Some selinux contexts for artboard.
This commit is contained in:
Kevin Fenzi
parent
1710fea8b8
commit
cab4dda1a2
1 changed files with 48 additions and 0 deletions
|
|
@ -28,8 +28,42 @@
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
|
|
||||||
|
- name: Install common scripts
|
||||||
|
copy: src={{ item }} dest=/usr/local/bin/ owner=root group=root mode=0755
|
||||||
|
with_fileglob:
|
||||||
|
- "{{ roles }}/base/files/common-scripts/*"
|
||||||
|
tags:
|
||||||
|
- config
|
||||||
|
- base
|
||||||
|
- artboard
|
||||||
|
|
||||||
|
- name: set sebooleans so artboard can talk to the db
|
||||||
|
seboolean: name=httpd_can_network_connect_db state=true persistent=true
|
||||||
|
tags:
|
||||||
|
- selinux
|
||||||
|
- artboard
|
||||||
|
|
||||||
- name: mount up disk of persistent storage
|
- name: mount up disk of persistent storage
|
||||||
mount: name=/srv/persist src='LABEL=artboard' fstype=ext4 state=mounted
|
mount: name=/srv/persist src='LABEL=artboard' fstype=ext4 state=mounted
|
||||||
|
- artboard
|
||||||
|
|
||||||
|
- name: check the selinux context of the artboard dirs
|
||||||
|
command: matchpathcon "/srv/persist/artboard/(/.*)?"
|
||||||
|
register: webcontext
|
||||||
|
always_run: yes
|
||||||
|
changed_when: false
|
||||||
|
tags:
|
||||||
|
- config
|
||||||
|
- selinux
|
||||||
|
- artboard
|
||||||
|
|
||||||
|
- name: set the SELinux policy for the artboard web dir
|
||||||
|
command: semanage fcontext -a -t httpd_sys_content_t "/srv/persist/artboard/(/.*)"
|
||||||
|
when: webcontext.stdout.find('httpd_sys_content_t') == -1
|
||||||
|
tags:
|
||||||
|
- config
|
||||||
|
- selinux
|
||||||
|
- artboard
|
||||||
|
|
||||||
# packages needed
|
# packages needed
|
||||||
- name: add packages
|
- name: add packages
|
||||||
|
|
@ -43,21 +77,31 @@
|
||||||
- php-gd
|
- php-gd
|
||||||
- php-mysql
|
- php-mysql
|
||||||
- cronie-noanacron
|
- cronie-noanacron
|
||||||
|
tags:
|
||||||
|
- artboard
|
||||||
|
|
||||||
# packages needed to be gone
|
# packages needed to be gone
|
||||||
- name: erase packages
|
- name: erase packages
|
||||||
yum: state=absent name={{ item }}
|
yum: state=absent name={{ item }}
|
||||||
with_items:
|
with_items:
|
||||||
- cronie-anacron
|
- cronie-anacron
|
||||||
|
tags:
|
||||||
|
- artboard
|
||||||
|
|
||||||
- name: artboard backup thing
|
- name: artboard backup thing
|
||||||
copy: src="{{ files }}/artboard/artboard-backup" dest=/etc/cron.daily/artboard-backup mode=0755
|
copy: src="{{ files }}/artboard/artboard-backup" dest=/etc/cron.daily/artboard-backup mode=0755
|
||||||
|
tags:
|
||||||
|
- artboard
|
||||||
|
|
||||||
- name: make artboard subdir
|
- name: make artboard subdir
|
||||||
file: path=/srv/persist/artboard mode=0755 state=directory
|
file: path=/srv/persist/artboard mode=0755 state=directory
|
||||||
|
tags:
|
||||||
|
- artboard
|
||||||
|
|
||||||
- name: link artboard into /var/www/html
|
- name: link artboard into /var/www/html
|
||||||
file: state=link src=/srv/persist/artboard path=/var/www/html/artboard
|
file: state=link src=/srv/persist/artboard path=/var/www/html/artboard
|
||||||
|
tags:
|
||||||
|
- artboard
|
||||||
|
|
||||||
- name: add apache confs
|
- name: add apache confs
|
||||||
copy: src="{{ files }}/artboard/{{ item }}" dest="/etc/httpd/conf.d/{{ item }}" backup=true
|
copy: src="{{ files }}/artboard/{{ item }}" dest="/etc/httpd/conf.d/{{ item }}" backup=true
|
||||||
|
|
@ -65,9 +109,13 @@
|
||||||
- artboard.conf
|
- artboard.conf
|
||||||
- redirect.conf
|
- redirect.conf
|
||||||
notify: restart httpd
|
notify: restart httpd
|
||||||
|
tags:
|
||||||
|
- artboard
|
||||||
|
|
||||||
- name: startup apache
|
- name: startup apache
|
||||||
service: name=httpd state=started
|
service: name=httpd state=started
|
||||||
|
tags:
|
||||||
|
- artboard
|
||||||
|
|
||||||
handlers:
|
handlers:
|
||||||
- include: "{{ handlers }}/restart_services.yml"
|
- include: "{{ handlers }}/restart_services.yml"
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue