I realise I've b0rked the syntax. I meant this:
class common {
class { selinux: mode => enforcing }
...
...
}
node server1 {
include common
}
node server2 {
include common
class { selinux: mode => permissive }
}
I'm trying to achieve that all servers have SELinux in enforcing by
default, unless explicitly specified otherwise. Is this possible?
Thanks,
Jonathan
On 06/01/12 09:38, Jonathan Gazeley wrote:
I manage quite a few CentOS 6 servers with puppet, and I want to start
using puppet-selinux[1] to enable/disable it.
My "common" node class, inherited by all servers, should say that all
servers run SELinux in enforcing mode. But on one or two servers I want
to run in permissive mode for various reasons.
Am I right in thinking that doing the following will cause a conflict,
as selinux is applied twice? Is there a better way of achieving this?
class common {
include selinux(enforcing)
...
...
}
node server1 {
include common
}
node server2 {
include common
include selinux(permissive)
}
Thanks,
Jonathan
[1] https://github.com/jfryman/puppet-selinux
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
