Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

cleanup: remove all the duplicate tests for selinux python bindings in favor of the ones in base.

Browse source 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi 2020-05-16 10:54:58 -07:00
parent 5432763f39
commit 4b7c31a882
9 changed files with 7 additions and 53 deletions
Download patch file Download diff file Expand all files Collapse all files

25
playbooks/include/proxies-websites.yml
View file

@ -11,31 +11,6 @@
handlers: handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml" - import_tasks: "{{ handlers_path }}/restart_services.yml"
pre_tasks:
- name: install libsemanage
package:
state: present
name:
- policycoreutils-python-utils
- policycoreutils-python
tags:
- httpd
- httpd/website
when: (ansible_distribution == 'RedHat' and ansible_distribution_major_version|int < 8) or (ansible_distribution_major_version|int < 30 and ansible_distribution == 'Fedora')
- name: install libsemanage in a python3 manner
package:
state: present
name:
- python3-policycoreutils
- policycoreutils-python-utils
tags:
- httpd
- httpd/website
when: (ansible_distribution_major_version|int >= 30 and ansible_distribution == 'Fedora') or (ansible_distribution == 'RedHat' and ansible_distribution_major_version|int >= 8)
- name: Create /srv/web/ for all the goodies. - name: Create /srv/web/ for all the goodies.
file: > file: >
dest=/srv/web state=directory dest=/srv/web state=directory

7
roles/base/tasks/main.yml
View file

@ -5,6 +5,9 @@
# Things in here are things we want to do to every machine no matter what. # Things in here are things we want to do to every machine no matter what.
# #
#
# on rhel6 and rhel7 installing policycoreutils-python is all we need for ansible
#
- name: ensure packages required for semanage are installed (rhel 6 and 7) - name: ensure packages required for semanage are installed (rhel 6 and 7)
package: name={{ item }} state=present package: name={{ item }} state=present
with_items: with_items:
@ -13,6 +16,10 @@
- selinux - selinux
when: ansible_distribution_major_version|int < 8 and ansible_distribution == 'RedHat' when: ansible_distribution_major_version|int < 8 and ansible_distribution == 'RedHat'
#
# On fedora and rhel larger than 7, all we need is policycoreutils-python-utils,
# which in turn pulls in python3-policycoreutils
#
- name: ensure packages required for semanage are installed (fedora/rhel8) - name: ensure packages required for semanage are installed (fedora/rhel8)
package: name=policycoreutils-python-utils state=present package: name=policycoreutils-python-utils state=present
when: ansible_distribution_major_version|int > 7 when: ansible_distribution_major_version|int > 7

8
roles/collectd/memcached/tasks/main.yml
View file

@ -8,14 +8,6 @@
- memcached - memcached
notify: restart collectd notify: restart collectd
- name: Ensure that semanage is present
package: name=policycoreutils-python state=present
tags:
- collectd/memcached
- collectd
- memcached
- selinux
- name: lastly, set some selinux booleans - name: lastly, set some selinux booleans
seboolean: name=collectd_tcp_network_connect persistent=yes state=yes seboolean: name=collectd_tcp_network_connect persistent=yes state=yes
tags: tags:

2
roles/download/tasks/main.yml
View file

@ -3,10 +3,8 @@
package: name={{ item }} state=present update_cache=yes package: name={{ item }} state=present update_cache=yes
with_items: with_items:
- bzip2 - bzip2
- libsemanage-python
- mod_ssl - mod_ssl
- nfs-utils - nfs-utils
- policycoreutils-python
tags: tags:
- packages - packages

9
roles/fedmsg/base/tasks/main.yml
View file

@ -42,15 +42,6 @@
- fedmsg/base - fedmsg/base
when: ansible_distribution_major_version|int < 31 and ansible_distribution == 'Fedora' when: ansible_distribution_major_version|int < 31 and ansible_distribution == 'Fedora'
- name: install needed packages
dnf:
name: ['policycoreutils-python-utils']
state: present
tags:
- packages
- fedmsg/base
when: ansible_distribution_major_version|int > 22
# We only need this on el6. On el7, the fedmsg package uses systemd-tempfiles # We only need this on el6. On el7, the fedmsg package uses systemd-tempfiles
# to generate this effect for us. Note that at the bottom of this role we add # to generate this effect for us. Note that at the bottom of this role we add
# the nrpe user to the fedmsg group so that it has *write* permissions to a unix # the nrpe user to the fedmsg group so that it has *write* permissions to a unix

6
roles/mailman/tasks/main.yml
View file

@ -7,12 +7,6 @@
# SELinux # SELinux
# TODO: switch to the sefcontext module when we update Ansible to 2.2+ # TODO: switch to the sefcontext module when we update Ansible to 2.2+
# #
- name: install semanage
package: name=policycoreutils-python state=present
tags:
- mailman
- selinux
- name: set the SELinux policy for the configuration directory - name: set the SELinux policy for the configuration directory
command: semanage fcontext -a -t etc_t "{{ mailman_webui_confdir }}(/.*)?" command: semanage fcontext -a -t etc_t "{{ mailman_webui_confdir }}(/.*)?"
tags: tags:

1
roles/pagure/fedmsg/tasks/main.yml
View file

@ -8,7 +8,6 @@
- fedmsg - fedmsg
- libsemanage-python - libsemanage-python
- python-psutil - python-psutil
- policycoreutils-python # This is in the kickstart now. Here for old hosts.
tags: tags:
- packages - packages
- pagure - pagure

1
roles/torrent/tasks/main.yml
View file

@ -11,7 +11,6 @@
- mktorrent - mktorrent
- python-simplejson - python-simplejson
- bittorrent - bittorrent
- policycoreutils-python
tags: tags:
- packages - packages

1
roles/unbound/tasks/main.yml
View file

@ -2,7 +2,6 @@
package: name={{ item }} state=present package: name={{ item }} state=present
with_items: with_items:
- unbound - unbound
- policycoreutils-python
- name: install unbound config - name: install unbound config
copy: src=unbound.conf dest=/etc/unbound/unbound.conf mode=644 copy: src=unbound.conf dest=/etc/unbound/unbound.conf mode=644