diff --git a/REFERENCE.md b/REFERENCE.md
index d3f95de8..9120611a 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -202,6 +202,7 @@ The following parameters are available in the `icinga2` class:
* [`enable`](#-icinga2--enable)
* [`manage_repos`](#-icinga2--manage_repos)
* [`manage_packages`](#-icinga2--manage_packages)
+* [`manage_selinux`](#-icinga2--manage_selinux)
* [`manage_service`](#-icinga2--manage_service)
* [`features`](#-icinga2--features)
* [`purge_features`](#-icinga2--purge_features)
@@ -243,6 +244,15 @@ If set to false packages aren't managed.
Default value: `true`
+##### `manage_selinux`
+
+Data type: `Boolean`
+
+If set to true the icinga selinux package is installed if selinux is enabled. Also requires a
+`selinux_package_name` (icinga2::globals) and `manage_packages` has to be set to true.
+
+Default value: `true`
+
##### `manage_service`
Data type: `Boolean`
diff --git a/manifests/init.pp b/manifests/init.pp
index c04a3ee8..1bdff57a 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -85,6 +85,10 @@
# @param manage_packages
# If set to false packages aren't managed.
#
+# @param manage_selinux
+# If set to true the icinga selinux package is installed if selinux is enabled. Also requires a
+# `selinux_package_name` (icinga2::globals) and `manage_packages` has to be set to true.
+#
# @param manage_service
# If set to true the service is managed otherwise the service also
# isn't restarted if a config file changed.
@@ -114,6 +118,7 @@
Boolean $enable = true,
Boolean $manage_repos = false,
Boolean $manage_packages = true,
+ Boolean $manage_selinux = true,
Boolean $manage_service = true,
Boolean $purge_features = true,
Hash $constants = {},
diff --git a/manifests/install.pp b/manifests/install.pp
index 51335910..7f4cd4b2 100644
--- a/manifests/install.pp
+++ b/manifests/install.pp
@@ -9,6 +9,7 @@
$package_name = $icinga2::globals::package_name
$manage_packages = $icinga2::manage_packages
+ $manage_selinux = $icinga2::manage_selinux
$selinux_package_name = $icinga2::globals::selinux_package_name
$cert_dir = $icinga2::globals::cert_dir
$conf_dir = $icinga2::globals::conf_dir
@@ -23,7 +24,7 @@
before => File[$cert_dir, $conf_dir],
}
- if fact('os.selinux.enabled') and $facts['os']['selinux']['enabled'] and $selinux_package_name {
+ if $manage_selinux and fact('os.selinux.enabled') and $facts['os']['selinux']['enabled'] and $selinux_package_name {
package { $selinux_package_name:
ensure => installed,
require => Package[$package_name],
diff --git a/spec/classes/icinga2_spec.rb b/spec/classes/icinga2_spec.rb
index a555d2fa..8c434b27 100644
--- a/spec/classes/icinga2_spec.rb
+++ b/spec/classes/icinga2_spec.rb
@@ -43,12 +43,30 @@
it { is_expected.to contain_icinga2__feature('notification').with({ 'ensure' => 'present' }) }
end
+ if facts[:os]['family'] == 'RedHat'
+ context 'with fact os.selinux.enabled => false' do
+ let(:facts) do
+ super().merge({ os: { family: 'RedHat', selinux: { enabled: false } } })
+ end
+
+ it { is_expected.not_to contain_package('icinga2-selinux') }
+ end
+
+ context 'with manage_selinux => false' do
+ let(:params) do
+ { manage_selinux: false }
+ end
+
+ it { is_expected.not_to contain_package('icinga2-selinux') }
+ end
+ end
+
context 'with manage_packages => false' do
let(:params) do
{ manage_packages: false }
end
- it { is_expected.not_to contain_package('icinga2').with({ 'ensure' => 'installed' }) }
+ it { is_expected.not_to contain_package('icinga2') }
end
context 'with confd => false' do