24 16:24:13 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <review@openstack.org> | 2015-07-24 16:24:13 +0000 |
| commit | 386fc6089060eadf73fbad6123ae096ba2205572 (patch) | |
| tree | 52fd4c7c24977a25592c6b7275e335757287fc70 /puppet/manifests/overcloud_controller.pp | |
| parent | 1a0f4eefc8d590ee9da6612b34a018d5055397bd (diff) | |
| parent | 9ab0050e6ec6ace2deb7712d7fde7a12bc466b75 (diff) | |
Merge "Ensure SELinux is permissive on Ceph OSDs"
Diffstat (limited to 'puppet/manifests/overcloud_controller.pp')
| -rw-r--r-- | puppet/manifests/overcloud_controller.pp | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 27b7328d..09edef50 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -184,6 +184,20 @@ if hiera('step') >= 2 { } if str2bool(hiera('enable_ceph_storage', 'false')) { + if str2bool(hiera('ceph_osd_selinux_permissive', true)) { + exec { 'set selinux to permissive on boot': + command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config", + onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config", + path => ["/usr/bin", "/usr/sbin"], + } + + exec { 'set selinux to permissive': + command => "setenforce 0", + onlyif => "which setenforce && getenforce | grep -i 'enforcing'", + path => ["/usr/bin", "/usr/sbin"], + } -> Class['ceph::profile::osd'] + } + include ::ceph::profile::client include ::ceph::profile::osd } |