Handle base images that have selinux disabled

The CentOS 6 base image has selinux set to disabled. Because of this, it
requires a stepping through permissive with a relabel during a reboot.
Unfortunately you can't have the scripts issue the reboot without
vagrant getting annoyed.

Change-Id: Ia46348162df9dc5deabf3a6d1907ca54cbd97b33
Signed-off-by: Andrew Grimberg <agrimberg@linuxfoundation.org>

diff --git a/vagrant/rackspace-convert-base/Vagrantfile b/vagrant/rackspace-convert-base/Vagrantfile
index 9581545aef9aa2beaeaa31f415e18455e372f4f9..f9da867dd723c006bdbea6dfe4809076b57932c2 100644 (file)
--- a/vagrant/rackspace-convert-base/Vagrantfile
+++ b/vagrant/rackspace-convert-base/Vagrantfile
@@ -49,13 +49,13 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
     end
   end
 
-  # disable the default requiretty for sudo that Fedora and CentOS have
-  config.vm.provision 'shell', path: 'remove_requiretty.sh'
-
   # Do a full system update and force enforcing on (it's in permissive
   # by default in the rackspace base images)
   config.vm.provision 'shell', path: 'bootstrap.sh'
 
+  # disable the default requiretty for sudo that Fedora and CentOS have
+  config.vm.provision 'shell', path: 'remove_requiretty.sh'
+
   # Execute a system clean-up in prep for imaging so that this base
   # image can be used for other Rackspace Vagrant configurations
   config.vm.provision 'shell', path: 'system_reseal.sh'

diff --git a/vagrant/rackspace-convert-base/bootstrap.sh b/vagrant/rackspace-convert-base/bootstrap.sh
index 76c3d685db62da480f9c3a6452c538fd3e560f81..7590f33c917abb1cb61b1ca9b09f1909ba50d046 100644 (file)
--- a/vagrant/rackspace-convert-base/bootstrap.sh
+++ b/vagrant/rackspace-convert-base/bootstrap.sh
@@ -1,10 +1,22 @@
 #!/bin/bash
 
-# enable enforcing mode from the very start
-setenforce enforcing
+# vim: ts=4 sw=4 sts=4 et :
 
-# configure system for enforcing mode on next boot
-sed -i 's/SELINUX=permissive/SELINUX=enforcing/' /etc/selinux/config
+# Handle the occurance where SELINUX is actually disabled
+if [ `grep SELINUX=permissive /etc/selinux/config` ]; then
+    # enable enforcing mode from the very start
+    setenforce enforcing
 
-yum clean all
-yum update -y
+    # configure system for enforcing mode on next boot
+    sed -i 's/SELINUX=permissive/SELINUX=enforcing/' /etc/selinux/config
+else
+    sed -i 's/SELINUX=disabled/SELINUX=permissive/' /etc/selinux/config
+    touch /.autorelabel
+
+    echo "*******************************************"
+    echo "** SYSTEM REQUIRES A RESTART FOR SELINUX **"
+    echo "*******************************************"
+fi
+
+yum clean all -q
+yum update -y -q

diff --git a/vagrant/rackspace-convert-base/remove_requiretty.sh b/vagrant/rackspace-convert-base/remove_requiretty.sh
index a624cac14622f294e1f5990d2dc6891dbfb9dd5b..d6544a60a7a5ffd3446fc4c58e7c986ce30cca6c 100644 (file)
--- a/vagrant/rackspace-convert-base/remove_requiretty.sh
+++ b/vagrant/rackspace-convert-base/remove_requiretty.sh
@@ -1,2 +1,5 @@
 #!/bin/bash
-/bin/sed -i 's/requiretty/!requiretty/' /etc/sudoers;
+
+# Make sure we have the leading space so multiple runs
+# are idempotent
+/bin/sed -i 's/ requiretty/ !requiretty/' /etc/sudoers;

diff --git a/vagrant/rackspace-convert-base/system_reseal.sh b/vagrant/rackspace-convert-base/system_reseal.sh
index ba54ce2f19a883382d1a9d2ef9baf67ba77545ac..95811fa7899c6370c0042183dfba9a3048856ae7 100644 (file)
--- a/vagrant/rackspace-convert-base/system_reseal.sh
+++ b/vagrant/rackspace-convert-base/system_reseal.sh
@@ -1,5 +1,16 @@
 #!/bin/bash
 
+# vim: sw=2 ts=2 sts=2 et :
+
+if [ -f /.autorelabel ]; then
+  echo "**********************************************"
+  echo "* SYSTEM REQUIRES RELABELING SKIPPING RESEAL *"
+  echo "*     PLEASE RESTART SYSTEM AND RERUN        *"
+  echo "*           PROVISIONING SCRIPTS             *"
+  echo "**********************************************"
+  exit 1;
+fi
+
 # clean-up from any prior cloud-init networking
 rm -rf /etc/sysconfig/network-scripts/{ifcfg,route}-eth*