mirror of
https://github.com/ansible-collections/ansible.posix.git
synced 2026-05-08 22:33:49 +00:00
refactor to comply with current ansible-lint and sanity guidelines
Signed-off-by: Adam Miller <admiller@redhat.com>
This commit is contained in:
Adam Miller
@@ -1,3 +1,4 @@
|
||||
---
|
||||
# (c) 2017, Martin Krizek <mkrizek@redhat.com>
|
||||
|
||||
# This file is part of Ansible
|
||||
@@ -15,8 +16,9 @@
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
- include_tasks: seboolean.yml
|
||||
- name: Include_tasks for when SELinux is enabled
|
||||
ansible.builtin.include_tasks: seboolean.yml
|
||||
when:
|
||||
- ansible_selinux is defined
|
||||
- ansible_selinux != False
|
||||
- ansible_selinux
|
||||
- ansible_selinux.status == 'enabled'
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
---
|
||||
# (c) 2017, Martin Krizek <mkrizek@redhat.com>
|
||||
|
||||
# This file is part of Ansible
|
||||
@@ -15,69 +16,89 @@
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
- name: install requirements for RHEL 7 and earlier
|
||||
package:
|
||||
- name: Install requirements for RHEL 7 and earlier
|
||||
ansible.builtin.package:
|
||||
name: policycoreutils-python
|
||||
when:
|
||||
- ansible_distribution == 'RedHat' and ansible_distribution_major_version is version('7', '<=')
|
||||
|
||||
- name: install requirements for RHEL 8 and later
|
||||
package:
|
||||
- name: Install requirements for RHEL 8 and later
|
||||
ansible.builtin.package:
|
||||
name: policycoreutils-python-utils
|
||||
when:
|
||||
- ansible_distribution == 'RedHat' and ansible_distribution_major_version is version('8', '>=')
|
||||
|
||||
- name: Get getsebool output preflight
|
||||
ansible.builtin.shell:
|
||||
cmd: set -o pipefail && semanage boolean -l | grep 'httpd_can_network_connect\W'
|
||||
executable: /bin/bash
|
||||
changed_when: false
|
||||
register: getsebool_output_preflight
|
||||
|
||||
- name: Cleanup
|
||||
shell: setsebool -P httpd_can_network_connect 0
|
||||
##########################################################################################
|
||||
- name: set flag and don't keep it persistent
|
||||
seboolean:
|
||||
ansible.builtin.shell:
|
||||
cmd: set -o pipefail && setsebool -P httpd_can_network_connect 0
|
||||
executable: /bin/bash
|
||||
changed_when: getsebool_output_preflight.stdout.startswith('httpd_can_network_connect --> on')
|
||||
|
||||
- name: Set flag and don't keep it persistent
|
||||
ansible.posix.seboolean:
|
||||
name: httpd_can_network_connect
|
||||
state: yes
|
||||
state: true
|
||||
register: output
|
||||
|
||||
- name: get getsebool output
|
||||
shell: semanage boolean -l | grep 'httpd_can_network_connect\W'
|
||||
- name: Get getsebool output
|
||||
ansible.builtin.shell:
|
||||
cmd: set -o pipefail && semanage boolean -l | grep 'httpd_can_network_connect\W'
|
||||
executable: /bin/bash
|
||||
changed_when: false
|
||||
register: getsebool_output
|
||||
|
||||
- name: check output
|
||||
assert:
|
||||
- name: Check output
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- output is changed
|
||||
- output is not failed
|
||||
- output.name == 'httpd_can_network_connect'
|
||||
- getsebool_output.stdout.startswith('httpd_can_network_connect (on , off)')
|
||||
##########################################################################################
|
||||
- name: unset flag
|
||||
seboolean:
|
||||
- name: Unset flag
|
||||
ansible.posix.seboolean:
|
||||
name: httpd_can_network_connect
|
||||
state: no
|
||||
state: false
|
||||
|
||||
- name: get getsebool output
|
||||
shell: semanage boolean -l | grep 'httpd_can_network_connect\W'
|
||||
- name: Get getsebool output
|
||||
ansible.builtin.shell:
|
||||
cmd: set -o pipefail && semanage boolean -l | grep 'httpd_can_network_connect\W'
|
||||
executable: /bin/bash
|
||||
changed_when: false
|
||||
register: getsebool_output
|
||||
|
||||
- name: check output
|
||||
assert:
|
||||
- name: Check output
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- output is changed
|
||||
- output is not failed
|
||||
- output.name == 'httpd_can_network_connect'
|
||||
- getsebool_output.stdout.startswith('httpd_can_network_connect (off , off)')
|
||||
|
||||
##########################################################################################
|
||||
- name: set flag and keep it persistent
|
||||
seboolean:
|
||||
- name: Set flag and keep it persistent
|
||||
ansible.posix.seboolean:
|
||||
name: httpd_can_network_connect
|
||||
state: yes
|
||||
persistent: yes
|
||||
state: true
|
||||
persistent: true
|
||||
register: output
|
||||
|
||||
- name: get getsebool output
|
||||
shell: semanage boolean -l | grep 'httpd_can_network_connect\W'
|
||||
- name: Get getsebool output
|
||||
ansible.builtin.shell:
|
||||
cmd: set -o pipefail && semanage boolean -l | grep 'httpd_can_network_connect\W'
|
||||
executable: /bin/bash
|
||||
changed_when: false
|
||||
register: getsebool_output
|
||||
|
||||
- name: check output
|
||||
assert:
|
||||
- name: Check output
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- output is changed
|
||||
- output is not failed
|
||||
|
||||
Reference in New Issue
Block a user