Make permissions set OS Vendor/Version specific (aka /etc/httpd/mod_md)
This commit is contained in:
parent
79e6e39112
commit
e0dc7e1790
@ -131,19 +131,32 @@
|
|||||||
- 'ensure_apache.service_facts'
|
- 'ensure_apache.service_facts'
|
||||||
- 'ensure_apache.service_reload'
|
- 'ensure_apache.service_reload'
|
||||||
- 'ensure_apache.services'
|
- 'ensure_apache.services'
|
||||||
- name: 'base mod_md store'
|
- name: 'ensure permissions'
|
||||||
when:
|
when:
|
||||||
- ansible_system == 'Linux'
|
- ansible_system == 'Linux'
|
||||||
- ensure_apache is defined
|
- ensure_apache is defined
|
||||||
- http_vhost is defined
|
- http_vhost is defined
|
||||||
- http_vhost is iterable
|
- http_vhost is iterable
|
||||||
|
- permission_list is defined
|
||||||
|
- permission_list is iterable
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
group: 'apache'
|
attributes: '{{ item.attributes | default(omit) }}'
|
||||||
owner: 'root'
|
follow: '{{ item.follow | default(omit) }}'
|
||||||
mode: '0770'
|
force: '{{ item.force | default(omit) }}'
|
||||||
path: '/etc/httpd/md'
|
group: '{{ item.group | default(omit) }}'
|
||||||
state: 'directory'
|
owner: '{{ item.owner | default(omit) }}'
|
||||||
setype: 'httpd_var_lib_t'
|
mode: '{{ item.mode | default(omit) }}'
|
||||||
|
path: '{{ item.path }}'
|
||||||
|
reuse: '{{ item.reuse | default(omit) }}'
|
||||||
|
selevel: '{{ item.selevel | default(omit) }}'
|
||||||
|
serole: '{{ item.serole | default(omit) }}'
|
||||||
|
setype: '{{ item.setype | default(omit) }}'
|
||||||
|
seuser: '{{ item.seuser | default(omit) }}'
|
||||||
|
src: '{{ item.src | default(omit) }}'
|
||||||
|
state: '{{ item.state }}'
|
||||||
|
loop: '{{ permissions_list }}'
|
||||||
|
loop_control:
|
||||||
|
label: '{{ item.path }} will be ensured'
|
||||||
notify:
|
notify:
|
||||||
- 'ensure_apache.package_facts'
|
- 'ensure_apache.package_facts'
|
||||||
- 'ensure_apache.service_facts'
|
- 'ensure_apache.service_facts'
|
||||||
|
|||||||
@ -44,6 +44,13 @@ firewall_list:
|
|||||||
- permanent: 'yes'
|
- permanent: 'yes'
|
||||||
service: 'https'
|
service: 'https'
|
||||||
state: 'enabled'
|
state: 'enabled'
|
||||||
|
permissions_list:
|
||||||
|
- path: '/etc/httpd/md'
|
||||||
|
group: 'apache'
|
||||||
|
owner: 'root'
|
||||||
|
mode: '0770'
|
||||||
|
state: 'directory'
|
||||||
|
setype: 'httpd_var_lib_t'
|
||||||
seboolean_list:
|
seboolean_list:
|
||||||
- name: 'httpd_can_network_connect'
|
- name: 'httpd_can_network_connect'
|
||||||
persistent: 'yes'
|
persistent: 'yes'
|
||||||
|
|||||||
@ -42,6 +42,13 @@ firewall_list:
|
|||||||
- permanent: 'yes'
|
- permanent: 'yes'
|
||||||
service: 'https'
|
service: 'https'
|
||||||
state: 'enabled'
|
state: 'enabled'
|
||||||
|
permissions_list:
|
||||||
|
- path: '/etc/httpd/md'
|
||||||
|
group: 'apache'
|
||||||
|
owner: 'root'
|
||||||
|
mode: '0770'
|
||||||
|
state: 'directory'
|
||||||
|
setype: 'httpd_var_lib_t'
|
||||||
seboolean_list:
|
seboolean_list:
|
||||||
- name: 'httpd_can_network_connect'
|
- name: 'httpd_can_network_connect'
|
||||||
persistent: 'yes'
|
persistent: 'yes'
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user