Commit 51d881f7 by Bach Dániel

random fixes

parent 13d50a60
......@@ -38,6 +38,7 @@ incron:
{% endif %}
service:
- reload: true
- enable: true
- running
- watch:
- file: /etc/incron.d/agentdriver
......@@ -75,6 +75,7 @@ portal:
- watch:
- file: manager_postactivate
- file: portal.conf
- sls: manager.gitrepo
memcached:
service:
......
......@@ -17,6 +17,20 @@ circlecert:
- cwd: /etc/ssl/certs/
- creates: /etc/ssl/certs/circle.pem
{% if grains['os_family'] == 'RedHat' %}
nginx_selinux:
pkg.installed:
- pkgs:
- policycoreutils
- policycoreutils-python
selinux.boolean:
- name: httpd_can_network_connect
- value: True
- persist: True
- require:
- pkg: nginx_selinux
{% endif %}
nginxdefault:
file.managed:
{% if grains['os_family'] == 'RedHat' %}
......
......@@ -3,7 +3,7 @@ postgresql_initdb:
cmd.run:
- cwd: /
- user: root
- name: service postgresql initdb
- name: postgresql-setup initdb
- unless: test -f /var/lib/pgsql/data/postgresql.conf
- env:
LC_ALL: C.UTF-8
......
rabbitmq-server:
pkg.installed:
- name: rabbitmq-server
{% if grains['os_family'] == 'RedHat' %}
file.managed:
- name: /etc/rabbitmq/rabbitmq-env.conf
- contents: RABBITMQ_DIST_PORT=5671
{% endif %}
service.running:
- enable: True
- require:
- pkg: rabbitmq-server
{% if grains['os_family'] == 'RedHat' %}
- file: rabbitmq-server
{% endif %}
rabbitmq_user:
rabbitmq_user.present:
- name: {{ pillar['amqp']['user'] }}
- password: {{ pillar['amqp']['password'] }}
- require:
- service: rabbitmq-server
virtual_host:
rabbitmq_vhost.present:
......@@ -18,3 +28,5 @@ virtual_host:
- conf: .*
- write: .*
- read: .*
- require:
- service: rabbitmq-server
polkit.addRule(function(action, subject) {
polkit.log("action=" + action);
polkit.log("subject=" + subject);
var now = new Date();
polkit.log("now=" + now)
if ((action.id == "org.libvirt.unix.manage" || action.id == "org.libvirt.unix.monitor") && subject.isInGroup("wheel")) {
return polkit.Result.YES;
}
return null;
});
module vmdriver 1.0;
require {
type virt_var_lib_t;
type svirt_tcg_t;
class sock_file { create unlink };
class dir { write remove_name add_name };
}
#============= svirt_tcg_t ==============
allow svirt_tcg_t virt_var_lib_t:dir { write remove_name add_name };
allow svirt_tcg_t virt_var_lib_t:sock_file { create unlink };
......@@ -26,6 +26,40 @@ libvirt-bin:
file.symlink:
- target: /usr/libexec/qemu-kvm
/etc/polkit-1/rules.d/10.virt.rules:
file.managed:
- source: salt://vmdriver/files/10.virt.rules
- template: jinja
- mode: 644
polkit:
service:
- running
- watch:
- file: /etc/polkit-1/rules.d/10.virt.rules
/root/vmdriver.te:
file.managed:
- source: salt://vmdriver/files/vmdriver.te
- template: jinja
- mode: 644
selinux_pkgs:
pkg.installed:
- pkgs:
- policycoreutils
- policycoreutils-python
vmdriver_semodule:
cmd.run:
- cwd: /root
- user: root
- name: checkmodule -M -m -o vmdriver.mod vmdriver.te; semodule_package -o vmdriver.pp -m vmdriver.mod; semodule -i vmdriver.pp
- unless: semodule -l |grep -qs ^vmdriver
- require:
- file: /root/vmdriver.te
- pkg: selinux_pkgs
{% else %}
/etc/apparmor.d/libvirt/TEMPLATE:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment