Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sap_hana_install: Add support for fapolicyd #727

Merged
merged 28 commits into from
Jun 14, 2024
Merged

sap_hana_install: Add support for fapolicyd #727

merged 28 commits into from
Jun 14, 2024

Commits on Mar 1, 2024

  1. sap_hana_install: Support fapolicyd 

    Also use role parameters for /hana and /hana/shared where possible.

Signed-off-by: Bernd Finger <[email protected]>
    @berndfinger
    berndfinger committed Mar 1, 2024
    Configuration menu
    Copy the full SHA
    01b3d0a View commit details
    Browse the repository at this point in the history

  2. sap_hana_install: Use "hana" instead of "_hana" 

    ... for the name of the fapolicyd trusted files file.

Signed-off-by: Bernd Finger <[email protected]>
    @berndfinger
    berndfinger committed Mar 1, 2024
    Configuration menu
    Copy the full SHA
    8c32eb4 View commit details
    Browse the repository at this point in the history

Commits on Mar 4, 2024

  1. sap_hana_install: Ensure fapolicyd is present... 

    ... if fapolicyd is to be used.
Also replace yes by true and no by false in defaults/main.yml.

Signed-off-by: Bernd Finger <[email protected]>
    @berndfinger
    berndfinger committed Mar 4, 2024
    Configuration menu
    Copy the full SHA
    1f88415 View commit details
    Browse the repository at this point in the history

  2. sap_hana_install: fapolicyd - fix ansible-lint 

    Signed-off-by: Bernd Finger <[email protected]>
    @berndfinger
    berndfinger committed Mar 4, 2024
    Configuration menu
    Copy the full SHA
    e7dba36 View commit details
    Browse the repository at this point in the history

Commits on Mar 8, 2024

  1. sap_hana_install: Improve the pattern for identifying executables 

    Signed-off-by: Bernd Finger <[email protected]>
    @berndfinger
    berndfinger committed Mar 8, 2024
    Configuration menu
    Copy the full SHA
    aac67af View commit details
    Browse the repository at this point in the history

Commits on Mar 11, 2024

  1. sap_hana_install: fix wrong comment 

    Signed-off-by: Bernd Finger <[email protected]>
    @berndfinger
    berndfinger committed Mar 11, 2024
    Configuration menu
    Copy the full SHA
    dccde01 View commit details
    Browse the repository at this point in the history

Commits on Mar 21, 2024

  1. sap_hana_install: fapolicyd - further improvements 

    - Add all files with mime type pattern '/x-'
- Support more than one directory which contains executable files
- Use a separate fapolicyd trust file for each directory

Signed-off-by: Bernd Finger <[email protected]>
    @berndfinger
    berndfinger committed Mar 21, 2024
    Configuration menu
    Copy the full SHA
    6ff52d2 View commit details
    Browse the repository at this point in the history

  2. sap_hana_install: fapolicyd - necessary changes to defaults/main.yml 

    Signed-off-by: Bernd Finger <[email protected]>
    @berndfinger
    berndfinger committed Mar 21, 2024
    Configuration menu
    Copy the full SHA
    1c0e382 View commit details
    Browse the repository at this point in the history

Commits on Mar 22, 2024

  1. sap_hana_install: fapolicyd - further improvements 

    - add support for setting the fapolicyd integrity levels
  default: sha256
- use /hana/shared and /usr/sap for the directories to be scanned
- rename parameter sap_hana_install_directories_with_executables to
  sap_hana_install_fapolicyd_trusted_directories
- reduce line lengths in some cases

Signed-off-by: Bernd Finger <[email protected]>
    @berndfinger
    berndfinger committed Mar 22, 2024
    Configuration menu
    Copy the full SHA
    936f1ee View commit details
    Browse the repository at this point in the history

  2. sap_hana_install: fapolicyd - use /hana and /usr/sap 

    ... for the paths to be searched for executables, so the paths are
identical to those used to set the file contexts for SELinux

Signed-off-by: Bernd Finger <[email protected]>
    @berndfinger
    berndfinger committed Mar 22, 2024
    Configuration menu
    Copy the full SHA
    adfc634 View commit details
    Browse the repository at this point in the history

  3. sap_hana_install: fapolicyd - modify task name 

    Signed-off-by: Bernd Finger <[email protected]>
    @berndfinger
    berndfinger committed Mar 22, 2024
    Configuration menu
    Copy the full SHA
    b94e9cc View commit details
    Browse the repository at this point in the history

  4. sap_hana_install: fapolicyd - add marker to fapolicyd config file 

    Signed-off-by: Bernd Finger <[email protected]>
    @berndfinger
    berndfinger committed Mar 22, 2024
    Configuration menu
    Copy the full SHA
    73cb99d View commit details
    Browse the repository at this point in the history

  5. sap_hana_install: fapolicyd - simplify marker addition 

    Signed-off-by: Bernd Finger <[email protected]>
    @berndfinger
    berndfinger committed Mar 22, 2024
    Configuration menu
    Copy the full SHA
    8a508c2 View commit details
    Browse the repository at this point in the history

  6. sap_hana_install: fapolicyd - add --check-config 

    ...after modifying the fapolicyd config file

Signed-off-by: Bernd Finger <[email protected]>
    @berndfinger
    berndfinger committed Mar 22, 2024
    Configuration menu
    Copy the full SHA
    adc3e9b View commit details
    Browse the repository at this point in the history

  7. sap_hana_install: fapolicyd - add config validation 

    Signed-off-by: Bernd Finger <[email protected]>
    @berndfinger
    berndfinger committed Mar 22, 2024
    Configuration menu
    Copy the full SHA
    a0464c1 View commit details
    Browse the repository at this point in the history

Commits on Mar 23, 2024

  1. sap_hana_install: fapolicyd - validate argument for fapolicyd integrity 

    Signed-off-by: Bernd Finger <[email protected]>
    @berndfinger
    berndfinger committed Mar 23, 2024
    Configuration menu
    Copy the full SHA
    10ecc6f View commit details
    Browse the repository at this point in the history

Commits on Mar 25, 2024

  1. sap_hana_install: fapolicyd - also protect shellscripts 

    Signed-off-by: Bernd Finger <[email protected]>
    @berndfinger
    berndfinger committed Mar 25, 2024
    Configuration menu
    Copy the full SHA
    109799c View commit details
    Browse the repository at this point in the history

  2. sap_hana_install: fapolicyd - modify comment for rules file 

    Signed-off-by: Bernd Finger <[email protected]>
    @berndfinger
    berndfinger committed Mar 25, 2024
    Configuration menu
    Copy the full SHA
    b996b88 View commit details
    Browse the repository at this point in the history

  3. sap_hana_install: fapolicyd - add Ansible marker to rules file 

    Signed-off-by: Bernd Finger <[email protected]>
    @berndfinger
    berndfinger committed Mar 25, 2024
    Configuration menu
    Copy the full SHA
    7891bbf View commit details
    Browse the repository at this point in the history

  4. sap_hana_install: fapolicyd - add condition for processing template 

    Signed-off-by: Bernd Finger <[email protected]>
    @berndfinger
    berndfinger committed Mar 25, 2024
    Configuration menu
    Copy the full SHA
    05445d8 View commit details
    Browse the repository at this point in the history

Commits on Mar 26, 2024

  1. sap_hana_install: fapolicyd - add tag sap_hana_install_use_fapolicyd 

    Signed-off-by: Bernd Finger <[email protected]>
    @berndfinger
    berndfinger committed Mar 26, 2024
    Configuration menu
    Copy the full SHA
    7337d3f View commit details
    Browse the repository at this point in the history

Commits on Mar 27, 2024

  1. sap_hana_install: fapolicyd - reorder modificaitons 

    Signed-off-by: Bernd Finger <[email protected]>
    @berndfinger
    berndfinger committed Mar 27, 2024
    Configuration menu
    Copy the full SHA
    cd3ab78 View commit details
    Browse the repository at this point in the history

  2. sap_hana_install: fapolicyd - implement just one rule 

    ... for multiple directories

Signed-off-by: Bernd Finger <[email protected]>
    @berndfinger
    berndfinger committed Mar 27, 2024
    Configuration menu
    Copy the full SHA
    8ed8244 View commit details
    Browse the repository at this point in the history

  3. sap_hana_install: fapolicyd - ansible-lint cleanup 

    ... and some further tweaking

Signed-off-by: Bernd Finger <[email protected]>
    @berndfinger
    berndfinger committed Mar 27, 2024
    Configuration menu
    Copy the full SHA
    3f9fc3a View commit details
    Browse the repository at this point in the history

Commits on Jun 7, 2024

  1. sap_hana_install: fapolicyd - fix wrong true/false in comments in def… 

    …aults/main.yml

Signed-off-by: Bernd Finger <[email protected]>
    @berndfinger
    berndfinger committed Jun 7, 2024
    Configuration menu
    Copy the full SHA
    d0bf4ab View commit details
    Browse the repository at this point in the history

  2. sap_hana_install: fapolicyd - fix wrong false + false entry in comment 

    Signed-off-by: Bernd Finger <[email protected]>
    @berndfinger
    berndfinger committed Jun 7, 2024
    Configuration menu
    Copy the full SHA
    14cd546 View commit details
    Browse the repository at this point in the history

  3. sap_hana_install: fapolicyd - Remove superfluous and wrong comment 

    Signed-off-by: Bernd Finger <[email protected]>
    @berndfinger
    berndfinger committed Jun 7, 2024
    Configuration menu
    Copy the full SHA
    46e6003 View commit details
    Browse the repository at this point in the history

Commits on Jun 11, 2024

  1. sap_hana_install: fapolicyd - rename variables 

    - We use sap_hana_install_shared_path in favor of sap_hana_install_install_path
- If present (e.g. in playbooks or inventories), we use the first directory component
  of sap_hana_install_install_path for sap_hana_install_root_path and we assign
  sap_hana_install_install_path to sap_hana_install_shared_path.

Examples:
If sap_hana_install_install_path is defined as '/hana_01/shared', the following variables
will be set:

sap_hana_install_root_path.: '/hana_01'
sap_hana_install_shared_path: '/hana_01/shared'

If sap_hana_install_install_path is not defined, the following variables will be set:

sap_hana_install_root_path.: '/hana'
sap_hana_install_shared_path: '/hana/shared'

Signed-off-by: Bernd Finger <[email protected]>
    @berndfinger
    berndfinger committed Jun 11, 2024
    Configuration menu
    Copy the full SHA
    08fc76b View commit details
    Browse the repository at this point in the history