Skip to content

Commit

Permalink
Feature: Make selboolean management optional
Browse files Browse the repository at this point in the history
  • Loading branch information
bastelfreak committed Sep 11, 2020
1 parent e3bf011 commit 6561944
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 1 deletion.
1 change: 1 addition & 0 deletions manifests/config.pp
Original file line number Diff line number Diff line change
Expand Up @@ -138,6 +138,7 @@
keycloak => $foreman::keycloak,
keycloak_app_name => $foreman::keycloak_app_name,
keycloak_realm => $foreman::keycloak_realm,
manage_selinux_booleans => $foreman::manage_selinux_booleans,
}

contain foreman::config::apache
Expand Down
6 changes: 5 additions & 1 deletion manifests/config/apache.pp
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,9 @@
# @param keycloak_realm
# The realm as passed to keycloak-httpd-client-install
#
# @param manage_selinux_booleans
# If true AND selinux is enabled on the node, set httpd_can_network_connect so apache works properly
#
class foreman::config::apache(
Stdlib::Absolutepath $app_root = '/usr/share/foreman',
String $priority = '05',
Expand Down Expand Up @@ -131,6 +134,7 @@
Boolean $keycloak = false,
String[1] $keycloak_app_name = 'foreman-openidc',
String[1] $keycloak_realm = 'ssl-realm',
Boolean $manage_selinux_booleans = true,
) {
$docroot = "${app_root}/public"

Expand Down Expand Up @@ -222,7 +226,7 @@
],
}

if $facts['os']['selinux']['enabled'] {
if $facts['os']['selinux']['enabled'] and $manage_selinux_booleans {
selboolean { 'httpd_can_network_connect':
persistent => true,
value => 'on',
Expand Down
3 changes: 3 additions & 0 deletions manifests/init.pp
Original file line number Diff line number Diff line change
Expand Up @@ -198,6 +198,8 @@
#
# $rails_cache_store:: Set rails cache store
#
# $manage_selinux_booleans:: If true AND selinux is enabled on the node, set httpd_can_network_connect so apache works properly
#
# === Keycloak parameters:
#
# $keycloak:: Enable Keycloak support. Note this is limited
Expand Down Expand Up @@ -307,6 +309,7 @@
Boolean $keycloak = $foreman::params::keycloak,
String[1] $keycloak_app_name = $foreman::params::keycloak_app_name,
String[1] $keycloak_realm = $foreman::params::keycloak_realm,
Boolean $manage_selinux_booleans = false,
) inherits foreman::params {
if $db_sslmode == 'UNSET' and $db_root_cert {
$db_sslmode_real = 'verify-full'
Expand Down

0 comments on commit 6561944

Please sign in to comment.