You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2019/04/10 14:40:06 UTC
[airavata] branch develop updated: Re-enable SELinux,
enable httpd_execmem
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata.git
The following commit(s) were added to refs/heads/develop by this push:
new 842b767 Re-enable SELinux, enable httpd_execmem
842b767 is described below
commit 842b767cf3926cc725c95d06094339c5901b2a7b
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Wed Apr 10 10:39:16 2019 -0400
Re-enable SELinux, enable httpd_execmem
---
dev-tools/ansible/roles/django/tasks/main.yml | 10 ++++++++--
dev-tools/ansible/roles/httpd/tasks/main.yml | 3 +--
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/dev-tools/ansible/roles/django/tasks/main.yml b/dev-tools/ansible/roles/django/tasks/main.yml
index ce460cb..b031ce0 100644
--- a/dev-tools/ansible/roles/django/tasks/main.yml
+++ b/dev-tools/ansible/roles/django/tasks/main.yml
@@ -46,11 +46,11 @@
- name: Install additional dependencies
pip:
- name: "{{ airavata_django_extra_dependencies }}"
+ name: "{{ item }}"
virtualenv: "{{ django_venv_dir }}"
become: yes
become_user: "{{user}}"
- when: airavata_django_extra_dependencies | length > 0
+ with_list: "{{ airavata_django_extra_dependencies }}"
- name: Copy the settings_local.py file
template: src={{ django_settings_local_template }} dest="{{ airavata_django_checkout }}/django_airavata/settings_local.py" owner="{{user}}" group="{{group}}"
@@ -121,6 +121,12 @@
- restart httpd
when: ansible_os_family == "RedHat"
+- name: Allow Django code to execute Java code (Pyjnius, see https://github.com/SciGaP/simccs-maptool)
+ seboolean:
+ name: httpd_execmem
+ state: yes
+ persistent: yes
+
- name: run restorecon on those directories
command: restorecon -F -R {{ doc_root_dir }}
become: yes
diff --git a/dev-tools/ansible/roles/httpd/tasks/main.yml b/dev-tools/ansible/roles/httpd/tasks/main.yml
index e8f2ec7..469c105 100644
--- a/dev-tools/ansible/roles/httpd/tasks/main.yml
+++ b/dev-tools/ansible/roles/httpd/tasks/main.yml
@@ -1,8 +1,7 @@
# SELinux configuration
- name: set selinux to enforcing
-# TODO: switch back to enforcing
- selinux: state=permissive policy=targeted
+ selinux: state=enforcing policy=targeted
become: yes
when: ansible_os_family == "RedHat"