From 2bf2d65c4dcd17219187fd12014ae87e346199b7 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Evrard <jean-philippe.evrard@rackspace.co.uk>
Date: Thu, 17 Aug 2017 10:08:01 +0000
Subject: [PATCH] Allow Keepalived to read haproxy pid file

Keepalived, luckily for us, currently ship an example file of
a SELinux rule to read haproxy pid.

We could simply use this available file to compile the selinux
rules.

Change-Id: I8e6d811bca7553d82591a6c96f4316377d0d1829
Fixes-Bug: #1702123
---
 group_vars/haproxy_all.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/group_vars/haproxy_all.yml b/group_vars/haproxy_all.yml
index 5774b2ef6a..bf74ea156d 100644
--- a/group_vars/haproxy_all.yml
+++ b/group_vars/haproxy_all.yml
@@ -15,6 +15,9 @@
 
 haproxy_bind_on_non_local: "{% if groups.haproxy|length > 1 %}True{% else %}False{% endif %}"
 haproxy_use_keepalived: "{% if groups.haproxy|length > 1 %}True{% else %}False{% endif %}"
+keepalived_selinux_compile_rules:
+  - keepalived_ping
+  - keepalived_haproxy_pid_file
 
 # Ensure that the package state matches the global setting
 haproxy_package_state: "{{ package_state }}"