SELinux context fixes for puppetmaster on CentOS 6.
This commit is contained in:
parent
be027c023f
commit
3279af1208
1 changed files with 32 additions and 20 deletions
|
|
@ -193,6 +193,12 @@ class puppet::server {
|
||||||
#
|
#
|
||||||
class puppet::server::common inherits puppet::client {
|
class puppet::server::common inherits puppet::client {
|
||||||
|
|
||||||
|
if $::operatingsystem == "CentOS" and $::operatingsystemrelease =~ /^[1-5]\..*/ {
|
||||||
|
$seltype = "var_lib_t"
|
||||||
|
} else {
|
||||||
|
$seltype = "puppet_var_lib_t"
|
||||||
|
}
|
||||||
|
|
||||||
case $operatingsystem {
|
case $operatingsystem {
|
||||||
"openbsd": {
|
"openbsd": {
|
||||||
$user = "_puppet"
|
$user = "_puppet"
|
||||||
|
|
@ -283,13 +289,17 @@ class puppet::server::common inherits puppet::client {
|
||||||
"openbsd" => "wheel",
|
"openbsd" => "wheel",
|
||||||
default => "root",
|
default => "root",
|
||||||
},
|
},
|
||||||
seltype => "var_lib_t",
|
seltype => $seltype,
|
||||||
require => Package["puppetmaster"],
|
require => Package["puppetmaster"],
|
||||||
}
|
}
|
||||||
|
selinux::manage_fcontext { "${puppet_datadir}(/.*)?":
|
||||||
|
type => $seltype,
|
||||||
|
before => File[$puppet_datadir],
|
||||||
|
}
|
||||||
file { "/srv/puppet":
|
file { "/srv/puppet":
|
||||||
ensure => link,
|
ensure => link,
|
||||||
target => $puppet_datadir,
|
target => $puppet_datadir,
|
||||||
seltype => "var_lib_t",
|
seltype => $seltype,
|
||||||
require => File[$puppet_datadir],
|
require => File[$puppet_datadir],
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
|
@ -301,23 +311,14 @@ class puppet::server::common inherits puppet::client {
|
||||||
"openbsd" => "wheel",
|
"openbsd" => "wheel",
|
||||||
default => "root",
|
default => "root",
|
||||||
},
|
},
|
||||||
seltype => "var_lib_t",
|
seltype => $seltype,
|
||||||
require => Package["puppetmaster"],
|
require => Package["puppetmaster"],
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if "${selinux}" == "true" {
|
|
||||||
selinux::manage_fcontext { "/srv/puppet(/.*)?":
|
selinux::manage_fcontext { "/srv/puppet(/.*)?":
|
||||||
type => "var_lib_t",
|
type => $seltype,
|
||||||
before => File["/srv/puppet"]
|
|
||||||
}
|
|
||||||
if $puppet_datadir {
|
|
||||||
selinux::manage_fcontext { "${puppet_datadir}(/.*)?":
|
|
||||||
type => "var_lib_t",
|
|
||||||
before => File[$puppet_datadir],
|
before => File[$puppet_datadir],
|
||||||
}
|
}
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if $puppet_storeconfigs != "none" {
|
if $puppet_storeconfigs != "none" {
|
||||||
file { "/srv/puppet/storeconfigs":
|
file { "/srv/puppet/storeconfigs":
|
||||||
|
|
@ -325,7 +326,7 @@ class puppet::server::common inherits puppet::client {
|
||||||
mode => "0750",
|
mode => "0750",
|
||||||
owner => $user,
|
owner => $user,
|
||||||
group => $group,
|
group => $group,
|
||||||
seltype => "var_lib_t",
|
seltype => $seltype,
|
||||||
require => File["/srv/puppet"],
|
require => File["/srv/puppet"],
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -336,7 +337,7 @@ class puppet::server::common inherits puppet::client {
|
||||||
mode => "0750",
|
mode => "0750",
|
||||||
owner => $user,
|
owner => $user,
|
||||||
group => $group,
|
group => $group,
|
||||||
seltype => "var_lib_t",
|
seltype => $seltype,
|
||||||
require => File["/srv/puppet"],
|
require => File["/srv/puppet"],
|
||||||
}
|
}
|
||||||
file { [ "/srv/puppet/files",
|
file { [ "/srv/puppet/files",
|
||||||
|
|
@ -348,7 +349,7 @@ class puppet::server::common inherits puppet::client {
|
||||||
"openbsd" => "wheel",
|
"openbsd" => "wheel",
|
||||||
default => "root",
|
default => "root",
|
||||||
},
|
},
|
||||||
seltype => "var_lib_t",
|
seltype => $seltype,
|
||||||
require => File["/srv/puppet"],
|
require => File["/srv/puppet"],
|
||||||
}
|
}
|
||||||
file { "/srv/puppet/files/common":
|
file { "/srv/puppet/files/common":
|
||||||
|
|
@ -359,7 +360,7 @@ class puppet::server::common inherits puppet::client {
|
||||||
"openbsd" => "wheel",
|
"openbsd" => "wheel",
|
||||||
default => "root",
|
default => "root",
|
||||||
},
|
},
|
||||||
seltype => "var_lib_t",
|
seltype => $seltype,
|
||||||
require => File["/srv/puppet/files"],
|
require => File["/srv/puppet/files"],
|
||||||
}
|
}
|
||||||
file { "/srv/puppet/files/private":
|
file { "/srv/puppet/files/private":
|
||||||
|
|
@ -367,7 +368,7 @@ class puppet::server::common inherits puppet::client {
|
||||||
mode => "0750",
|
mode => "0750",
|
||||||
owner => "root",
|
owner => "root",
|
||||||
group => $group,
|
group => $group,
|
||||||
seltype => "var_lib_t",
|
seltype => $seltype,
|
||||||
require => File["/srv/puppet/files"],
|
require => File["/srv/puppet/files"],
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -500,6 +501,17 @@ class puppet::server::mongrel {
|
||||||
$puppet_listenports = [ "18140", "18141", "18142", "18143", ]
|
$puppet_listenports = [ "18140", "18141", "18142", "18143", ]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if $::operatingsystem == "CentOS" and $::operatingsystemrelease =~ /^[1-5]\..*/ {
|
||||||
|
$seltype = "http_port_t"
|
||||||
|
} else {
|
||||||
|
$seltype = "puppet_port_t"
|
||||||
|
}
|
||||||
|
selinux::manage_port { $puppet_listenports:
|
||||||
|
type => $seltype,
|
||||||
|
proto => "tcp",
|
||||||
|
before => Service["puppetmaster"],
|
||||||
|
}
|
||||||
|
|
||||||
include ldap::client::ruby
|
include ldap::client::ruby
|
||||||
include ::mongrel
|
include ::mongrel
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue