Set up Redis using the latest version of redisio

This replaces the deprecated redis cookbook. Compiles the latest version of Redis, currently 7.0.11 Refs #488
2023-06-19 16:02:58 +02:00
parent b164d7a444
commit 6116729907
119 changed files with 2568 additions and 7343 deletions
--- a/cookbooks/selinux/resources/port.rb
+++ b/cookbooks/selinux/resources/port.rb
@@ -0,0 +1,98 @@
+#
+# Cookbook:: selinux
+# Resource:: port
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+unified_mode true
+
+property :port, [Integer, String],
+          name_property: true,
+          regex: /^\d+$/,
+          description: 'Port to modify'
+
+property :protocol, String,
+          equal_to: %w(tcp udp),
+          required: %i(manage add modify),
+          description: 'Protocol to modify'
+
+property :secontext, String,
+          required: %i(manage add modify),
+          description: 'SELinux context to assign to the port'
+
+action_class do
+  include ::SELinux::Cookbook::StateHelpers
+
+  def current_port_context
+    # use awk to see if the given port is within a reported port range
+    shell_out!(
+      <<~CMD
+        seinfo --portcon=#{new_resource.port} | grep 'portcon #{new_resource.protocol}' | \
+        awk -F: '$(NF-1) !~ /reserved_port_t$/ && $(NF-3) !~ /[0-9]*-[0-9]*/ {print $(NF-1)}'
+      CMD
+    ).stdout.split
+  end
+end
+
+action :manage do
+  run_action(:add)
+  run_action(:modify)
+end
+
+action :addormodify do
+  Chef::Log.warn('The :addormodify action for selinux_port is deprecated and will be removed in a future release. Use the :manage action instead.')
+  run_action(:manage)
+end
+
+# Create if doesn't exist, do not touch if port is already registered (even under different type)
+action :add do
+  if selinux_disabled?
+    Chef::Log.warn("Unable to add SELinux port #{new_resource.name} as SELinux is disabled")
+    return
+  end
+
+  if current_port_context.empty?
+    converge_by "Adding context #{new_resource.secontext} to port #{new_resource.port}/#{new_resource.protocol}" do
+      shell_out!("semanage port -a -t '#{new_resource.secontext}' -p #{new_resource.protocol} #{new_resource.port}")
+    end
+  end
+end
+
+# Only modify port if it exists & doesn't have the correct context already
+action :modify do
+  if selinux_disabled?
+    Chef::Log.warn("Unable to modify SELinux port #{new_resource.name} as SELinux is disabled")
+    return
+  end
+
+  if !current_port_context.empty? && !current_port_context.include?(new_resource.secontext)
+    converge_by "Modifying context #{new_resource.secontext} to port #{new_resource.port}/#{new_resource.protocol}" do
+      shell_out!("semanage port -m -t '#{new_resource.secontext}' -p #{new_resource.protocol} #{new_resource.port}")
+    end
+  end
+end
+
+# Delete if exists
+action :delete do
+  if selinux_disabled?
+    Chef::Log.warn("Unable to delete SELinux port #{new_resource.name} as SELinux is disabled")
+    return
+  end
+
+  unless current_port_context.empty?
+    converge_by "Deleting context from port #{new_resource.port}/#{new_resource.protocol}" do
+      shell_out!("semanage port -d -p #{new_resource.protocol} #{new_resource.port}")
+    end
+  end
+end