kosmos/chef
8
3
Fork 0
Code Issues 34 Pull Requests 3 Projects 2 Activity

Set up Redis using the latest version of redisio

Browse Source 
This replaces the deprecated redis cookbook. Compiles the latest version
of Redis, currently 7.0.11

Refs #488
This commit is contained in:
Greg Karékinian
2023-06-19 16:02:58 +02:00
parent b164d7a444
commit 6116729907
119 changed files with 2568 additions and 7343 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
cookbooks/selinux/libraries/boolean.rb Normal file
View File

@@ -0,0 +1,17 @@
module SELinux
module Cookbook
module BooleanHelpers
def selinux_bool(bool)
if ['on', 'true', '1', true, 1].include?(bool)
'on'
elsif ['off', 'false', '0', false, 0].include?(bool)
'off'
else
raise ArgumentError, "selinux_bool: Invalid selinux boolean value #{bool}"
end
end
module_function :selinux_bool
end
end
end

33
cookbooks/selinux/libraries/install.rb Normal file
View File

@@ -0,0 +1,33 @@
module SELinux
module Cookbook
module InstallHelpers
def default_install_packages
case node['platform_family']
when 'rhel'
case node['platform_version'].to_i
when 6
%w(make policycoreutils selinux-policy selinux-policy-targeted selinux-policy-devel libselinux-utils setools-console)
when 7
%w(make policycoreutils policycoreutils-python selinux-policy selinux-policy-targeted selinux-policy-devel libselinux-utils setools-console)
else
%w(make policycoreutils policycoreutils-python-utils selinux-policy selinux-policy-targeted selinux-policy-devel libselinux-utils setools-console)
end
when 'amazon'
%w(make policycoreutils policycoreutils-python selinux-policy selinux-policy-targeted selinux-policy-devel libselinux-utils setools-console)
when 'fedora'
%w(make policycoreutils policycoreutils-python-utils selinux-policy selinux-policy-targeted selinux-policy-devel libselinux-utils setools-console)
when 'debian'
if node['platform'] == 'ubuntu'
if node['platform_version'].to_f == 18.04
%w(make policycoreutils selinux selinux-basics selinux-policy-default selinux-policy-dev auditd setools)
else
%w(make policycoreutils selinux-basics selinux-policy-default selinux-policy-dev auditd setools)
end
else
%w(make policycoreutils selinux-basics selinux-policy-default selinux-policy-dev auditd setools)
end
end
end
end
end
end

60
cookbooks/selinux/libraries/state.rb Normal file
View File

@@ -0,0 +1,60 @@
module SELinux
module Cookbook
module StateHelpers
def selinux_disabled?
selinux_state.eql?(:disabled)
end
def selinux_enforcing?
selinux_state.eql?(:enforcing)
end
def selinux_permissive?
selinux_state.eql?(:permissive)
end
def state_change_reboot_required?
(selinux_disabled? && %i(enforcing permissive).include?(action)) ||
((selinux_enforcing? || selinux_permissive?) && action == :disabled) ||
(selinux_activate_required? && %i(enforcing permissive).include?(action))
end
def selinux_state
state = shell_out!('getenforce').stdout.strip.downcase.to_sym
raise "Got unknown SELinux state #{state}" unless %i(disabled enforcing permissive).include?(state)
state
end
def selinux_activate_required?
return false unless platform_family?('debian')
sestatus = shell_out!('sestatus -v').stdout.strip
# Ensure we're booted up to a system which has selinux activated and filesystem is properly labeled
if File.read('/proc/cmdline').match?('security=selinux') && sestatus.match?(%r{/usr/sbin/sshd.*sshd_exec_t})
false
else
true
end
end
def selinux_activate_cmd
# selinux-activate is semi-broken on Ubuntu 18.04 however this method does work
if platform?('ubuntu') && node['platform_version'] == '18.04'
'touch /.autorelabel'
else
'/usr/sbin/selinux-activate'
end
end
def default_policy_platform
case node['platform_family']
when 'rhel', 'fedora', 'amazon'
'targeted'
when 'debian'
'default'
end
end
end
end
end