From d8f962d9687adfb79fb1b7c97044b38a38ab10e5 Mon Sep 17 00:00:00 2001 From: Lennart Betz Date: Fri, 21 Feb 2020 14:00:14 +0100 Subject: [PATCH] rework pull request #602 from b3n4kh/selinux --- data/Linux-kernel.yaml | 1 - data/RedHat-family-5.yaml | 1 + data/RedHat-family-6.yaml | 1 + data/RedHat-family-7.yaml | 2 -- data/RedHat-family-8.yaml | 2 -- data/RedHat-family.yaml | 2 ++ manifests/globals.pp | 8 ++++---- manifests/init.pp | 3 ++- manifests/install.pp | 28 +++++++++++++++++----------- 9 files changed, 27 insertions(+), 21 deletions(-) delete mode 100644 data/RedHat-family-7.yaml delete mode 100644 data/RedHat-family-8.yaml diff --git a/data/Linux-kernel.yaml b/data/Linux-kernel.yaml index 81f464aed..e6e88b929 100644 --- a/data/Linux-kernel.yaml +++ b/data/Linux-kernel.yaml @@ -1,7 +1,6 @@ --- icinga2::globals::package_name: icinga2 icinga2::globals::service_name: icinga2 -icinga2::globals::selinux_name: icinga2-selinux icinga2::globals::service_reload: service icinga2 reload icinga2::globals::ido_mysql_package_name: icinga2-ido-mysql icinga2::globals::ido_mysql_schema: /usr/share/icinga2-ido-mysql/schema/mysql.sql diff --git a/data/RedHat-family-5.yaml b/data/RedHat-family-5.yaml index afd3e6388..bded087d0 100644 --- a/data/RedHat-family-5.yaml +++ b/data/RedHat-family-5.yaml @@ -1,2 +1,3 @@ --- icinga2::globals::icinga2_bin: /usr/sbin/icinga2 +icinga2::manage_selinux: false diff --git a/data/RedHat-family-6.yaml b/data/RedHat-family-6.yaml index afd3e6388..bded087d0 100644 --- a/data/RedHat-family-6.yaml +++ b/data/RedHat-family-6.yaml @@ -1,2 +1,3 @@ --- icinga2::globals::icinga2_bin: /usr/sbin/icinga2 +icinga2::manage_selinux: false diff --git a/data/RedHat-family-7.yaml b/data/RedHat-family-7.yaml deleted file mode 100644 index d546e3922..000000000 --- a/data/RedHat-family-7.yaml +++ /dev/null @@ -1,2 +0,0 @@ ---- -icinga2::manage_selinux: "%{facts.os.selinux.enabled}" diff --git a/data/RedHat-family-8.yaml b/data/RedHat-family-8.yaml deleted file mode 100644 index d546e3922..000000000 --- a/data/RedHat-family-8.yaml +++ /dev/null @@ -1,2 +0,0 @@ ---- -icinga2::manage_selinux: "%{facts.os.selinux.enabled}" diff --git a/data/RedHat-family.yaml b/data/RedHat-family.yaml index 370ca34a8..f78034208 100644 --- a/data/RedHat-family.yaml +++ b/data/RedHat-family.yaml @@ -2,9 +2,11 @@ icinga2::globals::user: icinga icinga2::globals::group: icinga icinga2::globals::icinga2_bin: /sbin/icinga2 +icinga2::globals::selinux_package_name: icinga2-selinux icinga2::repo: baseurl: 'http://packages.icinga.com/epel/%{facts.os.release.major}/release/' descr: ICINGA (stable release for epel) enabled: 1 gpgcheck: 1 gpgkey: http://packages.icinga.com/icinga.key +icinga2::manage_selinux: "%{facts.os.selinux.enforced}" diff --git a/manifests/globals.pp b/manifests/globals.pp index 2bfc82866..f7032d993 100644 --- a/manifests/globals.pp +++ b/manifests/globals.pp @@ -11,9 +11,6 @@ # [*package_name*] # The name of the icinga package to manage. # -# [*selinux_name*] -# The name of the icinga selinux package. -# # [*service_name*] # The name of the icinga service to manage. # @@ -27,6 +24,9 @@ # CAUTION: This does not manage the group context for the runnig icinga 2 process! # The parameter is only used for group membership of files or directories. # +# [*selinux_package_name*] +# The name of the icinga selinux package. +# # [*ido_mysql_package_name*] # The name of the icinga package that's needed for MySQL. # @@ -99,10 +99,10 @@ Array[String] $reserved, Optional[String] $user = undef, Optional[String] $group = undef, + Optional[String] $selinux_package_name = undef, Optional[String] $ido_mysql_package_name = undef, Optional[String] $ido_pgsql_package_name = undef, Optional[String] $service_reload = undef, - Optional[String] $selinux_name = unde, ) { assert_private() diff --git a/manifests/init.pp b/manifests/init.pp index d452bc52d..d194f254b 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -20,7 +20,8 @@ # If set to false packages aren't managed. Defaults to true. # # [*manage_selinux*] -# If set to true the icinga selinux package is installed. Defaults to false. +# If set to true the icinga selinux package is installed. Default on RedHat family is `facts.os.selinux.enforcing` +# otherwise set to false. Requires a `selinux_package_name` (icinga2::globals) and `manage_package` has to be set to true. # # [*manage_service*] # If set to true the service is managed otherwise the service also diff --git a/manifests/install.pp b/manifests/install.pp index 697169325..ffb569d95 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -16,14 +16,14 @@ assert_private() - $package_name = $::icinga2::globals::package_name - $manage_package = $::icinga2::manage_package - $selinux_name = $::icinga2::globals::selinux_name - $manage_selinux = $::icinga2::manage_selinux - $cert_dir = $::icinga2::globals::cert_dir - $conf_dir = $::icinga2::globals::conf_dir - $user = $::icinga2::globals::user - $group = $::icinga2::globals::group + $package_name = $::icinga2::globals::package_name + $manage_package = $::icinga2::manage_package + $selinux_package_name = $::icinga2::globals::selinux_package_name + $manage_selinux = $::icinga2::manage_selinux + $cert_dir = $::icinga2::globals::cert_dir + $conf_dir = $::icinga2::globals::conf_dir + $user = $::icinga2::globals::user + $group = $::icinga2::globals::group if $manage_package { if $::osfamily == 'windows' { Package { provider => chocolatey, } } @@ -33,15 +33,21 @@ before => File[$cert_dir, $conf_dir], } - if str2bool($manage_selinux) { - package { $selinux_name: + if str2bool($manage_selinux) and $selinux_package_name { + package { $selinux_package_name: ensure => installed, require => Package[$package_name], } } } - file { [$cert_dir, $conf_dir]: + file { [$conf_dir]: + ensure => directory, + owner => $user, + group => $group, + } + + file { [$cert_dir]: ensure => directory, owner => $user, group => $group,