Add fedmsg/base tag to fedmsg/base/role.
This commit is contained in:
Ralph Bean
parent
e5e922297a
commit
658ae04e13
1 changed files with 19 additions and 0 deletions
|
|
@ -11,6 +11,7 @@
|
||||||
- policycoreutils-python # This is in the kickstart now. Here for old hosts.
|
- policycoreutils-python # This is in the kickstart now. Here for old hosts.
|
||||||
tags:
|
tags:
|
||||||
- packages
|
- packages
|
||||||
|
- fedmsg/base
|
||||||
|
|
||||||
# We use setgid here so that the monitoring sockets created by fedmsg services
|
# We use setgid here so that the monitoring sockets created by fedmsg services
|
||||||
# are accessible to the nrpe group.
|
# are accessible to the nrpe group.
|
||||||
|
|
@ -21,11 +22,14 @@
|
||||||
owner=fedmsg
|
owner=fedmsg
|
||||||
group=nrpe
|
group=nrpe
|
||||||
state=directory
|
state=directory
|
||||||
|
tags:
|
||||||
|
- fedmsg/base
|
||||||
|
|
||||||
- name: setup /etc/fedmsg.d directory
|
- name: setup /etc/fedmsg.d directory
|
||||||
file: path=/etc/fedmsg.d owner=root group=root mode=0755 state=directory
|
file: path=/etc/fedmsg.d owner=root group=root mode=0755 state=directory
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
|
- fedmsg/base
|
||||||
|
|
||||||
# Any files that change need to restart any services that depend on them. A
|
# Any files that change need to restart any services that depend on them. A
|
||||||
# trick here is that some hosts have an httpd that uses fedmsg, while others do
|
# trick here is that some hosts have an httpd that uses fedmsg, while others do
|
||||||
|
|
@ -63,6 +67,7 @@
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
- fedmsgdconfig
|
- fedmsgdconfig
|
||||||
|
- fedmsg/base
|
||||||
notify:
|
notify:
|
||||||
- restart httpd
|
- restart httpd
|
||||||
- restart fedmsg-gateway
|
- restart fedmsg-gateway
|
||||||
|
|
@ -74,6 +79,7 @@
|
||||||
file: path=/etc/pki/fedmsg owner=root group=root mode=0755 state=directory
|
file: path=/etc/pki/fedmsg owner=root group=root mode=0755 state=directory
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
|
- fedmsg/base
|
||||||
|
|
||||||
- name: install fedmsg ca.cert
|
- name: install fedmsg ca.cert
|
||||||
copy: >
|
copy: >
|
||||||
|
|
@ -84,6 +90,7 @@
|
||||||
mode=0644
|
mode=0644
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
|
- fedmsg/base
|
||||||
|
|
||||||
- name: fedmsg certs
|
- name: fedmsg certs
|
||||||
copy: >
|
copy: >
|
||||||
|
|
@ -97,6 +104,7 @@
|
||||||
when: fedmsg_certs != []
|
when: fedmsg_certs != []
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
|
- fedmsg/base
|
||||||
|
|
||||||
- name: fedmsg keys
|
- name: fedmsg keys
|
||||||
copy: >
|
copy: >
|
||||||
|
|
@ -110,18 +118,25 @@
|
||||||
when: fedmsg_certs != []
|
when: fedmsg_certs != []
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
|
- fedmsg/base
|
||||||
|
|
||||||
# Three tasks for handling our custom selinux module
|
# Three tasks for handling our custom selinux module
|
||||||
- name: ensure a directory exists for our custom selinux module
|
- name: ensure a directory exists for our custom selinux module
|
||||||
file: dest=/usr/local/share/fedmsg state=directory
|
file: dest=/usr/local/share/fedmsg state=directory
|
||||||
|
tags:
|
||||||
|
- fedmsg/base
|
||||||
|
|
||||||
- name: copy over our custom selinux module
|
- name: copy over our custom selinux module
|
||||||
copy: src=selinux/fedmsg.pp dest=/usr/local/share/fedmsg/fedmsg.pp
|
copy: src=selinux/fedmsg.pp dest=/usr/local/share/fedmsg/fedmsg.pp
|
||||||
register: selinux_module
|
register: selinux_module
|
||||||
|
tags:
|
||||||
|
- fedmsg/base
|
||||||
|
|
||||||
- name: install our custom selinux module
|
- name: install our custom selinux module
|
||||||
command: semodule -i /usr/local/share/fedmsg/fedmsg.pp
|
command: semodule -i /usr/local/share/fedmsg/fedmsg.pp
|
||||||
when: selinux_module|changed
|
when: selinux_module|changed
|
||||||
|
tags:
|
||||||
|
- fedmsg/base
|
||||||
|
|
||||||
# Also, label the ports that we commonly use for fedmsg under mod_wsgi
|
# Also, label the ports that we commonly use for fedmsg under mod_wsgi
|
||||||
# to be http_port_t so selinux lets apache bind there.
|
# to be http_port_t so selinux lets apache bind there.
|
||||||
|
|
@ -130,7 +145,11 @@
|
||||||
register: semanageoutput
|
register: semanageoutput
|
||||||
always_run: yes
|
always_run: yes
|
||||||
changed_when: "1 != 1"
|
changed_when: "1 != 1"
|
||||||
|
tags:
|
||||||
|
- fedmsg/base
|
||||||
|
|
||||||
- name: set ports so httpd can bind to fedmsg endpoints
|
- name: set ports so httpd can bind to fedmsg endpoints
|
||||||
command: semanage port -a -t http_port_t -p tcp 3000-3100
|
command: semanage port -a -t http_port_t -p tcp 3000-3100
|
||||||
when: semanageoutput.stdout.find("3000-3100") == -1
|
when: semanageoutput.stdout.find("3000-3100") == -1
|
||||||
|
tags:
|
||||||
|
- fedmsg/base
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue