Add proper SELinux context and setup appropriate booleans

[d1nuc0m]

Pull Request (PR) description

This should fix issues with SELinux and allow usage in enforcing mode. It works, but as I am not a SELinux expert, permissions for puppetboard and venv files should be reviewed to check if something is missing/permissions should be more restrictive.

Another issue is best practice for certificate path in single node mode - with SELinux enforcing mode Puppetboard can't read files with context puppet_etc_t (and it should be like this) . In my environment I fixed with this snippet

file {
  default:
    require => Class['puppet'],
    notify  => Service['httpd'],
    ;
  '/etc/pki/tls/certs/puppet_server_ca.pem':
    mode   => '0644',
    source => 'file:///etc/puppetlabs/puppet/ssl/certs/ca.pem',
    ;
  '/etc/pki/tls/certs/puppet_server_cert.pem':
    mode   => '0644',
    source => "file:///etc/puppetlabs/puppet/ssl/certs/${networking['fqdn']}.pem",
    ;
  '/etc/pki/tls/private/puppet_server_key.pem':
    owner  => 'puppetboard',
    mode   => '0400',
    source => "file:///etc/puppetlabs/puppet/ssl/private_keys/${networking['fqdn']}.pem",
    ;
}

But probably it is not the best solution, so where should certificates go? /etc/puppetboard/ssl?

This Pull Request (PR) fixes the following issues

Fixes #336 Fixes #365

[d1nuc0m]

Checks fails because CI can't find PostgreSQL 11 packages in the repositories and PuppetDB install fails, this is due to puppetlabs/puppetlabs-puppetdb#379 and puppetlabs/puppetlabs-puppetdb#396 because the failed checks installed puppetlabs-puppetdb v7.14.0

[d1nuc0m]

388 allowed python 7.x module, this uses a more recent stdlib, so using latest puppetdb module should be possible

[bastelfreak]

@d1nuc0m please rebase against our latest master branch to get rid of the python version commit.

[d1nuc0m]

Done, with a bit of tinkering as I also needed to edit metadata.json to add SELinux module.

Regarding tests (IRC), what could/should I add?

@bastelfreak