From 4697e670434d01464723d3f3da6608ea6d650cf2 Mon Sep 17 00:00:00 2001
From: Jan Grulich <jgrulich@redhat.com>
Date: Tue, 7 Apr 2015 13:42:15 +0200
Subject: [PATCH 6/6] Add force mode BUG:1205691

---
 sapconf     | 33 +++++++++++++++++++--------------
 sapconf.man |  7 ++++---
 2 files changed, 23 insertions(+), 17 deletions(-)

diff --git a/sapconf b/sapconf
index 58096fe..bad7736 100755
--- a/sapconf
+++ b/sapconf
@@ -20,10 +20,11 @@
 # requires: tuned-profiles-sap
 #
 # options:
-#   -f <file> : uses the given file instead of /etc/sysconfig/sap (FUTURE USE)
-#   -n        : just check and don't modify
-#   -q        : quiet, no output
-#   -d <dbtyp>: used to set special parameters for Sybase and Oracle
+#   -d <dbtyp>   : used to set special parameters for Sybase and Oracle, respectively (i.e. sybase|syb|oracle|ora)
+#   -f           : FORCE mode: do actions which are not required, but makes your life easier (i.e. disable firewall)
+#   -n           : CHECK_ONLY mode: no modification will be made to the system
+#   -q           : quiet execution. log file directory: /var/log/sap
+#   -h           : help message
 #
 # returncodes:
 #       0 : all works well
@@ -53,6 +53,7 @@ export LOGFILE=${LOGDIR}/${SCRIPTNAME}-$(date +"%Y%m%d%H%M").log
 
 SAP_NOTE_RHEL7="SAP Note 2002167"
 CHECK_ONLY=0
+FORCE_MODE=0
 QUIET=0
 # rec_count counts the number of lines of variable array REC[] that contains recommendations to be put at the end of the $LOGFILE
 rec_count=0
@@ -115,10 +116,11 @@ ORA_EXTRA_RPMS="@development libaio libaio-devel compat-libstdc++-33 elfutils-li
 #    1
 function usage() {
 cat << EOU
-Usage: $0 [-d <dbtype>] [-n] [-q]
+Usage: $0 [-d <dbtype>] [-f] [-n] [-q]
 
    -d <dbtyp>   : used to set special parameters for Sybase and Oracle, respectively (i.e. sybase|syb|oracle|ora)
-   -n           : CHECK_ONLY mode: check only, no modification will be made to the system
+   -f           : FORCE mode: do actions which are not required, but makes your life easier (i.e. disable firewall)
+   -n           : CHECK_ONLY mode: no modification will be made to the system
    -q           : quiet execution. log file directory: /var/log/sap
    -h           : help message
 
@@ -639,7 +639,12 @@ function check_security() {
 # SELinux needs to be permissive or disabled
 SELINUX_CONFIG=/etc/selinux/config
 if egrep -q "^SELINUX=['\"]?enforcing" $SELINUX_CONFIG; then
-        rec "SELinux is configured to be booted in enforcing mode. It's recommended to set to permissive. Please check $SAP_NOTE_RHEL7 for details."
+        if [ $FORCE_MODE == 1 ]; then
+                sed -i "s/^SELINUX=['\"]\?enforcing/SELINUX=permissive/" $SELINUX_CONFIG
+                out "Configuring SELinux to be permissive..."
+        else
+                rec "SELinux is configured to be booted in enforcing mode. It's recommended to set to permissive. Please check $SAP_NOTE_RHEL7 for details."
+        fi
 else
     if egrep -q "^SELINUX=['\"]?disabled" $SELINUX_CONFIG; then
         rec "SElinux is configured to be disabled on boot. It's recommended to be set to permissive, however your system may then require to be relabeled. Please check $SAP_NOTE_RHEL7 for details."
@@ -655,7 +657,7 @@ fi
 
 # Firewall needs to be off
 if systemctl status firewalld.service > /dev/null 2>&1 ; then
-   if [ $CHECK_ONLY == 0 ]; then
+   if [ $FORCE_MODE == 1 ]; then
       # disable firewall or open required ports
       systemctl disable firewalld.service > /dev/null 2>&1
       systemctl stop firewalld.service > /dev/null 2>&1
@@ -905,18 +907,9 @@ done
 #
 ####################################################################################
 
-while getopts "nqhf:d:" opt; do
+while getopts "c:d:fhnq" opt; do
   case $opt in
-    n)
-      CHECK_ONLY=1
-      ;;
-    q)
-      QUIET=1
-      ;;
-    h)
-      usage
-      ;;
-    f)
+    c)
       SAPCONFIG=$OPTARG
       [ ! -r $SAPCONFIG ] && error "File $SAPCONFIG does not exist" 2
       . $SAPCONFIG
@@ -924,6 +917,18 @@ while getopts "nqhf:d:" opt; do
     d)
       dbtyp=$OPTARG
         ;;
+    f)
+      FORCE_MODE=1
+      ;;
+    h)
+      usage
+      ;;
+    n)
+      CHECK_ONLY=1
+      ;;
+    q)
+      QUIET=1
+      ;;
     *)
       usage
       ;;
diff --git a/sapconf.man b/sapconf.man
index 0d49cdf..57e50fd 100644
--- a/sapconf.man
+++ b/sapconf.man
@@ -4,7 +4,7 @@
 .SH NAME
 sapconf \- prepares fresh installed RHEL for installation of SAP
 .SH SYNOPSIS
-sapconf [-d <dbtype>] [-n] [-q]
+sapconf [-d <dbtype>] [-f] [-n] [-q]
 
 .SH DESCRIPTION
 sapconf is a shell program for configuring/checking a Red Hat Enterprise Linux system according to the follwing SAP Notes:
@@ -21,9 +21,10 @@ SE Linux status will only be checked.
 
 .SH OPTIONS
 
-   -n           : CHECK_ONLY mode: check only, no modification will be made to the system
+   -d <dbtyp>   : used to set special parameters for Sybase and Oracle, respectively (i.e. sybase|syb|oracle|ora)
+   -f           : FORCE mode: do actions which are not required, but makes your life easier (i.e. disable firewall)
+   -n           : CHECK_ONLY mode: no modification will be made to the system
    -q           : quiet execution. log file directory: /var/log/sap
-   -d <dbtype>  : used to set special parameters for Sybase and Oracle, respectively (i.e. sybase|syb|oracle|ora|db2|ada)
    -h           : help message
 
 .\.SH SEE ALSO
-- 
2.1.0