From 196d20086c1908ef9e0c809fc31b72b0d9824cee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= <aurelien@bompard.org>
Date: Fri, 26 Mar 2021 12:10:58 +0100
Subject: [PATCH] Some Ipsilon fixes for the new openid api extension
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
---
 roles/ipsilon/tasks/main.yml | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/roles/ipsilon/tasks/main.yml b/roles/ipsilon/tasks/main.yml
index 8e16297678..20d9d77e5e 100644
--- a/roles/ipsilon/tasks/main.yml
+++ b/roles/ipsilon/tasks/main.yml
@@ -19,7 +19,9 @@
   - ipsilon-tools-ipa
   - mod_auth_openidc
   - mod_auth_gssapi
-  - python-psycopg2
+  - python3-psycopg2
+  # For the openid api extension
+  - python3-freeipa
   # For the playbook itself
   - git
   - krb5-workstation
@@ -318,6 +320,14 @@
   tags:
   - ipsilon
 
+- name: set sebooleans so ipsilon can talk to IPA for the openid extension
+  seboolean:
+    name: httpd_can_network_connect
+    state: true
+    persistent: true
+  tags:
+  - ipsilon
+
 - name: apply selinux type to the wsgi file
   file:
     dest: /usr/libexec/ipsilon