adding selinux changes to allow for alternate port ssh with phabricator, declaring ssh port for qadevel, qa-stg

inventory/group_vars/qa-stg

@@ -20,6 +20,7 @@ virt_install_command: /usr/bin/virt-install -n {{ inventory_hostname }} -r {{ me
                  --network=bridge=br0,model=virtio --autostart --noautoconsole
 
 sshd_config: ssh/sshd_config.qa-stg
+sshd_port: 222
 external_hostname: qadevel-stg.cloud.fedoraproject.org
 
 sslcertfile: qa-stg.qa.fedoraproject.org.cert

inventory/group_vars/qadevel

@@ -14,6 +14,9 @@ freezes: false
 
 tcp_ports: [ 80, 222, 443, "{{ buildslave_port }}", 222]
 
+sshd_port: 222
+sshd_config: ssh/sshd_config.qadevel
+
 sslcertfile: wildcard.qadevel.cloud.fedoraproject.org.crt
 sslkeyfile: wildcard.qadevel.cloud.fedoraproject.org.key
 sslintermediatecertfile: wildcard.qadevel.cloud.fedoraproject.org.intermediate.crt

roles/phabricator/tasks/main.yml

@@ -107,6 +107,14 @@
   service: name=phabricator-sshd enabled=yes state=started
   when: enable_phabricator_git
 
+- name: check to see if sshd port is already known by selinux
+  shell: semanage port -l | grep ssh
+  register: sshd_selinux_port
+
+- name: allow alternate sshd port
+  command: semanage port -a -t ssh_port_t -p tcp {{ sshd_port }}
+  when: sshd_selinux_port.stdout.find('{{ sshd_port }}') == -1
+
 - name: generate phabricator phd service file
   template: src=phd.service.j2 dest=/lib/systemd/system/phd.service owner=root group=root mode=0644