Allow Keepalived to read haproxy pid file

Keepalived, luckily for us, currently ship an example file of a SELinux rule to read haproxy pid. We could simply use this available file to compile the selinux rules. Change-Id: I8e6d811bca7553d82591a6c96f4316377d0d1829 Fixes-Bug: #1702123
2017-08-17 10:08:01 +00:00 · 2017-08-17 10:08:01 +00:00 · 2bf2d65c4d
commit 2bf2d65c4d
parent b7a0dedbf5
1 changed files with 3 additions and 0 deletions
--- a/group_vars/haproxy_all.yml
+++ b/group_vars/haproxy_all.yml
@ -15,6 +15,9 @@

 haproxy_bind_on_non_local: "{% if groups.haproxy|length > 1 %}True{% else %}False{% endif %}"
 haproxy_use_keepalived: "{% if groups.haproxy|length > 1 %}True{% else %}False{% endif %}"
+keepalived_selinux_compile_rules:
+  - keepalived_ping
+  - keepalived_haproxy_pid_file

 # Ensure that the package state matches the global setting
 haproxy_package_state: "{{ package_state }}"