puppet-system
puppet-system copied to clipboard
voxpupuli
selinux configuration broken
system::sysconfig::selinux
Changing the state breaks the symbolic link to /etc/selinux/config which stops selinux being correctly confiigured.
This looks remarkably like https://projects.puppetlabs.com/issues/11988 but that's just over 2 years old now so I can't imagine we're being hit by this now.
Note that the symlink is from /etc/selinux/config to /etc/sysconfig/selinux.
I can confirm that it still happens in version 0.7.4. While the functional changes to the file are executed by the augeas-provider, which can handle softlinks, a header "# Managed by puppet" is inserted using the posix-provider.
This is done from the manifest at system/manifests/sysconfig/header.pp :
define system::sysconfig::header (
$schedule = undef,
) {
$file = $title
exec { "sysconfig-${file}-empty":
command => "/bin/echo > /etc/sysconfig/${file}",
unless => "/usr/bin/test -s /etc/sysconfig/${file}",
schedule => $schedule,
}
exec { "sysconfig-${file}-header":
command => "/bin/sed -i '1i# Managed by puppet' /etc/sysconfig/${file}",
unless => "/bin/grep -w '^# Managed by puppet' /etc/sysconfig/${file}",
require => Exec["sysconfig-${file}-empty"],
schedule => $schedule,
}
}
It is that silly "sed" command which nukes the symlink. The solution is simple : use the "--follow-symlinks" option on the command. That option is not available for all sed-implementations, but since issue #13 and #14 suggest that this module is knowingly limited to the RedHat-family, there is no reason not to included it.
Hi, based on a discussion in https://groups.io/g/voxpupuli/message/449 we decided to archive this repository. I'm going to close all issues and PRs. If you're interested in maintaining the module, please respond to our mailinglist.
