From 464b49ae0ed3a78d1cdd7fa64fbc13c2eed4c9cf Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Wed, 8 Jul 2015 22:25:46 +0000
Subject: [PATCH] Bring fixes from prod back to ansible

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 roles/people/files/people.conf |  6 +-----
 roles/people/files/planet.conf | 20 +++++++++++---------
 roles/people/tasks/main.yml    | 16 ++++++++++++++++
 3 files changed, 28 insertions(+), 14 deletions(-)

diff --git a/roles/people/files/people.conf b/roles/people/files/people.conf
index 0d88832be8..2abcdef437 100644
--- a/roles/people/files/people.conf
+++ b/roles/people/files/people.conf
@@ -12,11 +12,7 @@ NameVirtualHost *:80
   RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [L,R]
 </VirtualHost>
 
-# This is particularly ugly - these have to be updated if the box moves.
-NameVirtualHost 152.19.134.196:443
-NameVirtualHost [2610:28:3090:3001:5054:ff:feff:683f]:443
-
-<VirtualHost 152.19.134.196:443 [2610:28:3090:3001:5054:ff:feff:683f]:443>
+<VirtualHost *:443>
   ##
   # Domain: people.fedoraproject.org fedorapeople.org
   # Owner: admin@fedoraproject.org
diff --git a/roles/people/files/planet.conf b/roles/people/files/planet.conf
index 5aeaeb89c5..2444ff9d9e 100644
--- a/roles/people/files/planet.conf
+++ b/roles/people/files/planet.conf
@@ -15,6 +15,11 @@
     UserDir disable
     AddCharset UTF-8 .xml
 
+    <Location />
+        Require all granted
+        Options FollowSymLinks
+    </Location>
+
     <Location /images/>
         ExpiresActive On
         ExpiresDefault "access plus 5 days"
@@ -25,16 +30,12 @@
         ExpiresDefault "access plus 5 days"
     </Location>
 
-    <Directory "/srv/planet/site/">
-      Options Indexes FollowSymLinks
-    </Directory>
-
     RedirectMatch 301 /favicon\.ico$ http://fedoraproject.org/static/images/favicon.ico
     Redirect /ldc http://fedoraldc.wordpress.com/feed/
     Alias /justfedora /srv/planet/site/edited
 
 </VirtualHost>
-<VirtualHost 152.19.134.196:443 [2610:28:3090:3001:5054:ff:feff:683f]:443>
+<VirtualHost *:443>
     ##
     # Domain: planet.fedoraproject.org
     # Owner: admin@fedoraproject.org
@@ -59,6 +60,11 @@
     UserDir disable
     AddCharset UTF-8 .xml
 
+    <Location />
+        Require all granted
+        Options FollowSymLinks
+    </Location>
+
     <Location /images/>
         ExpiresActive On
         ExpiresDefault "access plus 5 days"
@@ -69,10 +75,6 @@
         ExpiresDefault "access plus 5 days"
     </Location>
 
-    <Directory "/srv/planet/site/">
-      Options Indexes FollowSymLinks
-    </Directory>
-
     RedirectMatch 301 /favicon\.ico$ https://fedoraproject.org/static/images/favicon.ico
     Redirect /ldc http://fedoraldc.wordpress.com/feed/
     Alias /justfedora /srv/planet/site/edited
diff --git a/roles/people/tasks/main.yml b/roles/people/tasks/main.yml
index c8e0be40bb..40a14cacdf 100644
--- a/roles/people/tasks/main.yml
+++ b/roles/people/tasks/main.yml
@@ -74,6 +74,22 @@
   - config
   - selinux
 
+- name: check the selinux context of the planet dir
+  command: matchpathcon "/srv/planet(/.*)?"
+  register: gitcontext
+  always_run: yes
+  changed_when: false
+  tags:
+  - config
+  - selinux
+
+- name: set the SELinux policy for the planet dir
+  command: semanage fcontext -a -t httpd_sys_content_t "/srv/planet(/.*)?"
+  when: gitcontext.stdout.find('httpd_sys_content_t') == -1
+  tags:
+  - config
+  - selinux
+
 #
 # This sets the default, it's safe to always run. 
 # Default quota for users is 2gb