Operations grimoire/RHEL

From Nasqueron Agora
< Operations grimoire
Revision as of 23:35, 30 May 2023 by Dereckson (talk | contribs) (Created page with "Docker engines servers uses CentOS Stream (e.g. Dwellers) or Rocky (e.g. docker-002). == SELinux == States targeting RHEL machines need to apply the relevant SELinux context to '''each''' directory and file. For example, to apply the context <code>httpd_log_t</code> to <code>/var/log/www</code>: {% set has_selinux = salt['grains.get']('selinux:enabled', False) %} /var/log/www: file.directory: - user: {{ options["www_user"] }} - group...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Docker engines servers uses CentOS Stream (e.g. Dwellers) or Rocky (e.g. docker-002).

SELinux

States targeting RHEL machines need to apply the relevant SELinux context to each directory and file.

For example, to apply the context httpd_log_t to /var/log/www: 

   {% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
   
   /var/log/www:
     file.directory:
       - user: {{ options["www_user"] }}
       - group: web
       - dir_mode: 711
   
  {% if has_selinux %}
   selinux_context_nginx_logs:
     selinux.fcontext_policy_present:
       - name: /var/log/www
       - sel_type: httpd_log_t
   
   selinux_context_nginx_logs_applied:
     selinux.fcontext_policy_applied:
       - name: /var/log/www
   {% endif %}

You'll find examples in rOPS: roles/paas-docker/containers/ files.

For booleans (sebool) or custom policies, you'll find examples in rOPS: roles/paas-docker/nginx/selinux.sls

Retrieved from "https://agora.nasqueron.org/index.php?title=Operations_grimoire/RHEL&oldid=1363"