tweaking phabricator role so that the selinux tweaks for alternate ssh port can be run separately
This commit is contained in:
parent
c7806395a1
commit
dc43c2aacf
1 changed files with 14 additions and 0 deletions
|
|
@ -41,6 +41,11 @@
|
||||||
- libphutil
|
- libphutil
|
||||||
- arcanist
|
- arcanist
|
||||||
- phabricator
|
- phabricator
|
||||||
|
when: ansible_distribution_major_version|int > 21 and ansible_cmdline.ostree is not defined
|
||||||
|
|
||||||
|
- name: ensure packages required to make selinux changes for phabricator are installed
|
||||||
|
dnf: name={{ item }} state=present enablerepo={{ extra_enablerepos }}
|
||||||
|
with_items:
|
||||||
- libsemanage-python
|
- libsemanage-python
|
||||||
- libselinux-python
|
- libselinux-python
|
||||||
- policycoreutils-python
|
- policycoreutils-python
|
||||||
|
|
@ -152,10 +157,19 @@
|
||||||
register: sshd_selinux_port
|
register: sshd_selinux_port
|
||||||
check_mode: no
|
check_mode: no
|
||||||
changed_when: false
|
changed_when: false
|
||||||
|
tags:
|
||||||
|
- sshd_config
|
||||||
|
- config
|
||||||
|
- sshd
|
||||||
|
|
||||||
|
|
||||||
- name: allow alternate sshd port
|
- name: allow alternate sshd port
|
||||||
command: semanage port -a -t ssh_port_t -p tcp {{ sshd_port }}
|
command: semanage port -a -t ssh_port_t -p tcp {{ sshd_port }}
|
||||||
when: sshd_selinux_port.stdout.find('{{ sshd_port }}') == -1
|
when: sshd_selinux_port.stdout.find('{{ sshd_port }}') == -1
|
||||||
|
tags:
|
||||||
|
- sshd_config
|
||||||
|
- config
|
||||||
|
- sshd
|
||||||
|
|
||||||
- name: generate phabricator phd service file
|
- name: generate phabricator phd service file
|
||||||
template: src=phd.service.j2 dest=/lib/systemd/system/phd.service owner=root group=root mode=0644
|
template: src=phd.service.j2 dest=/lib/systemd/system/phd.service owner=root group=root mode=0644
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue