You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2020/05/14 21:07:03 UTC
[airavata] branch master updated: Ansible: allow overriding selinux
mode of portal server
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata.git
The following commit(s) were added to refs/heads/master by this push:
new 18f4cf0 Ansible: allow overriding selinux mode of portal server
18f4cf0 is described below
commit 18f4cf0fa61988932ca553802008b65b61723fb4
Author: Marcus Christie <ma...@iu.edu>
AuthorDate: Thu May 14 17:06:50 2020 -0400
Ansible: allow overriding selinux mode of portal server
---
.../ansible/inventories/scigap/production/host_vars/dreg/vars.yml | 3 +++
dev-tools/ansible/roles/httpd/defaults/main.yml | 7 +++++++
dev-tools/ansible/roles/httpd/tasks/main.yml | 2 +-
3 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/dev-tools/ansible/inventories/scigap/production/host_vars/dreg/vars.yml b/dev-tools/ansible/inventories/scigap/production/host_vars/dreg/vars.yml
index 5e43373..56a0f48 100644
--- a/dev-tools/ansible/inventories/scigap/production/host_vars/dreg/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/host_vars/dreg/vars.yml
@@ -28,6 +28,9 @@ django_tus_endpoint: "https://tus.dreg.scigap.org/files/"
# Increase max upload size to 1GB
django_file_upload_max_file_size_mb: 1024
+# TODO: while testing dreg-djangoapp, turn off SELinux, but turn it back on
+# once it is installed for real
+httpd_selinux_mode: "permissive"
# airavata_django_extra_dependencies:
# - git+https://github.com/SciGaP/dreg-djangoapp.git@gbrowser#egg=dreg-djangoapp
diff --git a/dev-tools/ansible/roles/httpd/defaults/main.yml b/dev-tools/ansible/roles/httpd/defaults/main.yml
index 6c09be4..1317100 100644
--- a/dev-tools/ansible/roles/httpd/defaults/main.yml
+++ b/dev-tools/ansible/roles/httpd/defaults/main.yml
@@ -51,4 +51,11 @@ httpd_ssl_conf_template: "ssl.conf.j2"
httpd_default_http_port: 80
httpd_default_https_port: 443
+
+# httpd_selinux_mode allowed values:
+# - disabled
+# - enforcing
+# - permissive
+# https://docs.ansible.com/ansible/latest/modules/selinux_module.html#parameter-state
+httpd_selinux_mode: "enforcing"
...
diff --git a/dev-tools/ansible/roles/httpd/tasks/main.yml b/dev-tools/ansible/roles/httpd/tasks/main.yml
index cb61714..2f7be68 100644
--- a/dev-tools/ansible/roles/httpd/tasks/main.yml
+++ b/dev-tools/ansible/roles/httpd/tasks/main.yml
@@ -1,7 +1,7 @@
# SELinux configuration
- name: set selinux to enforcing
- selinux: state=enforcing policy=targeted
+ selinux: state={{ httpd_selinux_mode }} policy=targeted
become: yes
when: ansible_os_family == "RedHat"