summaryrefslogtreecommitdiff
path: root/manifests
diff options
context:
space:
mode:
authormh <mh@immerda.ch>2012-02-12 15:43:28 +0100
committermh <mh@immerda.ch>2012-02-12 15:43:28 +0100
commit8d61ad7c8a76adf378a319245d655cf0fce18d25 (patch)
treed54fbf9bbdb80573d2086ed19a965c493b6d7ee3 /manifests
parent89495dae91ac87b7dad314d6e1c3737913865e2b (diff)
manage selinux stuff
Diffstat (limited to 'manifests')
-rw-r--r--manifests/centos.pp10
-rw-r--r--manifests/defaultdavdbdir.pp18
-rw-r--r--manifests/defaultphpdirs.pp15
-rw-r--r--manifests/init.pp6
4 files changed, 39 insertions, 10 deletions
diff --git a/manifests/centos.pp b/manifests/centos.pp
index 6bb9ed8..0c3ee45 100644
--- a/manifests/centos.pp
+++ b/manifests/centos.pp
@@ -28,6 +28,16 @@ class apache::centos inherits apache::package {
path => '/var/www/html/index.html',
}
+ if $::selinux != 'false' {
+ selinux::fcontext{
+ ['/var/www/vhosts/.+/www(/.*)?',
+ '/var/www/vhosts/.+/non_public(/.*)?',
+ '/var/www/vhosts/.+/g2data(/.*)?',
+ '/var/www/vhosts/.+/upload(/.*)?' ]:
+ setype => 'httpd_sys_rw_content_t',
+ before => File[web_dir];
+ }
+ }
file{'apache_service_config':
path => '/etc/sysconfig/httpd',
source => [ "puppet:///modules/site-apache/service/CentOS/${fqdn}/httpd",
diff --git a/manifests/defaultdavdbdir.pp b/manifests/defaultdavdbdir.pp
index 186871c..c0e2a81 100644
--- a/manifests/defaultdavdbdir.pp
+++ b/manifests/defaultdavdbdir.pp
@@ -1,7 +1,17 @@
class apache::defaultdavdbdir {
- file{'/var/www/dav_db_dir':
- ensure => directory,
- require => Package['apache'],
- owner => root, group => 0, mode => 0755;
+ file {
+ '/var/www/dav_db_dir' :
+ ensure => directory,
+ require => Package['apache'],
+ owner => root,
+ group => 0,
+ mode => 0755 ;
+ }
+ if $::selinux != 'false' {
+ selinux::fcontext {
+ ['/var/www/dav_db_dir/.+(/.*)?'] :
+ setype => 'httpd_var_lib_t',
+ before => File['/var/www/dav_db_dir'] ;
+ }
}
}
diff --git a/manifests/defaultphpdirs.pp b/manifests/defaultphpdirs.pp
index eba060a..e8b3e4e 100644
--- a/manifests/defaultphpdirs.pp
+++ b/manifests/defaultphpdirs.pp
@@ -1,12 +1,21 @@
class apache::defaultphpdirs {
- file{'/var/www/upload_tmp_dir':
+ file{
+ '/var/www/upload_tmp_dir':
ensure => directory,
require => Package['apache'],
owner => root, group => 0, mode => 0755;
- }
- file{'/var/www/session.save_path':
+ '/var/www/session.save_path':
ensure => directory,
require => Package['apache'],
owner => root, group => 0, mode => 0755;
}
+
+ if $::selinux != 'false' {
+ selinux::fcontext{
+ ['/var/www/upload_tmp_dir/.+(/.*)?',
+ '/var/www/session.save_path/.+(/.*)?']:
+ setype => 'httpd_sys_rw_content_t',
+ before => File['/var/www/upload_tmp_dir','/var/www/session.save_path'];
+ }
+ }
}
diff --git a/manifests/init.pp b/manifests/init.pp
index c6b24a8..db1a077 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -19,7 +19,7 @@
# $apache_default_group: Set this to the group with which the
# apache is running.
class apache {
- case $operatingsystem {
+ case $::operatingsystem {
centos: { include apache::centos }
gentoo: { include apache::gentoo }
debian: { include apache::debian }
@@ -27,10 +27,10 @@ class apache {
openbsd: { include apache::openbsd }
default: { include apache::base }
}
- if $use_munin {
+ if hiera('use_munin',false) {
include apache::status
}
- if $use_shorewall {
+ if hiera('use_shorewall',false) {
include shorewall::rules::http
}
}