Use older Redis cookbook, install on bitcoin-2

2021-11-16 14:11:42 -06:00
parent 18f65c4fc5
commit 4b9183d78d
59 changed files with 886 additions and 1639 deletions
--- a/cookbooks/selinux_policy/libraries/helpers.rb
+++ b/cookbooks/selinux_policy/libraries/helpers.rb
@@ -0,0 +1,108 @@
+class Chef
+  module SELinuxPolicy
+    module Helpers
+      require 'chef/mixin/shell_out'
+      include Chef::Mixin::ShellOut
+      # Checks if SELinux is disabled or otherwise unavailable and
+      # whether we're allowed to run when disabled
+      def use_selinux(allow_disabled)
+        begin
+          getenforce = shell_out!(getenforce_cmd)
+        rescue
+          selinux_disabled = true
+        else
+          selinux_disabled = getenforce.stdout =~ /disabled/i
+        end
+
+        # return false only when SELinux is disabled and it's allowed
+        return_val = !selinux_disabled || !(selinux_disabled && allow_disabled)
+        Chef::Log.warn('SELinux is disabled / unreachable, skipping') unless return_val
+        return_val
+      end
+
+      def sebool(new_resource, persist = false)
+        persist_string = persist ? '-P ' :  ''
+        new_value = new_resource.value ? 'on' : 'off'
+        execute "selinux-setbool-#{new_resource.name}-#{new_value}" do
+          command "#{setsebool_cmd} #{persist_string} #{new_resource.name} #{new_value}"
+          not_if "#{getsebool_cmd} #{new_resource.name} | grep '#{new_value}$' >/dev/null" unless new_resource.force
+          only_if { use_selinux(new_resource.allow_disabled) }
+        end
+      end
+
+      def module_defined(name)
+        "#{semodule_cmd} -l | grep -w '^#{name}'"
+      end
+
+      def shell_boolean(expression)
+        expression ? 'true' : 'false'
+      end
+
+      def port_defined(protocol, port, label = nil)
+        base_command = "seinfo --portcon=#{port} | grep 'portcon #{protocol}' | awk -F: '$(NF-1) !~ /reserved_port_t$/ && $(NF-3) !~ /[0-9]*-[0-9]*/ {print $(NF-1)}'"
+        grep = if label
+                 "grep -P '#{Regexp.escape(label)}'"
+               else
+                 'grep -q ^'
+               end
+        "#{base_command} | #{grep}"
+      end
+
+      def validate_port(port)
+        raise ArgumentError, "port value: #{port} is invalid." unless port.to_s =~ /^\d+$/
+      end
+
+      def fcontext_defined(file_spec, file_type, label = nil)
+        file_hash = {
+          'a' => 'all files',
+          'f' => 'regular file',
+          'd' => 'directory',
+          'c' => 'character device',
+          'b' => 'block device',
+          's' => 'socket',
+          'l' => 'symbolic link',
+          'p' => 'named pipe',
+        }
+
+        label_matcher = label ? "system_u:object_r:#{Regexp.escape(label)}:s0\\s*$" : ''
+        "#{semanage_cmd} fcontext -l | grep -qP '^#{Regexp.escape(file_spec)}\\s+#{Regexp.escape(file_hash[file_type])}\\s+#{label_matcher}'"
+      end
+
+      def semanage_options(file_type)
+        # Set options for file_type
+        if node['platform_family'].include?('rhel') && Chef::VersionConstraint.new('< 7.0').include?(node['platform_version'])
+          case file_type
+          when 'a' then '-f ""'
+          when 'f' then '-f --'
+          else; "-f -#{file_type}"
+          end
+        else
+          "-f #{file_type}"
+        end
+      end
+
+      require 'chef/mixin/which'
+      include Chef::Mixin::Which
+
+      def setsebool_cmd
+        @setsebool_cmd ||= which('setsebool')
+      end
+
+      def getsebool_cmd
+        @getsebool_cmd ||= which('getsebool')
+      end
+
+      def getenforce_cmd
+        @getenforce_cmd ||= which('getenforce')
+      end
+
+      def semanage_cmd
+        @semanage_cmd ||= which('semanage')
+      end
+
+      def semodule_cmd
+        @semodule_cmd ||= which('semodule')
+      end
+    end
+  end
+end