From cab4dda1a29960aaaa0b78383cc3529232d89261 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Tue, 14 Jul 2015 19:18:58 +0000
Subject: [PATCH] Some selinux contexts for artboard.

---
 .../hosts/artboard.fedorainfracloud.org.yml   | 48 +++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/playbooks/hosts/artboard.fedorainfracloud.org.yml b/playbooks/hosts/artboard.fedorainfracloud.org.yml
index cd58c8d701..9511fb45a6 100644
--- a/playbooks/hosts/artboard.fedorainfracloud.org.yml
+++ b/playbooks/hosts/artboard.fedorainfracloud.org.yml
@@ -28,8 +28,42 @@
 
   tasks:
 
+  - name: Install common scripts
+    copy: src={{ item }} dest=/usr/local/bin/ owner=root group=root mode=0755
+    with_fileglob:
+    - "{{ roles }}/base/files/common-scripts/*"
+    tags:
+    - config
+    - base
+    - artboard
+
+  - name: set sebooleans so artboard can talk to the db
+    seboolean: name=httpd_can_network_connect_db state=true persistent=true
+    tags:
+    - selinux
+    - artboard
+
   - name: mount up disk of persistent storage
     mount: name=/srv/persist src='LABEL=artboard' fstype=ext4 state=mounted
+    - artboard
+
+  - name: check the selinux context of the artboard dirs
+    command: matchpathcon "/srv/persist/artboard/(/.*)?"
+    register: webcontext
+    always_run: yes
+    changed_when: false
+    tags:
+    - config
+    - selinux
+    - artboard
+
+  - name: set the SELinux policy for the artboard web dir
+    command: semanage fcontext -a -t httpd_sys_content_t "/srv/persist/artboard/(/.*)"
+    when: webcontext.stdout.find('httpd_sys_content_t') == -1
+    tags:
+    - config
+    - selinux
+    - artboard
 
   # packages needed
   - name: add packages
@@ -43,21 +77,31 @@
     - php-gd
     - php-mysql
     - cronie-noanacron
+    tags:
+    - artboard
 
   # packages needed to be gone
   - name: erase packages
     yum: state=absent name={{ item }}
     with_items:
     - cronie-anacron
+    tags:
+    - artboard
 
   - name: artboard backup thing
     copy: src="{{ files }}/artboard/artboard-backup" dest=/etc/cron.daily/artboard-backup mode=0755
+    tags:
+    - artboard
 
   - name: make artboard subdir 
     file: path=/srv/persist/artboard mode=0755 state=directory
+    tags:
+    - artboard
 
   - name: link artboard into /var/www/html
     file: state=link src=/srv/persist/artboard path=/var/www/html/artboard
+    tags:
+    - artboard
 
   - name: add apache confs
     copy: src="{{ files }}/artboard/{{ item }}" dest="/etc/httpd/conf.d/{{ item }}"  backup=true
@@ -65,9 +109,13 @@
     - artboard.conf
     - redirect.conf
     notify: restart httpd
+    tags:
+    - artboard
     
   - name: startup apache
     service: name=httpd state=started
+    tags:
+    - artboard
 
   handlers:
   - include: "{{ handlers }}/restart_services.yml"