Allow standalone to manage selinux

In some cases we may need to disable selinux (like in CI). The role needs the SELinux service so that the management can be done during the deployment. NOTE: this squashes the original patch with the bugfix patch I4dde00e615be3a3c13fa8a21f8a5eb4ca9dbfbec Change-Id: Ife3c4600f5bd70490a68059eb27c5100743a5298 Closes-Bug: #1797910 (cherry picked from commit 7451fc44de) (cherry picked from commit 62418388b2)
2018-10-15 08:47:30 -06:00 · 2018-10-15 08:47:30 -06:00 · 8b13603740
parent b26af243aa
commit 8b13603740
6 changed files with 15 additions and 0 deletions
--- a/environments/standalone.yaml
+++ b/environments/standalone.yaml
@ -6,6 +6,8 @@ resource_registry:
  OS::TripleO::Standalone::Net::SoftwareConfig: ../net-config-standalone.yaml
  OS::TripleO::NodeExtraConfigPost: ../extraconfig/post_deploy/standalone_post.yaml

+  # Manage SELinux
+  OS::TripleO::Services::SELinux: ../puppet/services/selinux.yaml
  OS::TripleO::Services::OpenStackClients: ../puppet/services/openstack-clients.yaml

  # Disable non-openstack services that are enabled by default
--- a/environments/standalone/standalone-overcloud.yaml
+++ b/environments/standalone/standalone-overcloud.yaml
@ -91,6 +91,7 @@ resource_registry:
  OS::TripleO::Services::MistralExecutor: OS::Heat::None
  OS::TripleO::Services::OpenStackClients: ../../puppet/services/openstack-clients.yaml
  OS::TripleO::Services::PankoApi: OS::Heat::None
+  OS::TripleO::Services::SELinux: ../../puppet/services/selinux.yaml
  OS::TripleO::Services::SaharaApi: OS::Heat::None
  OS::TripleO::Services::SaharaEngine: OS::Heat::None
  OS::TripleO::Services::Tacker: OS::Heat::None
--- a/environments/standalone/standalone-tripleo.yaml
+++ b/environments/standalone/standalone-tripleo.yaml
@ -99,6 +99,7 @@ resource_registry:
  OS::TripleO::Services::MistralExecutor: OS::Heat::None
  OS::TripleO::Services::OpenStackClients: ../../puppet/services/openstack-clients.yaml
  OS::TripleO::Services::PankoApi: OS::Heat::None
+  OS::TripleO::Services::SELinux: ../../puppet/services/selinux.yaml
  OS::TripleO::Services::SaharaApi: OS::Heat::None
  OS::TripleO::Services::SaharaEngine: OS::Heat::None
  OS::TripleO::Services::Tacker: OS::Heat::None
--- a/releasenotes/notes/standalone-selinux-configuration-39a0c7285d8e4c66.yaml
+++ b/releasenotes/notes/standalone-selinux-configuration-39a0c7285d8e4c66.yaml
@ -0,0 +1,4 @@
+---
+fixes:
+  - |
+    SELinux can be configured on the Standalone deployment by setting SELinuxMode.
--- a/roles/Standalone.yaml
+++ b/roles/Standalone.yaml
@ -159,6 +159,7 @@
    - OS::TripleO::Services::SaharaApi
    - OS::TripleO::Services::SaharaEngine
    - OS::TripleO::Services::Securetty
+    - OS::TripleO::Services::SELinux
    - OS::TripleO::Services::SensuClient
    - OS::TripleO::Services::SkydiveAgent
    - OS::TripleO::Services::SkydiveAnalyzer
--- a/sample-env-generator/standalone.yaml
+++ b/sample-env-generator/standalone.yaml
@ -51,6 +51,9 @@ environments:
      OS::TripleO::Standalone::Net::SoftwareConfig: ../../net-config-standalone.yaml
      OS::TripleO::NodeExtraConfigPost: ../../extraconfig/post_deploy/standalone_post.yaml

+      # Manage SELinux
+      OS::TripleO::Services::SELinux: ../../puppet/services/selinux.yaml
+
      OS::TripleO::Services::OpenStackClients: ../../puppet/services/openstack-clients.yaml

      # Disable non-openstack services that are enabled by default
@ -163,6 +166,9 @@ environments:
    resource_registry:
      OS::TripleO::Standalone::Net::SoftwareConfig: ../../net-config-bridge.yaml

+      # Manage SELinux
+      OS::TripleO::Services::SELinux: ../../puppet/services/selinux.yaml
+
      OS::TripleO::Services::OpenStackClients: ../../puppet/services/openstack-clients.yaml

      # Disable non-openstack services that are enabled by default