Code Review / apex-tripleo-heat-templates.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Ensure SELinux is permissive on Ceph OSDs
[apex-tripleo-heat-templates.git] / puppet / manifests / overcloud_cephstorage.pp
diff --git a/puppet/manifests/overcloud_cephstorage.pp b/puppet/manifests/overcloud_cephstorage.pp
index 21fd5f9..38b6a54 100644 (file)
--- a/puppet/manifests/overcloud_cephstorage.pp
+++ b/puppet/manifests/overcloud_cephstorage.pp
@@ -30,6 +30,20 @@ if count(hiera('ntp::servers')) > 0 {
   include ::ntp
 }
 
+if str2bool(hiera('ceph_osd_selinux_permissive', true)) {
+  exec { 'set selinux to permissive on boot':
+    command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config",
+    onlyif  => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config",
+    path    => ["/usr/bin", "/usr/sbin"],
+  }
+
+  exec { 'set selinux to permissive':
+    command => "setenforce 0",
+    onlyif  => "which setenforce && getenforce | grep -i 'enforcing'",
+    path    => ["/usr/bin", "/usr/sbin"],
+  } -> Class['ceph::profile::osd']
+}
+
 include ::ceph::profile::client
 include ::ceph::profile::osd