set seliux contexts for all files and directories - https://gitlab.confdroid.com/internal/confdroid_management/-/issues/292
This commit is contained in:
Arne Teuke
@@ -10,13 +10,17 @@ class puppet_cd::main::files (
|
|||||||
|
|
||||||
if $fqdn != $pt_pm_fqdn {
|
if $fqdn != $pt_pm_fqdn {
|
||||||
file { $pt_puppet_conf_file:
|
file { $pt_puppet_conf_file:
|
||||||
ensure => file,
|
ensure => file,
|
||||||
path => $pt_puppet_conf_file,
|
path => $pt_puppet_conf_file,
|
||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
content => template($pt_puppet_conf_erb),
|
selrange => s0,
|
||||||
notify => Service[$pt_agent_service],
|
selrole => object_r,
|
||||||
|
seltype => puppet_etc_t,
|
||||||
|
seluser => system_u,
|
||||||
|
content => template($pt_puppet_conf_erb),
|
||||||
|
notify => Service[$pt_agent_service],
|
||||||
}
|
}
|
||||||
if $pt_use_puppetdb == true {
|
if $pt_use_puppetdb == true {
|
||||||
file { $pt_node_rb_file:
|
file { $pt_node_rb_file:
|
||||||
@@ -39,45 +43,58 @@ class puppet_cd::main::files (
|
|||||||
|
|
||||||
if $fqdn == $pt_pm_fqdn {
|
if $fqdn == $pt_pm_fqdn {
|
||||||
file { $pt_puppet_conf_file:
|
file { $pt_puppet_conf_file:
|
||||||
ensure => file,
|
ensure => file,
|
||||||
path => $pt_puppet_conf_file,
|
path => $pt_puppet_conf_file,
|
||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
content => template($pt_puppet_conf_erb),
|
selrange => s0,
|
||||||
notify => Service[$pt_agent_service,$pt_server_service],
|
selrole => object_r,
|
||||||
|
seltype => puppet_etc_t,
|
||||||
|
seluser => system_u,
|
||||||
|
content => template($pt_puppet_conf_erb),
|
||||||
|
notify => Service[$pt_agent_service,$pt_server_service],
|
||||||
}
|
}
|
||||||
|
|
||||||
if $pt_use_puppetdb == true {
|
if $pt_use_puppetdb == true {
|
||||||
# puppetdb
|
# puppetdb
|
||||||
file { $pt_puppetdb_conf_file:
|
file { $pt_puppetdb_conf_file:
|
||||||
ensure => file,
|
ensure => file,
|
||||||
path => $pt_puppetdb_conf_file,
|
path => $pt_puppetdb_conf_file,
|
||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
content => template($pt_puppetdb_conf_erb),
|
selrange => s0,
|
||||||
notify => Service[$pt_agent_service,$pt_server_service],
|
selrole => object_r,
|
||||||
|
seltype => puppet_etc_t,
|
||||||
|
seluser => system_u,
|
||||||
|
content => template($pt_puppetdb_conf_erb),
|
||||||
|
notify => Service[$pt_agent_service,$pt_server_service],
|
||||||
}
|
}
|
||||||
# routes.yaml
|
# routes.yaml
|
||||||
file { $pt_routes_file:
|
file { $pt_routes_file:
|
||||||
ensure => file,
|
ensure => file,
|
||||||
path => $pt_routes_file,
|
path => $pt_routes_file,
|
||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
mode => '0644',
|
mode => '0644',
|
||||||
content => template($pt_routes_erb),
|
selrange => s0,
|
||||||
notify => Service[$pt_server_service],
|
selrole => object_r,
|
||||||
|
seltype => puppet_etc_t,
|
||||||
|
seluser => system_u,
|
||||||
|
content => template($pt_routes_erb),
|
||||||
|
notify => Service[$pt_server_service],
|
||||||
}
|
}
|
||||||
file { $pt_node_rb_file:
|
file { $pt_node_rb_file:
|
||||||
ensure => file,
|
ensure => file,
|
||||||
owner => 'puppet',
|
owner => 'puppet',
|
||||||
group => 'puppet',
|
group => 'puppet',
|
||||||
mode => '0550',
|
mode => '0550',
|
||||||
selrole => object_r,
|
selrange => s0,
|
||||||
seltype => foreman_enc_t,
|
selrole => object_r,
|
||||||
seluser => system_u,
|
seltype => foreman_enc_t,
|
||||||
content => template($pt_node_rb_erb),
|
seluser => system_u,
|
||||||
|
content => template($pt_node_rb_erb),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if $pt_use_puppetdb != true {
|
if $pt_use_puppetdb != true {
|
||||||
|
|||||||
Reference in New Issue
Block a user