AnsibleRoles/ensure_apache
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Make permissions set OS Vendor/Version specific (aka /etc/httpd/mod_md)

Browse Source
This commit is contained in:
Jason Rothstein
2022-06-04 21:11:07 -05:00
parent 79e6e39112
commit e0dc7e1790
3 changed files with 34 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
tasks/main.yml
View File

@@ -131,19 +131,32 @@
- 'ensure_apache.service_facts' - 'ensure_apache.service_facts'
- 'ensure_apache.service_reload' - 'ensure_apache.service_reload'
- 'ensure_apache.services' - 'ensure_apache.services'
- name: 'base mod_md store' - name: 'ensure permissions'
when: when:
- ansible_system == 'Linux' - ansible_system == 'Linux'
- ensure_apache is defined - ensure_apache is defined
- http_vhost is defined - http_vhost is defined
- http_vhost is iterable - http_vhost is iterable
- permission_list is defined
- permission_list is iterable
ansible.builtin.file: ansible.builtin.file:
group: 'apache' attributes: '{{ item.attributes | default(omit) }}'
owner: 'root' follow: '{{ item.follow | default(omit) }}'
mode: '0770' force: '{{ item.force | default(omit) }}'
path: '/etc/httpd/md' group: '{{ item.group | default(omit) }}'
state: 'directory' owner: '{{ item.owner | default(omit) }}'
setype: 'httpd_var_lib_t' mode: '{{ item.mode | default(omit) }}'
path: '{{ item.path }}'
reuse: '{{ item.reuse | default(omit) }}'
selevel: '{{ item.selevel | default(omit) }}'
serole: '{{ item.serole | default(omit) }}'
setype: '{{ item.setype | default(omit) }}'
seuser: '{{ item.seuser | default(omit) }}'
src: '{{ item.src | default(omit) }}'
state: '{{ item.state }}'
loop: '{{ permissions_list }}'
loop_control:
label: '{{ item.path }} will be ensured'
notify: notify:
- 'ensure_apache.package_facts' - 'ensure_apache.package_facts'
- 'ensure_apache.service_facts' - 'ensure_apache.service_facts'

7
vars/Fedora-34-default.yml
View File

@@ -44,6 +44,13 @@ firewall_list:
- permanent: 'yes' - permanent: 'yes'
service: 'https' service: 'https'
state: 'enabled' state: 'enabled'
permissions_list:
- path: '/etc/httpd/md'
group: 'apache'
owner: 'root'
mode: '0770'
state: 'directory'
setype: 'httpd_var_lib_t'
seboolean_list: seboolean_list:
- name: 'httpd_can_network_connect' - name: 'httpd_can_network_connect'
persistent: 'yes' persistent: 'yes'

7
vars/Fedora-35-default.yml
View File

@@ -42,6 +42,13 @@ firewall_list:
- permanent: 'yes' - permanent: 'yes'
service: 'https' service: 'https'
state: 'enabled' state: 'enabled'
permissions_list:
- path: '/etc/httpd/md'
group: 'apache'
owner: 'root'
mode: '0770'
state: 'directory'
setype: 'httpd_var_lib_t'
seboolean_list: seboolean_list:
- name: 'httpd_can_network_connect' - name: 'httpd_can_network_connect'
persistent: 'yes' persistent: 'yes'