Feature: Make selboolean management optional

bastelfreak · bastelfreak · commit 957fc613dbf5 · 2020-06-03T11:24:03.000+02:00
diff --git a/manifests/config.pp b/manifests/config.pp
@@ -138,6 +138,7 @@
       keycloak                => $foreman::keycloak,
       keycloak_app_name       => $foreman::keycloak_app_name,
       keycloak_realm          => $foreman::keycloak_realm,
+      manage_selinux          => $foreman::manage_selinux,
     }
 
     contain foreman::config::apache
diff --git a/manifests/config/apache.pp b/manifests/config/apache.pp
@@ -98,6 +98,9 @@
 # @param keycloak_realm
 #   The realm as passed to keycloak-httpd-client-install
 #
+# @param manage_selinux
+#   If true AND selinux is enabled on the node, set httpd_can_network_connect so apache works properly
+#
 class foreman::config::apache(
   Stdlib::Absolutepath $app_root = '/usr/share/foreman',
   String $priority = '05',
@@ -131,6 +134,7 @@
   Boolean $keycloak = false,
   String[1] $keycloak_app_name = 'foreman-openidc',
   String[1] $keycloak_realm = 'ssl-realm',
+  Boolean $manage_selinux = true,
 ) {
   $docroot = "${app_root}/public"
 
@@ -222,7 +226,7 @@
       ],
     }
 
-    if $facts['os']['selinux']['enabled'] {
+    if $facts['os']['selinux']['enabled'] and $manage_selinux {
       selboolean { 'httpd_can_network_connect':
         persistent => true,
         value      => 'on',
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -198,6 +198,8 @@
 #
 # $rails_cache_store::            Set rails cache store
 #
+# $param manage_selinux:          If true AND selinux is enabled on the node, set httpd_can_network_connect so apache works properly##
+#
 # === Keycloak parameters:
 #
 # $keycloak::                     Enable Keycloak support. Note this is limited
@@ -207,7 +209,6 @@
 # $keycloak_app_name::            The app name as passed to keycloak-httpd-client-install
 #
 # $keycloak_realm::               The realm as passed to keycloak-httpd-client-install
-#
 class foreman (
   Stdlib::HTTPUrl $foreman_url = $foreman::params::foreman_url,
   Boolean $unattended = $foreman::params::unattended,
@@ -307,6 +308,7 @@
   Boolean $keycloak = $foreman::params::keycloak,
   String[1] $keycloak_app_name = $foreman::params::keycloak_app_name,
   String[1] $keycloak_realm = $foreman::params::keycloak_realm,
+  Boolean $manage_selinux = false,
 ) inherits foreman::params {
   if $db_sslmode == 'UNSET' and $db_root_cert {
     $db_sslmode_real = 'verify-full'

Original file line number	Diff line number	Diff line change
`@@ -138,6 +138,7 @@`
`138`	`138`	`keycloak => $foreman::keycloak,`
`139`	`139`	`keycloak_app_name => $foreman::keycloak_app_name,`
`140`	`140`	`keycloak_realm => $foreman::keycloak_realm,`
	`141`	`+ manage_selinux => $foreman::manage_selinux,`
`141`	`142`	`}`
`142`	`143`
`143`	`144`	`contain foreman::config::apache`
Original file line number	Diff line number	Diff line change
`@@ -198,6 +198,8 @@`
`198`	`198`	`#`
`199`	`199`	`# $rails_cache_store:: Set rails cache store`
`200`	`200`	`#`
	`201`	`+# $param manage_selinux: If true AND selinux is enabled on the node, set httpd_can_network_connect so apache works properly##`
	`202`	`+#`
`201`	`203`	`# === Keycloak parameters:`
`202`	`204`	`#`
`203`	`205`	`# $keycloak:: Enable Keycloak support. Note this is limited`
`@@ -207,7 +209,6 @@`
`207`	`209`	`# $keycloak_app_name:: The app name as passed to keycloak-httpd-client-install`
`208`	`210`	`#`
`209`	`211`	`# $keycloak_realm:: The realm as passed to keycloak-httpd-client-install`
`210`		`-#`
`211`	`212`	`class foreman (`
`212`	`213`	`Stdlib::HTTPUrl $foreman_url = $foreman::params::foreman_url,`
`213`	`214`	`Boolean $unattended = $foreman::params::unattended,`
`@@ -307,6 +308,7 @@`
`307`	`308`	`Boolean $keycloak = $foreman::params::keycloak,`
`308`	`309`	`String[1] $keycloak_app_name = $foreman::params::keycloak_app_name,`
`309`	`310`	`String[1] $keycloak_realm = $foreman::params::keycloak_realm,`
	`311`	`+ Boolean $manage_selinux = false,`
`310`	`312`	`) inherits foreman::params {`
`311`	`313`	`if $db_sslmode == 'UNSET' and $db_root_cert {`
`312`	`314`	`$db_sslmode_real = 'verify-full'`