Skip to content

Commit 5472aa1

Browse files
bastelfreakbastelfreak
committed
Feature: Make selboolean management optional
1 parent 63bba21 commit 5472aa1

File tree

4 files changed

+34
-1
lines changed

4 files changed

+34
-1
lines changed

manifests/config.pp

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -144,6 +144,7 @@
144144
keycloak => $foreman::keycloak,
145145
keycloak_app_name => $foreman::keycloak_app_name,
146146
keycloak_realm => $foreman::keycloak_realm,
147+
manage_selinux_booleans => $foreman::manage_selinux_booleans,
147148
}
148149

149150
contain foreman::config::apache

manifests/config/apache.pp

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -98,6 +98,9 @@
9898
# @param keycloak_realm
9999
# The realm as passed to keycloak-httpd-client-install
100100
#
101+
# @param manage_selinux_booleans
102+
# If true AND selinux is enabled on the node, set httpd_can_network_connect so apache works properly
103+
#
101104
class foreman::config::apache(
102105
Stdlib::Absolutepath $app_root = '/usr/share/foreman',
103106
String $priority = '05',
@@ -131,6 +134,7 @@
131134
Boolean $keycloak = false,
132135
String[1] $keycloak_app_name = 'foreman-openidc',
133136
String[1] $keycloak_realm = 'ssl-realm',
137+
Boolean $manage_selinux_booleans = true,
134138
) {
135139
$docroot = "${app_root}/public"
136140

@@ -232,7 +236,7 @@
232236
],
233237
}
234238

235-
if $facts['os']['selinux']['enabled'] {
239+
if $facts['os']['selinux']['enabled'] and $manage_selinux_booleans {
236240
selboolean { 'httpd_can_network_connect':
237241
persistent => true,
238242
value => 'on',

manifests/init.pp

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -199,6 +199,8 @@
199199
#
200200
# $rails_cache_store:: Set rails cache store
201201
#
202+
# $manage_selinux_booleans:: If true AND selinux is enabled on the node, set httpd_can_network_connect so apache works properly
203+
#
202204
# === Keycloak parameters:
203205
#
204206
# $keycloak:: Enable Keycloak support. Note this is limited
@@ -308,6 +310,7 @@
308310
Boolean $keycloak = $foreman::params::keycloak,
309311
String[1] $keycloak_app_name = $foreman::params::keycloak_app_name,
310312
String[1] $keycloak_realm = $foreman::params::keycloak_realm,
313+
Boolean $manage_selinux_booleans = true,
311314
) inherits foreman::params {
312315
if $db_sslmode == 'UNSET' and $db_root_cert {
313316
$db_sslmode_real = 'verify-full'

spec/classes/foreman_config_apache_spec.rb

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,31 @@
1515
end
1616
end
1717

18+
describe 'without manage_selinux_booleans' do
19+
it 'should contain the selinux resource' do
20+
should contain_selboolean('httpd_can_network_connect')
21+
end
22+
end
23+
describe 'with manage_selinux_booleans to true' do
24+
let :params do
25+
super().merge(
26+
manage_selinux_booleans: true
27+
)
28+
end
29+
it 'should contain the selinux resource' do
30+
should contain_selboolean('httpd_can_network_connect')
31+
end
32+
end
33+
describe 'with manage_selinux_booleans to false' do
34+
let :params do
35+
super().merge(
36+
manage_selinux_booleans: false
37+
)
38+
end
39+
it 'should not contain the selinux resource' do
40+
should_not contain_selboolean('httpd_can_network_connect')
41+
end
42+
end
1843
describe 'with passenger' do
1944
let(:params) do
2045
super().merge(

0 commit comments

Comments
 (0)