diff options
-rw-r--r-- | playbooks/current.yml | 14 | ||||
-rw-r--r-- | roles/current/tasks/firewall.yml | 4 | ||||
-rw-r--r-- | roles/current/tasks/main.yml | 3 | ||||
-rw-r--r-- | roles/current/tasks/selabel.yml | 6 | ||||
-rw-r--r-- | roles/current/tasks/selabels.yml | 7 |
5 files changed, 24 insertions, 10 deletions
diff --git a/playbooks/current.yml b/playbooks/current.yml index 9271e7e..e3730e9 100644 --- a/playbooks/current.yml +++ b/playbooks/current.yml @@ -1,13 +1,7 @@ #- import_playbook: maintain.yml -#- name: Add Firewall serices -# hosts: ands -# roles: -# - { role: ands_network, action: firewall } -- hosts: masters - tasks: - - name: Enable OpenShift Router statistics - firewalld: service="{{ item }}" state="enabled" permanent="true" immediate="true" - with_items: - - haproxy-stats +- name: Run current temporary rules + hosts: ands + roles: + - { role: current, action: selabels } diff --git a/roles/current/tasks/firewall.yml b/roles/current/tasks/firewall.yml new file mode 100644 index 0000000..672facd --- /dev/null +++ b/roles/current/tasks/firewall.yml @@ -0,0 +1,4 @@ +- name: Enable OpenShift Router statistics + firewalld: service="{{ item }}" state="enabled" permanent="true" immediate="true" + with_items: + - haproxy-stats diff --git a/roles/current/tasks/main.yml b/roles/current/tasks/main.yml new file mode 100644 index 0000000..e18838f --- /dev/null +++ b/roles/current/tasks/main.yml @@ -0,0 +1,3 @@ +--- +- name: "Performing current maintenance actions" + include_tasks: "{{ action | default('common') }}.yml" diff --git a/roles/current/tasks/selabel.yml b/roles/current/tasks/selabel.yml new file mode 100644 index 0000000..987f982 --- /dev/null +++ b/roles/current/tasks/selabel.yml @@ -0,0 +1,6 @@ +--- +- name: "Setting SELinux context for non standard locations" + sefcontext: target="{{ hostpath }}" setype="svirt_sandbox_file_t" state="present" reload="yes" + +- name: "Apply SELinux context for non standard locations" + shell: restorecon "{{ hostpath }}" diff --git a/roles/current/tasks/selabels.yml b/roles/current/tasks/selabels.yml new file mode 100644 index 0000000..db79a1c --- /dev/null +++ b/roles/current/tasks/selabels.yml @@ -0,0 +1,7 @@ +- name: Set SE Labels on folders + include_tasks: selabel.yml + with_items: + - /mnt/hostraid/katrin + - /mnt/hostraid/katrin/workspace + loop_control: + loop_var: hostpath |