Allow haproxy to bind to all ports in selinux

By default haproxy can only bind to HTTP(S) ports all other ports can't
be bound due to the selinux policy. Simple fix for this is to toggle the
boolean that allows haproxy to bind any port in the selinux policy. Do
this with an exec that first checks if the boolean is set.

Change-Id: I49c8bdc3586fa82cd954a6ef9be27f48f9a623ec

manifests/site.pp

@@ -501,6 +501,7 @@ node /^elasticsearch0[1-7]\.openstack\.org$/ {
 
 # CentOS machines to load balance git access.
 # Node-OS: centos6
+# Node-OS: centos7
 node /^git(-fe\d+)?\.openstack\.org$/ {
   $group = "git-loadbalancer"
   class { 'openstack_project::git':

modules/openstack_project/manifests/git.pp

@@ -127,6 +127,14 @@ class openstack_project::git (
     options           => 'maxqueue 512',
   }
 
+  exec { 'haproxy_allow_bind_ports':
+    # If bool is already set don't set it again
+    onlyif  => 'bash -c \'getsebool haproxy_connect_any | grep -q off\'',
+    command => 'setsebool -P haproxy_connect_any 1',
+    path    => '/bin:/usr/sbin',
+    before  => Service['haproxy'],
+  }
+
   file { '/etc/rsyslog.d/haproxy.conf':
     ensure => present,
     owner  => 'root',