This is an automated email from the ASF dual-hosted git repository. machristie pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/airavata.git
The following commit(s) were added to refs/heads/master by this push: new 18f4cf0 Ansible: allow overriding selinux mode of portal server 18f4cf0 is described below commit 18f4cf0fa61988932ca553802008b65b61723fb4 Author: Marcus Christie <machr...@iu.edu> AuthorDate: Thu May 14 17:06:50 2020 -0400 Ansible: allow overriding selinux mode of portal server --- .../ansible/inventories/scigap/production/host_vars/dreg/vars.yml | 3 +++ dev-tools/ansible/roles/httpd/defaults/main.yml | 7 +++++++ dev-tools/ansible/roles/httpd/tasks/main.yml | 2 +- 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/dev-tools/ansible/inventories/scigap/production/host_vars/dreg/vars.yml b/dev-tools/ansible/inventories/scigap/production/host_vars/dreg/vars.yml index 5e43373..56a0f48 100644 --- a/dev-tools/ansible/inventories/scigap/production/host_vars/dreg/vars.yml +++ b/dev-tools/ansible/inventories/scigap/production/host_vars/dreg/vars.yml @@ -28,6 +28,9 @@ django_tus_endpoint: "https://tus.dreg.scigap.org/files/" # Increase max upload size to 1GB django_file_upload_max_file_size_mb: 1024 +# TODO: while testing dreg-djangoapp, turn off SELinux, but turn it back on +# once it is installed for real +httpd_selinux_mode: "permissive" # airavata_django_extra_dependencies: # - git+https://github.com/SciGaP/dreg-djangoapp.git@gbrowser#egg=dreg-djangoapp diff --git a/dev-tools/ansible/roles/httpd/defaults/main.yml b/dev-tools/ansible/roles/httpd/defaults/main.yml index 6c09be4..1317100 100644 --- a/dev-tools/ansible/roles/httpd/defaults/main.yml +++ b/dev-tools/ansible/roles/httpd/defaults/main.yml @@ -51,4 +51,11 @@ httpd_ssl_conf_template: "ssl.conf.j2" httpd_default_http_port: 80 httpd_default_https_port: 443 + +# httpd_selinux_mode allowed values: +# - disabled +# - enforcing +# - permissive +# https://docs.ansible.com/ansible/latest/modules/selinux_module.html#parameter-state +httpd_selinux_mode: "enforcing" ... diff --git a/dev-tools/ansible/roles/httpd/tasks/main.yml b/dev-tools/ansible/roles/httpd/tasks/main.yml index cb61714..2f7be68 100644 --- a/dev-tools/ansible/roles/httpd/tasks/main.yml +++ b/dev-tools/ansible/roles/httpd/tasks/main.yml @@ -1,7 +1,7 @@ # SELinux configuration - name: set selinux to enforcing - selinux: state=enforcing policy=targeted + selinux: state={{ httpd_selinux_mode }} policy=targeted become: yes when: ansible_os_family == "RedHat"