From 7b61d43ab127b2604a6b4f1e71b6d5b71d2fb362 Mon Sep 17 00:00:00 2001 From: "Suren A. Chilingaryan" Date: Thu, 10 Jan 2019 06:43:49 +0100 Subject: Update current role --- playbooks/current.yml | 14 ++++---------- roles/current/tasks/firewall.yml | 4 ++++ roles/current/tasks/main.yml | 3 +++ roles/current/tasks/selabel.yml | 6 ++++++ roles/current/tasks/selabels.yml | 7 +++++++ 5 files changed, 24 insertions(+), 10 deletions(-) create mode 100644 roles/current/tasks/firewall.yml create mode 100644 roles/current/tasks/main.yml create mode 100644 roles/current/tasks/selabel.yml create mode 100644 roles/current/tasks/selabels.yml diff --git a/playbooks/current.yml b/playbooks/current.yml index 9271e7e..e3730e9 100644 --- a/playbooks/current.yml +++ b/playbooks/current.yml @@ -1,13 +1,7 @@ #- import_playbook: maintain.yml -#- name: Add Firewall serices -# hosts: ands -# roles: -# - { role: ands_network, action: firewall } -- hosts: masters - tasks: - - name: Enable OpenShift Router statistics - firewalld: service="{{ item }}" state="enabled" permanent="true" immediate="true" - with_items: - - haproxy-stats +- name: Run current temporary rules + hosts: ands + roles: + - { role: current, action: selabels } diff --git a/roles/current/tasks/firewall.yml b/roles/current/tasks/firewall.yml new file mode 100644 index 0000000..672facd --- /dev/null +++ b/roles/current/tasks/firewall.yml @@ -0,0 +1,4 @@ +- name: Enable OpenShift Router statistics + firewalld: service="{{ item }}" state="enabled" permanent="true" immediate="true" + with_items: + - haproxy-stats diff --git a/roles/current/tasks/main.yml b/roles/current/tasks/main.yml new file mode 100644 index 0000000..e18838f --- /dev/null +++ b/roles/current/tasks/main.yml @@ -0,0 +1,3 @@ +--- +- name: "Performing current maintenance actions" + include_tasks: "{{ action | default('common') }}.yml" diff --git a/roles/current/tasks/selabel.yml b/roles/current/tasks/selabel.yml new file mode 100644 index 0000000..987f982 --- /dev/null +++ b/roles/current/tasks/selabel.yml @@ -0,0 +1,6 @@ +--- +- name: "Setting SELinux context for non standard locations" + sefcontext: target="{{ hostpath }}" setype="svirt_sandbox_file_t" state="present" reload="yes" + +- name: "Apply SELinux context for non standard locations" + shell: restorecon "{{ hostpath }}" diff --git a/roles/current/tasks/selabels.yml b/roles/current/tasks/selabels.yml new file mode 100644 index 0000000..db79a1c --- /dev/null +++ b/roles/current/tasks/selabels.yml @@ -0,0 +1,7 @@ +- name: Set SE Labels on folders + include_tasks: selabel.yml + with_items: + - /mnt/hostraid/katrin + - /mnt/hostraid/katrin/workspace + loop_control: + loop_var: hostpath -- cgit v1.2.3