Make permissions set OS Vendor/Version specific (aka /etc/httpd/mod_md)

2022-06-04 21:11:07 -05:00 · 2022-06-04 21:11:07 -05:00 · e0dc7e1790
commit e0dc7e1790
parent 79e6e39112
3 changed files with 34 additions and 7 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -131,19 +131,32 @@
    - 'ensure_apache.service_facts'
    - 'ensure_apache.service_reload'
    - 'ensure_apache.services'
- name: 'base mod_md store'
+- name: 'ensure permissions'
  when:
    - ansible_system == 'Linux'
    - ensure_apache is defined
    - http_vhost is defined
    - http_vhost is iterable
+    - permission_list is defined
+    - permission_list is iterable
  ansible.builtin.file:
-    group: 'apache'
-    owner: 'root'
-    mode: '0770'
-    path: '/etc/httpd/md'
-    state: 'directory'
-    setype: 'httpd_var_lib_t'
+    attributes: '{{ item.attributes | default(omit) }}'
+    follow: '{{ item.follow | default(omit) }}'
+    force: '{{ item.force | default(omit) }}'
+    group: '{{ item.group | default(omit) }}'
+    owner: '{{ item.owner | default(omit) }}'
+    mode: '{{ item.mode | default(omit) }}'
+    path: '{{ item.path }}'
+    reuse: '{{ item.reuse | default(omit) }}'
+    selevel: '{{ item.selevel | default(omit) }}'
+    serole: '{{ item.serole | default(omit) }}'
+    setype: '{{ item.setype | default(omit) }}'
+    seuser: '{{ item.seuser | default(omit) }}'
+    src: '{{ item.src | default(omit) }}'
+    state: '{{ item.state }}'
+  loop: '{{ permissions_list }}'
+  loop_control:
+    label: '{{ item.path }} will be ensured'
  notify:
    - 'ensure_apache.package_facts'
    - 'ensure_apache.service_facts'
--- a/vars/Fedora-34-default.yml
+++ b/vars/Fedora-34-default.yml
@ -44,6 +44,13 @@ firewall_list:
  - permanent: 'yes'
    service: 'https'
    state: 'enabled'
+permissions_list:
+  - path: '/etc/httpd/md'
+    group: 'apache'
+    owner: 'root'
+    mode: '0770'
+    state: 'directory'
+    setype: 'httpd_var_lib_t'
 seboolean_list:
  - name: 'httpd_can_network_connect'
    persistent: 'yes'
--- a/vars/Fedora-35-default.yml
+++ b/vars/Fedora-35-default.yml
@ -42,6 +42,13 @@ firewall_list:
  - permanent: 'yes'
    service: 'https'
    state: 'enabled'
+permissions_list:
+  - path: '/etc/httpd/md'
+    group: 'apache'
+    owner: 'root'
+    mode: '0770'
+    state: 'directory'
+    setype: 'httpd_var_lib_t'
 seboolean_list:
  - name: 'httpd_can_network_connect'
    persistent: 'yes'