Ignore SELinux labels for systemd::service_limits

The SELinux labels needs to be ignored by the systemd module or it will not be idempotent. Bump the systemd minimum version to 2.10.0 Closes: #836
voxpupuli · Aug 24, 2020 · 4d68213 · 4d68213
1 parent b05b6b2
commit 4d68213
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 3 deletions.
diff --git a/manifests/config.pp b/manifests/config.pp
@@ -230,10 +230,16 @@
   }
 
   if $facts['systemd'] { # systemd fact provided by systemd module
+    $selinux_ignore_defaults_real = $::os['family'] ? {
+      'RedHat' => true,
+      default  => false,
+    }
+
     systemd::service_limits { "${service_name}.service":
-      limits          => { 'LimitNOFILE' => $file_limit },
+      selinux_ignore_defaults => $selinux_ignore_defaults_real,
+      limits                  => { 'LimitNOFILE' => $file_limit },
       # The service will be notified when config changes
-      restart_service => false,
+      restart_service         => false,
     }
   }
 

diff --git a/metadata.json b/metadata.json
@@ -69,7 +69,7 @@
     },
     {
       "name": "camptocamp/systemd",
-      "version_requirement": ">= 2.1.0 < 3.0.0"
+      "version_requirement": ">= 2.10.0 < 3.0.0"
     }
   ],
   "tags": [

diff --git a/spec/classes/rabbitmq_spec.rb b/spec/classes/rabbitmq_spec.rb
@@ -148,8 +148,15 @@
           end
 
           if facts[:systemd]
+            selinux_ignore_defaults = if facts[:os]['family'] == 'RedHat'
+              true
+            else
+              false
+            end
+
             it do
               is_expected.to contain_systemd__service_limits("#{name}.service").
+                with_selinux_ignore_defaults(selinux_ignore_defaults).
                 with_limits('LimitNOFILE' => value).
                 with_restart_service(false)
             end