Some selinux contexts for artboard.

2015-07-14 19:18:58 +00:00 · 2015-07-14 19:18:58 +00:00 · cab4dda1a2
commit cab4dda1a2
parent 1710fea8b8
1 changed files with 48 additions and 0 deletions
--- a/playbooks/hosts/artboard.fedorainfracloud.org.yml
+++ b/playbooks/hosts/artboard.fedorainfracloud.org.yml
@ -28,8 +28,42 @@

  tasks:

+  - name: Install common scripts
+    copy: src={{ item }} dest=/usr/local/bin/ owner=root group=root mode=0755
+    with_fileglob:
+    - "{{ roles }}/base/files/common-scripts/*"
+    tags:
+    - config
+    - base
+    - artboard
+
+  - name: set sebooleans so artboard can talk to the db
+    seboolean: name=httpd_can_network_connect_db state=true persistent=true
+    tags:
+    - selinux
+    - artboard
+
  - name: mount up disk of persistent storage
    mount: name=/srv/persist src='LABEL=artboard' fstype=ext4 state=mounted
+    - artboard
+
+  - name: check the selinux context of the artboard dirs
+    command: matchpathcon "/srv/persist/artboard/(/.*)?"
+    register: webcontext
+    always_run: yes
+    changed_when: false
+    tags:
+    - config
+    - selinux
+    - artboard
+
+  - name: set the SELinux policy for the artboard web dir
+    command: semanage fcontext -a -t httpd_sys_content_t "/srv/persist/artboard/(/.*)"
+    when: webcontext.stdout.find('httpd_sys_content_t') == -1
+    tags:
+    - config
+    - selinux
+    - artboard

  # packages needed
  - name: add packages
@ -43,21 +77,31 @@
    - php-gd
    - php-mysql
    - cronie-noanacron
+    tags:
+    - artboard

  # packages needed to be gone
  - name: erase packages
    yum: state=absent name={{ item }}
    with_items:
    - cronie-anacron
+    tags:
+    - artboard

  - name: artboard backup thing
    copy: src="{{ files }}/artboard/artboard-backup" dest=/etc/cron.daily/artboard-backup mode=0755
+    tags:
+    - artboard

  - name: make artboard subdir 
    file: path=/srv/persist/artboard mode=0755 state=directory
+    tags:
+    - artboard

  - name: link artboard into /var/www/html
    file: state=link src=/srv/persist/artboard path=/var/www/html/artboard
+    tags:
+    - artboard

  - name: add apache confs
    copy: src="{{ files }}/artboard/{{ item }}" dest="/etc/httpd/conf.d/{{ item }}"  backup=true
@ -65,9 +109,13 @@
    - artboard.conf
    - redirect.conf
    notify: restart httpd
+    tags:
+    - artboard
    
  - name: startup apache
    service: name=httpd state=started
+    tags:
+    - artboard

  handlers:
  - include: "{{ handlers }}/restart_services.yml"