Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

openqa/worker: create custom SELinux module directory first

Browse source 
Whoops. Also order these things a bit better.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
This commit is contained in:
Adam Williamson 2021-12-14 15:54:38 -08:00
parent edc4caa833
commit 2320eef5ee
1 changed files with 9 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

12
roles/openqa/server/tasks/main.yml
View file

@ -288,9 +288,11 @@
- openqa-websockets - openqa-websockets
- openqa-gru - openqa-gru
# we used to set this as a bigger hammer to let httpd connect to openQA - name: Create somewhere to stick our custom SELinux module
- name: Unset httpd_can_network_connect SELinux boolean file:
seboolean: name=httpd_can_network_connect state=no persistent=yes path: /usr/local/share/selinux
state: directory
mode: '0755'
- name: Copy over custom SELinux module allowing httpd to connect to openQA - name: Copy over custom SELinux module allowing httpd to connect to openQA
copy: src=httpd-openqa.pp dest=/usr/local/share/selinux/httpd-openqa.pp owner=root group=root mode=0644 copy: src=httpd-openqa.pp dest=/usr/local/share/selinux/httpd-openqa.pp owner=root group=root mode=0644
@ -300,6 +302,10 @@
command: semodule -i /usr/local/share/selinux/httpd-openqa.pp command: semodule -i /usr/local/share/selinux/httpd-openqa.pp
when: selinux_module is changed when: selinux_module is changed
# we used to set this as a bigger hammer to let httpd connect to openQA
- name: Unset httpd_can_network_connect SELinux boolean
seboolean: name=httpd_can_network_connect state=no persistent=yes
- name: Allow Apache to read from NFS (as we store test data files there now) - name: Allow Apache to read from NFS (as we store test data files there now)
seboolean: name=httpd_use_nfs state=yes persistent=yes seboolean: name=httpd_use_nfs state=yes persistent=yes