puppet-openstack-integration/fixtures/scenario004.pp
Alfredo Moralejo 0f00dde757 Disable selinux defaults enforcement in File/Concat resources
Last selinux-policy in CentOS Stream adds patch for [1] which modifies
default context for symlinks under /etc/httpd. That's breaking
idempotency for files created with File/Concat resources under that directory
because of [2].

This patch is disabling default selinux context enforcement for all
File/Concat resources until we have a fix for [2].

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1900650
[2] https://tickets.puppetlabs.com/browse/PUP-7559

Change-Id: Ic92889cc480c316df9454186ffadf3a77fd8ed26
2021-01-11 13:20:53 +01:00

96 lines
2.9 KiB
Puppet

#
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
if ($::os['name'] == 'Ubuntu') or ($::os['name'] == 'Fedora') or
($::os['family'] == 'RedHat' and Integer.new($::os['release']['major']) > 7) {
# FIXME(ykarel) Disable SSL until services are ready to work with SSL + Python3
$ssl = false
} else {
$ssl = true
}
if $::osfamily == 'RedHat' {
# (amoralej) - disable selinux defaults until
# https://tickets.puppetlabs.com/browse/PUP-7559 is fixed
Concat { selinux_ignore_defaults => true }
File { selinux_ignore_defaults => true }
}
if $::operatingsystem == 'Ubuntu' {
$ipv6 = false
# Watcher packages are not available in Ubuntu repository.
$watcher_enabled = false
# TODO(tobias-urdin): No service plugin 'BGPVPN'
$bgpvpn_enabled = false
# TODO(tobias-urdin): Plugin 'networking_l2gw.services.l2gateway.plugin.L2GatewayPlugin' not found.
$l2gw_enabled = false
# FIXME(ykarel) Disable bgp_dragent until Ubuntu python3 stein(with stein packages) jobs are ready
$bgp_dragent_enabled = false
} else {
$ipv6 = true
$watcher_enabled = true
$bgpvpn_enabled = true
$l2gw_enabled = true
$bgp_dragent_enabled = true
}
include openstack_integration
class { 'openstack_integration::config':
ssl => $ssl,
ipv6 => $ipv6,
}
if $ssl {
include openstack_integration::cacert
}
include openstack_integration::apache
include openstack_integration::memcached
include openstack_integration::rabbitmq
include openstack_integration::mysql
include openstack_integration::keystone
class { 'openstack_integration::glance':
backend => 'swift',
}
class { 'openstack_integration::neutron':
bgpvpn_enabled => $bgpvpn_enabled,
l2gw_enabled => $l2gw_enabled,
bgp_dragent_enabled => $bgp_dragent_enabled,
}
include openstack_integration::placement
class { 'openstack_integration::nova':
libvirt_rbd => true,
}
class { 'openstack_integration::ceph':
deploy_rgw => true,
swift_dropin => true,
}
if $watcher_enabled {
include openstack_integration::watcher
}
include openstack_integration::provision
# Don't test swift, radosgw won't pass the current tests
# Glance, nova, neutron are true by default.
class { 'openstack_integration::tempest':
watcher => $watcher_enabled,
bgpvpn => $bgpvpn_enabled,
l2gw => $l2gw_enabled,
l2gw_switch => 'cell08-5930-01::FortyGigE1/0/1|100',
dr => $bgp_dragent_enabled,
}