This is an automated email from the ASF dual-hosted git repository. machristie pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/airavata.git
commit fc85a2f91ae85c17821de24a60f0e5e4a8944098 Author: Marcus Christie <[email protected]> AuthorDate: Fri Jul 29 15:24:42 2022 -0400 Ansible: selinux for user_data_dir, which is usually a symlink and needs special permission --- dev-tools/ansible/roles/httpd/tasks/main.yml | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/dev-tools/ansible/roles/httpd/tasks/main.yml b/dev-tools/ansible/roles/httpd/tasks/main.yml index ac13637c9d..4c9803bb40 100644 --- a/dev-tools/ansible/roles/httpd/tasks/main.yml +++ b/dev-tools/ansible/roles/httpd/tasks/main.yml @@ -65,7 +65,22 @@ become: yes when: user_data_dir != real_user_data_dir -- name: set selinux context to allow read/write on the user data directory +- name: set selinux context to allow read/write on the user data directory ({{ user_data_dir }}) + sefcontext: + target: "{{ user_data_dir }}(/.*)?" + setype: httpd_sys_rw_content_t + state: present + become: yes + notify: + - restart httpd + when: ansible_os_family == "RedHat" + +- name: run restorecon on user data directory ({{ user_data_dir }}) + command: restorecon -F -R {{ user_data_dir }} + become: yes + when: ansible_os_family == "RedHat" + +- name: set selinux context to allow read/write on the user data directory ({{ real_user_data_dir }}) sefcontext: # For SELinux file contexts, the real path without symbolic links must be used target: "{{ real_user_data_dir }}(/.*)?" @@ -76,7 +91,7 @@ - restart httpd when: ansible_os_family == "RedHat" -- name: run restorecon on user data directory +- name: run restorecon on user data directory ({{ real_user_data_dir }}) command: restorecon -F -R {{ real_user_data_dir }} become: yes when: ansible_os_family == "RedHat"
