From df3d689042405ea08b0376e27ed01a5ea6853174 Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <kajinamit@oss.nttdata.com>
Date: Thu, 21 Dec 2023 19:34:49 +0900
Subject: [PATCH] Ensure os_keepalived_dac_override is enabled

According to [1], the dac override options may be disabled in a future
release.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=2000945

Change-Id: I3779072f9213fee03f350cc9a8786072c318037d
---
 manifests/init.pp    |  2 +-
 manifests/neutron.pp | 10 ++++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/manifests/init.pp b/manifests/init.pp
index ecdc130dc..632ffe98f 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -4,7 +4,7 @@ class openstack_integration {
 
   if $facts['os']['family'] == 'RedHat' {
     package { 'openstack-selinux':
-        ensure => 'latest'
+      ensure => 'present'
     }
   }
 }
diff --git a/manifests/neutron.pp b/manifests/neutron.pp
index e2146924b..46d7f866b 100644
--- a/manifests/neutron.pp
+++ b/manifests/neutron.pp
@@ -72,12 +72,22 @@ class openstack_integration::neutron (
     selboolean { 'os_neutron_dac_override':
       persistent => true,
       value      => on,
+      require    => Package['openstack-selinux'],
+      before     => Anchor['neutron::service::begin'],
     }
 
     if $driver == 'openvswitch' or $driver == 'linuxbridge' {
       selboolean { 'os_dnsmasq_dac_override':
         persistent => true,
         value      => on,
+        require    => Package['openstack-selinux'],
+        before     => Anchor['neutron::service::begin'],
+      }
+      selboolean { 'os_keepalived_dac_override':
+        persistent => true,
+        value      => on,
+        require    => Package['openstack-selinux'],
+        before     => Anchor['neutron::service::begin'],
       }
     }
   }