You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2020/05/14 21:07:03 UTC

[airavata] branch master updated: Ansible: allow overriding selinux mode of portal server

This is an automated email from the ASF dual-hosted git repository.

machristie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata.git


The following commit(s) were added to refs/heads/master by this push:
     new 18f4cf0  Ansible: allow overriding selinux mode of portal server
18f4cf0 is described below

commit 18f4cf0fa61988932ca553802008b65b61723fb4
Author: Marcus Christie <ma...@iu.edu>
AuthorDate: Thu May 14 17:06:50 2020 -0400

    Ansible: allow overriding selinux mode of portal server
---
 .../ansible/inventories/scigap/production/host_vars/dreg/vars.yml  | 3 +++
 dev-tools/ansible/roles/httpd/defaults/main.yml                    | 7 +++++++
 dev-tools/ansible/roles/httpd/tasks/main.yml                       | 2 +-
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/dev-tools/ansible/inventories/scigap/production/host_vars/dreg/vars.yml b/dev-tools/ansible/inventories/scigap/production/host_vars/dreg/vars.yml
index 5e43373..56a0f48 100644
--- a/dev-tools/ansible/inventories/scigap/production/host_vars/dreg/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/host_vars/dreg/vars.yml
@@ -28,6 +28,9 @@ django_tus_endpoint: "https://tus.dreg.scigap.org/files/"
 # Increase max upload size to 1GB
 django_file_upload_max_file_size_mb: 1024
 
+# TODO: while testing dreg-djangoapp, turn off SELinux, but turn it back on
+# once it is installed for real
+httpd_selinux_mode: "permissive"
 # airavata_django_extra_dependencies:
 #   - git+https://github.com/SciGaP/dreg-djangoapp.git@gbrowser#egg=dreg-djangoapp
 
diff --git a/dev-tools/ansible/roles/httpd/defaults/main.yml b/dev-tools/ansible/roles/httpd/defaults/main.yml
index 6c09be4..1317100 100644
--- a/dev-tools/ansible/roles/httpd/defaults/main.yml
+++ b/dev-tools/ansible/roles/httpd/defaults/main.yml
@@ -51,4 +51,11 @@ httpd_ssl_conf_template: "ssl.conf.j2"
 
 httpd_default_http_port: 80
 httpd_default_https_port: 443
+
+# httpd_selinux_mode allowed values:
+# - disabled
+# - enforcing
+# - permissive
+# https://docs.ansible.com/ansible/latest/modules/selinux_module.html#parameter-state
+httpd_selinux_mode: "enforcing"
 ...
diff --git a/dev-tools/ansible/roles/httpd/tasks/main.yml b/dev-tools/ansible/roles/httpd/tasks/main.yml
index cb61714..2f7be68 100644
--- a/dev-tools/ansible/roles/httpd/tasks/main.yml
+++ b/dev-tools/ansible/roles/httpd/tasks/main.yml
@@ -1,7 +1,7 @@
 
 # SELinux configuration
 - name: set selinux to enforcing
-  selinux: state=enforcing policy=targeted
+  selinux: state={{ httpd_selinux_mode }} policy=targeted
   become: yes
   when: ansible_os_family == "RedHat"