This repository has been archived by the owner on Aug 13, 2024. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix SELinux behavior and tidy up installation (#156)
* moved SELinux related stuff to own file - conditionally included only when SELinux enabled, fixes #28 - unification of the way how Python SELinux libs are installed on RedHat and Debian based systems * simplified install tasks - reduced number of tasks in installation.packages.yml to 3 - this utilizes the package module instead of apt, yum, zypper, ... - replaced nginx_redhat_pkg, nginx_ubuntu_pkg, nginx_freebsd_pkg, nginx_suse_pkg which all hold the same content with a new variable - new variable nginx_pkgs contains "nginx" by default but is still a list to allow users to configure further nginx related packages they want to install * set SELinux boolean httpd_setrlimit to allow nginx setting the rlimit - is necessary because this role forces the setting of worker_rlimit_nofile - introduces the need of libsemanage-python/python-semanage but since installation of SELinux modules is conditional, this does not hurt
- Loading branch information
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,15 +1,5 @@ | ||
| --- | ||
| nginx_pkgs: | ||
| - nginx | ||
|
|
||
| nginx_install_epel_repo: True | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,35 +1,15 @@ | ||
| --- | ||
| - name: Install the epel packages | ||
| package: name=epel-release state=present | ||
| when: nginx_is_el|bool and nginx_install_epel_repo|bool | ||
|
|
||
| - name: Install the nginx packages from official repo | ||
| yum: name={{ item }} state=present enablerepo="nginx" | ||
| with_items: "{{ nginx_pkgs }}" | ||
| when: nginx_is_el|bool and nginx_official_repo | ||
|
|
||
| - name: Install the nginx packages | ||
| package: name={{ item }} state=present | ||
| with_items: "{{ nginx_pkgs }}" | ||
| environment: "{{ nginx_env }}" | ||
| when: not nginx_official_repo | ||
This comment has been minimized.
Sorry, something went wrong. |
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| --- | ||
| - name: Install the selinux python module | ||
| package: name={{ item }} state=present | ||
| with_items: | ||
| - libselinux-python | ||
| - libsemanage-python | ||
| when: ansible_os_family == "RedHat" | ||
|
|
||
| - name: Install the selinux python module | ||
| package: name={{ item }} state=present | ||
| with_items: | ||
| - python-selinux | ||
| - python-semanage | ||
| when: ansible_os_family == "Debian" | ||
|
|
||
| - name: Set SELinux boolean to allow nginx to set rlimit | ||
| seboolean: name=httpd_setrlimit state=yes persistent=yes |
I have created an PR for that #157, I merge if there is not comments and CI is OK