From 7bae9777c4c3912adf6f977a7b842e1154a5adf3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= Date: Thu, 14 Nov 2013 00:33:09 +0000 Subject: [PATCH] mailman: fix SELinux context issues And run the post-update script in a yum-post-transaction action. --- roles/mailman/files/post-update.sh | 3 + roles/mailman/tasks/main.yml | 66 ++++++++++++++----- .../templates/post-transaction.action.j2 | 6 ++ 3 files changed, 58 insertions(+), 17 deletions(-) create mode 100644 roles/mailman/templates/post-transaction.action.j2 diff --git a/roles/mailman/files/post-update.sh b/roles/mailman/files/post-update.sh index ed1a742b7f..74dbd6dbd1 100755 --- a/roles/mailman/files/post-update.sh +++ b/roles/mailman/files/post-update.sh @@ -8,6 +8,7 @@ export PATH=$PATH:$(dirname $(realpath $0)) # make yamlget available BASEDIR=`yamlget basedir $CONFFILE` CONFDIR=`yamlget confdir $CONFFILE` +INDEXDIR=$BASEDIR/kittystore_search_index django-admin collectstatic --clear --noinput --pythonpath $CONFDIR --settings settings django-admin assets build --parse-templates --pythonpath $CONFDIR --settings settings @@ -15,6 +16,8 @@ django-admin syncdb --pythonpath $CONFDIR --settings settings_admin django-admin migrate hyperkitty --pythonpath $CONFDIR --settings settings_admin django-admin loaddata /etc/postorius/sites/default/initial-user.json --pythonpath $CONFDIR --settings settings_admin kittystore-updatedb --pythonpath $CONFDIR --settings settings_admin +chown mailman:mailman -R $INDEXDIR +chmod g+w -R $INDEXDIR # Give database rights to the non-admin user $BASEDIR/bin/pg-give-rights.py diff --git a/roles/mailman/tasks/main.yml b/roles/mailman/tasks/main.yml index bfb87431a4..f8d4887e19 100644 --- a/roles/mailman/tasks/main.yml +++ b/roles/mailman/tasks/main.yml @@ -2,6 +2,35 @@ # Configuration for Mailman 3 # PostgreSQL initialization must have been done already + +# +# SELinux +# +- name: install semanage + yum: pkg=policycoreutils-python state=installed + +- name: set the SELinux policy for the configuration directory + command: semanage fcontext -a -t etc_t "${mailman_webui_confdir}(/.*)?" + +- name: set the SELinux policy for the fulltext index + command: semanage fcontext -a -t httpd_sys_content_t "${mailman_webui_basedir}/kittystore_search_index(/.*)?" + +- name: set the SELinux policy for the static files directory + command: semanage fcontext -a -t httpd_sys_content_t "${mailman_webui_basedir}/static(/.*)?" + +- name: set the SELinux policy for the log directory + command: semanage fcontext -a -t httpd_log_t "/var/log/hyperkitty(/.*)?" + +- name: allow Apache to remotely connect to PostgreSQL + seboolean: name=httpd_can_network_connect_db state=yes persistent=yes + +- name: set the SELinux policy to allow postfix to access the mailman aliases + command: semanage fcontext -a -t etc_aliases_t "/var/lib/mailman3?/data/postfix_.*" + + +# +# Packages +# - name: install needed packages yum: pkg=$item state=installed with_items: @@ -13,11 +42,13 @@ - postorius - yum-plugin-post-transaction-actions - mailman3-fedmsg-plugin - - policycoreutils-python # for semanage tags: - packages + +# # Initialize mailman (must be done after settings up the DBs) +# - name: add mailman to the apache group user: name=mailman groups=apache append=yes tags: @@ -32,9 +63,10 @@ notify: - restart mailman3 + +# # Logging -- name: set the SELinux policy for the log directory - command: semanage fcontext -a -t httpd_log_t "/var/log/hyperkitty(/.*)?" +# - name: hyperkitty logging -- directory file: path=/var/log/hyperkitty state=directory owner=root group=apache mode=2775 @@ -48,16 +80,11 @@ copy: src=hyperkitty.logrotate.conf dest=/etc/logrotate.d/hyperkitty + # # HyperKitty + Postorius setup # -- name: set the SELinux policy for the configuration directory - command: semanage fcontext -a -t etc_t "${mailman_webui_confdir}(/.*)?" - -- name: allow Apache to remotely connect to PostgreSQL - seboolean: name=httpd_can_network_connect_db state=yes persistent=yes - - name: create the configuration directory file: path=${mailman_webui_confdir} state=directory @@ -129,7 +156,9 @@ state=directory owner=root group=root mode=0755 +# # Plug HyperKitty into Mailman +# - name: copy the mailman-hyperkitty conffile template: src=mailman-hyperkitty.cfg.j2 dest=${mailman_webui_confdir}/mailman-hyperkitty.cfg @@ -147,7 +176,9 @@ - restart mailman3 +# # Scripts +# - name: install the migration conffile template: src=mailman-migration.conf.j2 dest=/etc/mailman-migration.conf @@ -176,15 +207,13 @@ dest=/etc/postorius/sites/default/initial-user.json owner=root group=apache mode=0640 -# Sync databases -# FIXME the db migrations should happen no matter when the pkgs are updated -# so really this should be run once -# and then stored in a yum-post-transaction-action on the system(s) -# so no matter when it is run the right thing happens -# -#- name: run the post-update script -# command: ${mailman_webui_basedir}/bin/post-update.sh +# Sync databases +- name: install the post-transaction trigger + template: src=post-transaction.action.j2 + dest=/etc/yum/post-actions/hyperkitty.action +- name: run the post-update script + command: ${mailman_webui_basedir}/bin/post-update.sh # Postfix @@ -192,3 +221,6 @@ copy: src=postfix-main.cf dest=/etc/postfix/main.cf notify: - restart postfix + +- name: create the postfix aliases + command: mailman3 aliases diff --git a/roles/mailman/templates/post-transaction.action.j2 b/roles/mailman/templates/post-transaction.action.j2 new file mode 100644 index 0000000000..c2e124bb79 --- /dev/null +++ b/roles/mailman/templates/post-transaction.action.j2 @@ -0,0 +1,6 @@ +# Run the post-update script + +hyperkitty:install:{{ mailman_webui_basedir }}/bin/post-update.sh +hyperkitty:update:{{ mailman_webui_basedir }}/bin/post-update.sh +kittystore:install:{{ mailman_webui_basedir }}/bin/post-update.sh +kittystore:update:{{ mailman_webui_basedir }}/bin/post-update.sh