Merge branch 'jenkins' into 'master'

Jenkins

See merge request !4

CHANGELOG.md

@@ -8,20 +8,40 @@ Changelog of Git Changelog.
 <h2> No issue </h2>
 
 
+<a href="https://gitlab.puppetsoft.com/12WW1160/git-changelog-lib/commit/73df1183c06d683">73df1183c06d683</a> Jenkins Server <i>2017-07-20 12:47:36</i>
+<p>
+<h3>recommit for updates in build 4</h3>
+
+</p>
 <a href="https://gitlab.puppetsoft.com/12WW1160/git-changelog-lib/commit/dfeece2215322e3">dfeece2215322e3</a> Jenkins Server <i>2017-07-20 12:43:32</i>
 <p>
 <h3>recommit for updates in build 3</h3>
 
-</p>
-<a href="https://gitlab.puppetsoft.com/12WW1160/git-changelog-lib/commit/9f8a0aef46d59dd">9f8a0aef46d59dd</a> Arne Teuke <i>2017-07-20 12:43:17</i>
-<p>
-<h3>added main config file control</h3>
-
 </p>
 <a href="https://gitlab.puppetsoft.com/12WW1160/git-changelog-lib/commit/c7e77e4c88c5b5a">c7e77e4c88c5b5a</a> Jenkins Server <i>2017-07-20 12:08:03</i>
 <p>
 <h3>recommit for updates in build 2</h3>
 
+</p>
+
+<h2> v0.0.0.3 </h2>
+<h2> No issue </h2>
+
+
+<a href="https://gitlab.puppetsoft.com/12WW1160/git-changelog-lib/commit/8b184516c46ea66">8b184516c46ea66</a> Arne Teuke <i>2017-07-20 12:47:27</i>
+<p>
+<h3>edited README</h3>
+
+</p>
+<a href="https://gitlab.puppetsoft.com/12WW1160/git-changelog-lib/commit/6e8e556e2e2f7ef">6e8e556e2e2f7ef</a> Arne Teuke <i>2017-07-20 12:46:33</i>
+<p>
+<h3>changed repo dependency</h3>
+
+</p>
+<a href="https://gitlab.puppetsoft.com/12WW1160/git-changelog-lib/commit/9f8a0aef46d59dd">9f8a0aef46d59dd</a> Arne Teuke <i>2017-07-20 12:43:17</i>
+<p>
+<h3>added main config file control</h3>
+
 </p>
 <a href="https://gitlab.puppetsoft.com/12WW1160/git-changelog-lib/commit/8b0100d73a0a456">8b0100d73a0a456</a> Arne Teuke <i>2017-07-20 12:07:11</i>
 <p>

README.md

@@ -1,6 +1,6 @@
 |Repo Name| version | Build Status|
 |---|---|---|---|
-|`cd_selinux`| 0.0.0.3 | [![Build Status](https://jenkins.confdroid.com/buildStatus/icon?job=cd_selinux)](https://jenkins.confdroid.com/job/cd_selinux/)|
+|`cd_selinux`| 0.0.1.0 | [![Build Status](https://jenkins.confdroid.com/buildStatus/icon?job=cd_selinux)](https://jenkins.confdroid.com/job/cd_selinux/)|
 
 ### Synopsis
 [Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies.](https://en.wikipedia.org/wiki/Security-Enhanced_Linux)
@@ -34,6 +34,9 @@
 Installation:
 * install binaries required for selinux and  related tools
 
+Configuration
+* manage /etc/sysconfig/selinux file (file system permissions, selinux context, content)
+* manage current selinux status (permissive,enforcing)
 
 
 ### Repo Structure
@@ -68,12 +71,14 @@ The following parameters are editable via params.pp or through ENC (**__recommen
 
 #### Optional Parameters
 * `sx_install_setools`    : Whether to install additional selinux tools, i.e. for troubleshooting.
-
+* `sx_selinux_status`     : Which selinux status should be configured, sets both the status in the configuration file and on commanbd line. Valid options are `enforcing` and `permissive`. Defaults to `enforcing`.
 
 ### SELINUX
 All files and directories are configured with correct selinux context. If selinux is disabled, these contexts are ignored.
 
 ### Known Problems
+* Systems configured with selinux disabled require a reboot for selinux to be enabled. This module will **__not__** do the reboot for you to avoid unexpected outages.
+
 
 ### Support
 * OS: CentOS 6, 7

doc/_index.html

@@ -127,7 +127,7 @@
 </div>
 
       <div id="footer">
-  Generated on Thu Jul 20 14:47:32 2017 by
+  Generated on Thu Aug  3 13:35:48 2017 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.9 (ruby-2.0.0).
 </div>

doc/file.README.html

@@ -61,7 +61,7 @@
 <p>|Repo Name| version | Build
 Status|
 |---|---|---|---|
-|<code>cd_selinux</code>| 0.0.0.3 | <a
+|<code>cd_selinux</code>| 0.0.1.0 | <a
 href="https://jenkins.confdroid.com/buildStatus/icon?job=cd_selinux">{Build
 Status</a>/]|</p>
 
@@ -128,6 +128,12 @@ href="https://gitlab.puppetsoft.com/12WW1160/cd_selinux/blob/master/CHANGELOG.md
 <p>Installation:
 * install binaries required for selinux and related tools</p>
 
+<p>Configuration
+* manage /etc/sysconfig/selinux file (file system
+permissions, selinux context, content)
+* manage current selinux status
+(permissive,enforcing)</p>
+
 <h3 id="label-Repo+Structure">Repo Structure</h3>
 
 <p>Repostructure has moved to REPOSTRUCTURE.md in repo.</p>
@@ -173,6 +179,11 @@ at next puppet run. Services will be restarted where neccessary.</p>
 <ul><li>
 <p><code>sx_install_setools</code> : Whether to install additional selinux
 tools, i.e. for troubleshooting.</p>
+</li><li>
+<p><code>sx_selinux_status</code> : Which selinux status should be configured,
+sets both the status in the configuration file and on commanbd line. Valid
+options are <code>enforcing</code> and <code>permissive</code>. Defaults to
+<code>enforcing</code>.</p>
 </li></ul>
 
 <h3 id="label-SELINUX">SELINUX</h3>
@@ -181,6 +192,11 @@ tools, i.e. for troubleshooting.</p>
 selinux is disabled, these contexts are ignored.</p>
 
 <h3 id="label-Known+Problems">Known Problems</h3>
+<ul><li>
+<p>Systems configured with selinux disabled require a reboot for selinux to be
+enabled. This module will <strong>not</strong> do the reboot for you to
+avoid unexpected outages.</p>
+</li></ul>
 
 <h3 id="label-Support">Support</h3>
 <ul><li>
@@ -235,7 +251,7 @@ environments.</p>
 </div></div>
 
       <div id="footer">
-  Generated on Thu Jul 20 14:47:33 2017 by
+  Generated on Thu Aug  3 13:35:49 2017 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.9 (ruby-2.0.0).
 </div>

doc/index.html

@@ -61,7 +61,7 @@
 <p>|Repo Name| version | Build
 Status|
 |---|---|---|---|
-|<code>cd_selinux</code>| 0.0.0.3 | <a
+|<code>cd_selinux</code>| 0.0.1.0 | <a
 href="https://jenkins.confdroid.com/buildStatus/icon?job=cd_selinux">{Build
 Status</a>/]|</p>
 
@@ -128,6 +128,12 @@ href="https://gitlab.puppetsoft.com/12WW1160/cd_selinux/blob/master/CHANGELOG.md
 <p>Installation:
 * install binaries required for selinux and related tools</p>
 
+<p>Configuration
+* manage /etc/sysconfig/selinux file (file system
+permissions, selinux context, content)
+* manage current selinux status
+(permissive,enforcing)</p>
+
 <h3 id="label-Repo+Structure">Repo Structure</h3>
 
 <p>Repostructure has moved to REPOSTRUCTURE.md in repo.</p>
@@ -173,6 +179,11 @@ at next puppet run. Services will be restarted where neccessary.</p>
 <ul><li>
 <p><code>sx_install_setools</code> : Whether to install additional selinux
 tools, i.e. for troubleshooting.</p>
+</li><li>
+<p><code>sx_selinux_status</code> : Which selinux status should be configured,
+sets both the status in the configuration file and on commanbd line. Valid
+options are <code>enforcing</code> and <code>permissive</code>. Defaults to
+<code>enforcing</code>.</p>
 </li></ul>
 
 <h3 id="label-SELINUX">SELINUX</h3>
@@ -181,6 +192,11 @@ tools, i.e. for troubleshooting.</p>
 selinux is disabled, these contexts are ignored.</p>
 
 <h3 id="label-Known+Problems">Known Problems</h3>
+<ul><li>
+<p>Systems configured with selinux disabled require a reboot for selinux to be
+enabled. This module will <strong>not</strong> do the reboot for you to
+avoid unexpected outages.</p>
+</li></ul>
 
 <h3 id="label-Support">Support</h3>
 <ul><li>
@@ -235,7 +251,7 @@ environments.</p>
 </div></div>
 
       <div id="footer">
-  Generated on Thu Jul 20 14:47:33 2017 by
+  Generated on Thu Aug  3 13:35:48 2017 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.9 (ruby-2.0.0).
 </div>

doc/puppet_classes/cd_selinux.html

@@ -139,7 +139,7 @@ class cd_selinux {
 </div>
 
       <div id="footer">
-  Generated on Thu Jul 20 14:47:33 2017 by
+  Generated on Thu Aug  3 13:35:49 2017 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.9 (ruby-2.0.0).
 </div>

doc/puppet_classes/cd_selinux_3A_3Amain_3A_3Aconfig.html

@@ -136,7 +136,15 @@ href="http://www.gnu.org/licenses">www.gnu.org/licenses</a>/.</p>
 27
 28
 29
-30</pre>
+30
+31
+32
+33
+34
+35
+36
+37
+38</pre>
       </td>
       <td>
         <pre class="code"><span class="info file"># File 'manifests/main/config.pp', line 24</span>
@@ -147,6 +155,14 @@ class cd_selinux::main::config (
 
   include cd_selinux::main::files
 
+  if $sx_selinux_status  == &#39;enforcing&#39; {
+    exec { &#39;set_selinux_status&#39;:
+      command   =&gt;  &#39;setenforce 1&#39;,
+      path      =&gt;  [&#39;/usr/sbin&#39;,&#39;/usr/bin&#39;],
+      provider  =&gt;  shell,
+      unless    =&gt;  &#39;getenforce | grep -i &quot;enforcing&quot;&#39;
+    }
+  }
 }</pre>
       </td>
     </tr>
@@ -155,7 +171,7 @@ class cd_selinux::main::config (
 </div>
 
       <div id="footer">
-  Generated on Thu Jul 20 14:47:34 2017 by
+  Generated on Thu Aug  3 13:35:49 2017 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.9 (ruby-2.0.0).
 </div>

doc/puppet_classes/cd_selinux_3A_3Amain_3A_3Adirs.html

@@ -176,7 +176,7 @@ class cd_selinux::main::dirs (
 </div>
 
       <div id="footer">
-  Generated on Thu Jul 20 14:47:33 2017 by
+  Generated on Thu Aug  3 13:35:49 2017 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.9 (ruby-2.0.0).
 </div>

doc/puppet_classes/cd_selinux_3A_3Amain_3A_3Afiles.html

@@ -178,7 +178,7 @@ class cd_selinux::main::files (
 </div>
 
       <div id="footer">
-  Generated on Thu Jul 20 14:47:34 2017 by
+  Generated on Thu Aug  3 13:35:49 2017 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.9 (ruby-2.0.0).
 </div>

doc/puppet_classes/cd_selinux_3A_3Amain_3A_3Ainstall.html

@@ -173,7 +173,7 @@ class cd_selinux::main::install (
 </div>
 
       <div id="footer">
-  Generated on Thu Jul 20 14:47:34 2017 by
+  Generated on Thu Aug  3 13:35:49 2017 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.9 (ruby-2.0.0).
 </div>

doc/puppet_classes/cd_selinux_3A_3Aparams.html

@@ -186,12 +186,20 @@ tools, i.e. for troubleshooting.</p>
       
         &mdash;
         <div class='inline'>
-<p>The desired selinux status. Valid values
+<p>The desired selinux status. Used for both
-are <code>enforcing</code>,
+managing the configuration file
-`<code>permissive</code>, <code>disabled</code>. Note that changing from
+as well as the command line (setenforce).
-disabled
+Valid values are
-to any othe other types requires a manual reboot to relable the
+<code>enforcing</code> and <code>permissive</code>. While the configuration
-file system.</p>
+file
+supports another option &#39;disabled&#39;, this option is not
+available on
+commandline. Note that changing the active selinux status from
+<code>disabled</code>
+to any the other types requires a manual reboot to
+re-lable the file system.
+This module does not do that for you to avoid
+unexpected outages.</p>
 </div>
       
     </li>
@@ -226,10 +234,6 @@ file system.</p>
         <pre class="lines">
 
 
-34
-35
-36
-37
 38
 39
 40
@@ -256,10 +260,14 @@ file system.</p>
 61
 62
 63
-64</pre>
+64
+65
+66
+67
+68</pre>
       </td>
       <td>
-        <pre class="code"><span class="info file"># File 'manifests/params.pp', line 34</span>
+        <pre class="code"><span class="info file"># File 'manifests/params.pp', line 38</span>
 
 class cd_selinux::params (
 
@@ -299,7 +307,7 @@ $sx_main_file_erb   = &#39;cd_selinux/main/selinux_config.erb&#39;
 </div>
 
       <div id="footer">
-  Generated on Thu Jul 20 14:47:33 2017 by
+  Generated on Thu Aug  3 13:35:49 2017 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.9 (ruby-2.0.0).
 </div>

doc/top-level-namespace.html

@@ -90,7 +90,7 @@
 </div>
 
       <div id="footer">
-  Generated on Thu Jul 20 14:47:33 2017 by
+  Generated on Thu Aug  3 13:35:49 2017 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.9 (ruby-2.0.0).
 </div>

manifests/main/config.pp

@@ -27,4 +27,12 @@ class cd_selinux::main::config (
 
   include cd_selinux::main::files
 
+  if $sx_selinux_status  == 'enforcing' {
+    exec { 'set_selinux_status':
+      command   =>  'setenforce 1',
+      path      =>  ['/usr/sbin','/usr/bin'],
+      provider  =>  shell,
+      unless    =>  'getenforce | grep -i "enforcing"'
+    }
+  }
 }

manifests/params.pp

@@ -25,9 +25,13 @@
 #   to choose, i.e. `latest` or `present`.
 # @param  [boolean] sx_install_setools Whether to install additional selinux
 #   tools, i.e. for troubleshooting.
-# @param  [string] sx_selinux_status The desired selinux status. Valid values
+# @param  [string] sx_selinux_status The desired selinux status. Used for both
-#   are `enforcing`, ``permissive`, `disabled`. Note that changing from disabled
+#   managing the configuration file as well as the command line (setenforce).
-#   to any othe other types requires a manual reboot to relable the file system.
+#   Valid values are `enforcing` and `permissive`. While the configuration file
+#   supports another  option 'disabled', this option is not available on
+#   commandline.  Note that changing the active selinux status from `disabled`
+#   to any the other types requires a manual reboot to re-lable the file system.
+#   This module does not do that for you to avoid unexpected outages.
 # @param  [string]  sx_selinux_type The desired selinux type. Valid options are
 #   `targeted`, `minimum` and `mls`.
 ##############################################################################