right now nothing in configure requires selinux to be permissive
before running, and thus selinux could still be enforcing, preventing
the aeolus seed data from being created.
if any other components require selinux to be permissive, we should
create policy exceptions for those operations and remove the selinux
permissive bits
---
recipes/aeolus_recipe/manifests/conductor.pp | 2 +-
recipes/apache/manifests/init.pp | 9 +++++++--
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/recipes/aeolus_recipe/manifests/conductor.pp
b/recipes/aeolus_recipe/manifests/conductor.pp
index cd2934a..86c1210 100644
--- a/recipes/aeolus_recipe/manifests/conductor.pp
+++ b/recipes/aeolus_recipe/manifests/conductor.pp
@@ -265,7 +265,7 @@ define aeolus::conductor::login($user,$password){
-d commit=submit \
-c /tmp/aeolus-${user}.cookie",
onlyif => "/usr/bin/test ! -f /tmp/aeolus-${user}.cookie ||
\"\" == \"`curl -X GET
http://localhost/conductor -b
/tmp/aeolus-${user}.cookie -i --silent | grep 'HTTP/1.1 200'`\"",
- require => Service['aeolus-conductor']}
+ require => Service['aeolus-conductor', 'httpd']}
}
define aeolus::conductor::logout($user){
diff --git a/recipes/apache/manifests/init.pp b/recipes/apache/manifests/init.pp
index 80d8980..79f15f9 100644
--- a/recipes/apache/manifests/init.pp
+++ b/recipes/apache/manifests/init.pp
@@ -9,12 +9,17 @@ class apache {
package { "mod_ssl": ensure => installed }
}
+ # if selinux is enabled and we want to use mod_proxy, we need todo this
+ exec{'permit-http-networking':
+ command => '/usr/sbin/setsebool httpd_can_network_connect 1',
+ logoutput => true }
+
service { "httpd":
ensure => running,
- require => Package["httpd"],
+ require => [Package["httpd"], Exec['permit-http-networking']],
hasrestart => true,
hasstatus => true,
- enable => true,
+ enable => true
}
exec { "reload-apache":
--
1.7.2.3