aboutsummaryrefslogtreecommitdiffstats
path: root/puppet/manifests
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2015-07-24 16:24:13 +0000
committerGerrit Code Review <review@openstack.org>2015-07-24 16:24:13 +0000
commit386fc6089060eadf73fbad6123ae096ba2205572 (patch)
tree52fd4c7c24977a25592c6b7275e335757287fc70 /puppet/manifests
parent1a0f4eefc8d590ee9da6612b34a018d5055397bd (diff)
parent9ab0050e6ec6ace2deb7712d7fde7a12bc466b75 (diff)
Merge "Ensure SELinux is permissive on Ceph OSDs"
Diffstat (limited to 'puppet/manifests')
-rw-r--r--puppet/manifests/overcloud_cephstorage.pp16
-rw-r--r--puppet/manifests/overcloud_controller.pp14
-rw-r--r--puppet/manifests/overcloud_controller_pacemaker.pp14
3 files changed, 43 insertions, 1 deletions
diff --git a/puppet/manifests/overcloud_cephstorage.pp b/puppet/manifests/overcloud_cephstorage.pp
index cf2626ac..6c5dda42 100644
--- a/puppet/manifests/overcloud_cephstorage.pp
+++ b/puppet/manifests/overcloud_cephstorage.pp
@@ -21,7 +21,21 @@ if count(hiera('ntp::servers')) > 0 {
include ::ntp
}
+if str2bool(hiera('ceph_osd_selinux_permissive', true)) {
+ exec { 'set selinux to permissive on boot':
+ command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config",
+ onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config",
+ path => ["/usr/bin", "/usr/sbin"],
+ }
+
+ exec { 'set selinux to permissive':
+ command => "setenforce 0",
+ onlyif => "which setenforce && getenforce | grep -i 'enforcing'",
+ path => ["/usr/bin", "/usr/sbin"],
+ } -> Class['ceph::profile::osd']
+}
+
include ::ceph::profile::client
include ::ceph::profile::osd
-hiera_include('ceph_classes') \ No newline at end of file
+hiera_include('ceph_classes')
diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp
index 27b7328d..09edef50 100644
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -184,6 +184,20 @@ if hiera('step') >= 2 {
}
if str2bool(hiera('enable_ceph_storage', 'false')) {
+ if str2bool(hiera('ceph_osd_selinux_permissive', true)) {
+ exec { 'set selinux to permissive on boot':
+ command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config",
+ onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config",
+ path => ["/usr/bin", "/usr/sbin"],
+ }
+
+ exec { 'set selinux to permissive':
+ command => "setenforce 0",
+ onlyif => "which setenforce && getenforce | grep -i 'enforcing'",
+ path => ["/usr/bin", "/usr/sbin"],
+ } -> Class['ceph::profile::osd']
+ }
+
include ::ceph::profile::client
include ::ceph::profile::osd
}
diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index 5f5b06dd..a3eb6e5d 100644
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -492,6 +492,20 @@ MYSQL_HOST=localhost\n",
}
if str2bool(hiera('enable_ceph_storage', 'false')) {
+ if str2bool(hiera('ceph_osd_selinux_permissive', true)) {
+ exec { 'set selinux to permissive on boot':
+ command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config",
+ onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config",
+ path => ["/usr/bin", "/usr/sbin"],
+ }
+
+ exec { 'set selinux to permissive':
+ command => "setenforce 0",
+ onlyif => "which setenforce && getenforce | grep -i 'enforcing'",
+ path => ["/usr/bin", "/usr/sbin"],
+ } -> Class['ceph::profile::osd']
+ }
+
include ::ceph::profile::client
include ::ceph::profile::osd
}