summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--playbooks/current.yml14
-rw-r--r--roles/current/tasks/firewall.yml4
-rw-r--r--roles/current/tasks/main.yml3
-rw-r--r--roles/current/tasks/selabel.yml6
-rw-r--r--roles/current/tasks/selabels.yml7
5 files changed, 24 insertions, 10 deletions
diff --git a/playbooks/current.yml b/playbooks/current.yml
index 9271e7e..e3730e9 100644
--- a/playbooks/current.yml
+++ b/playbooks/current.yml
@@ -1,13 +1,7 @@
#- import_playbook: maintain.yml
-#- name: Add Firewall serices
-# hosts: ands
-# roles:
-# - { role: ands_network, action: firewall }
-- hosts: masters
- tasks:
- - name: Enable OpenShift Router statistics
- firewalld: service="{{ item }}" state="enabled" permanent="true" immediate="true"
- with_items:
- - haproxy-stats
+- name: Run current temporary rules
+ hosts: ands
+ roles:
+ - { role: current, action: selabels }
diff --git a/roles/current/tasks/firewall.yml b/roles/current/tasks/firewall.yml
new file mode 100644
index 0000000..672facd
--- /dev/null
+++ b/roles/current/tasks/firewall.yml
@@ -0,0 +1,4 @@
+- name: Enable OpenShift Router statistics
+ firewalld: service="{{ item }}" state="enabled" permanent="true" immediate="true"
+ with_items:
+ - haproxy-stats
diff --git a/roles/current/tasks/main.yml b/roles/current/tasks/main.yml
new file mode 100644
index 0000000..e18838f
--- /dev/null
+++ b/roles/current/tasks/main.yml
@@ -0,0 +1,3 @@
+---
+- name: "Performing current maintenance actions"
+ include_tasks: "{{ action | default('common') }}.yml"
diff --git a/roles/current/tasks/selabel.yml b/roles/current/tasks/selabel.yml
new file mode 100644
index 0000000..987f982
--- /dev/null
+++ b/roles/current/tasks/selabel.yml
@@ -0,0 +1,6 @@
+---
+- name: "Setting SELinux context for non standard locations"
+ sefcontext: target="{{ hostpath }}" setype="svirt_sandbox_file_t" state="present" reload="yes"
+
+- name: "Apply SELinux context for non standard locations"
+ shell: restorecon "{{ hostpath }}"
diff --git a/roles/current/tasks/selabels.yml b/roles/current/tasks/selabels.yml
new file mode 100644
index 0000000..db79a1c
--- /dev/null
+++ b/roles/current/tasks/selabels.yml
@@ -0,0 +1,7 @@
+- name: Set SE Labels on folders
+ include_tasks: selabel.yml
+ with_items:
+ - /mnt/hostraid/katrin
+ - /mnt/hostraid/katrin/workspace
+ loop_control:
+ loop_var: hostpath