Comments (4)
You shouldn't be modifying the params.pp, that's the point of the class being parameterized. If you want to set different values per-host, either you need to have the logic in your Puppet code that determines the value and then pass that for the parameter, you need to include the selinux class separately per host (or per group of hosts with the same settings), or you need to inject the data via Hiera or an ENC.
from puppet-selinux.
Because of #64 we had to do something to get around the unintended default behavior.
We have a baseclass.pp that we use on all our servers, this can be further divided into logical server groups. But however we divide things into logical groups that there will be exceptions to the rule of having SELinux enabled per default. How can one override the default setting?
What I am looking for is an override option. We would like to have a default (global or per group of servers) that ensures that SELinux is in enforcing mode. There are always exceptions to such rules whether we like it or not. How can we override the default to set SELinux in permissive mode on a per host basis?
from puppet-selinux.
You'd do something like this:
class baseclass ($selinux_mode = 'enforcing') {
class { 'selinux':
mode => $selinux_mode,
}
}
Then you can set selinux_mode
either by modifying where you include baseclass
, using Hiera automatic data bindings, or using an ENC.
You could also do something like create a fact for whether you want SELinux or not or manually use the hiera()
function to get a value, but those aren't really best-practice for this use case.
from puppet-selinux.
Oh, the other option is since #67 fixed the module to not manage the SELinux mode when you don't explicitly set it, you can manually set it on every node and not specify it with the module, but that's just decreasing what you manage, which really isn't a solution.
from puppet-selinux.
Related Issues (20)
- RHEL8 HOT 4
- Just a heads-up - change in RHEL 7.7 HOT 12
- Missing CentOS 8 support HOT 8
- No autorelabel when enabling SELinux
- Error: Could not prefetch selinux_fcontext provider 'semanage': uninitialized constant Selinux HOT 8
- Unable to manage ports on RHEL/CentOS 8 HOT 2
- Facter 4 compatibilty HOT 11
- shouldn't selinux::fcontext do the necessary exec_restorecon ? HOT 2
- Selinux port ensure => absent do not work with port_range HOT 2
- Manage setroubleshootd/sealert? HOT 1
- missing semanage tools on el8 HOT 3
- The semanage_ports.py script needs to pick the correct version of python on a system with multiple installed HOT 7
- Error finding provider when using selinux_port HOT 1
- Add support for Puppet 7
- Add support for Fedora 33
- Resources that use 'semanage' should have an autorequires on the various packages
- Using selinux::fcontext::equivalence with hiera
- Drop Puppet 5 support; require 6.1. or newer HOT 1
- Drop EoL RHEL 6 support HOT 1
- Error: Could not prefetch selinux_fcontext provider 'semanage': uninitialized constant Selinux HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from puppet-selinux.