Update torrelay role with new selinux modules built for each fedora version and centos

author: Matthieu Saulnier <fantom@fedoraproject.org> 2018-11-17 18:18:02 +0100
committer: Matthieu Saulnier <fantom@fedoraproject.org> 2018-11-17 18:18:02 +0100
commit: e2f0144d972978bb46c2b71e0798e1136cd7c0f1 (patch)
tree: 8b9d845a147c755fcbe601547d0650819a9c4de5
parent: 1a618c4243bfdbd4c1ccac98965c924710da9ebe (diff)
download: playbooks-ansible-e2f0144d972978bb46c2b71e0798e1136cd7c0f1.tar.gz
playbooks-ansible-e2f0144d972978bb46c2b71e0798e1136cd7c0f1.tar.xz
playbooks-ansible-e2f0144d972978bb46c2b71e0798e1136cd7c0f1.zip
9 files changed, 47 insertions, 13 deletions
diff --git a/roles/torrelay/files/tor-bind-pop_port-centos-7.5.pp b/roles/torrelay/files/tor-bind-pop_port-centos-7.5.pp
new file mode 100644
index 0000000..bb5211a
--- /dev/null
+++ b/roles/torrelay/files/tor-bind-pop_port-centos-7.5.pp
diff --git a/roles/torrelay/files/tor-bind-pop_port-fedora-27.pp b/roles/torrelay/files/tor-bind-pop_port-fedora-27.pp
new file mode 100644
index 0000000..d6c70ac
--- /dev/null
+++ b/roles/torrelay/files/tor-bind-pop_port-fedora-27.pp
diff --git a/roles/torrelay/files/tor-bind-pop_port-fedora-28.pp b/roles/torrelay/files/tor-bind-pop_port-fedora-28.pp
new file mode 100644
index 0000000..d119f10
--- /dev/null
+++ b/roles/torrelay/files/tor-bind-pop_port-fedora-28.pp
diff --git a/roles/torrelay/files/tor-dac-capabilities.pp b/roles/torrelay/files/tor-dac-capabilities-centos-7.5.pp
index a6a8e85..80c1bfc 100644
--- a/roles/torrelay/files/tor-dac-capabilities.pp
+++ b/roles/torrelay/files/tor-dac-capabilities-centos-7.5.pp
diff --git a/roles/torrelay/files/tor-dac-capabilities-fedora-27.pp b/roles/torrelay/files/tor-dac-capabilities-fedora-27.pp
new file mode 100644
index 0000000..416bca1
--- /dev/null
+++ b/roles/torrelay/files/tor-dac-capabilities-fedora-27.pp
diff --git a/roles/torrelay/files/tor-dac-capabilities-fedora-28.pp b/roles/torrelay/files/tor-dac-capabilities-fedora-28.pp
new file mode 100644
index 0000000..437341d
--- /dev/null
+++ b/roles/torrelay/files/tor-dac-capabilities-fedora-28.pp
diff --git a/roles/torrelay/files/tor-selinux-centos6.6-policy-module.pp b/roles/torrelay/files/tor-selinux-centos6.6-policy-module.pp
deleted file mode 100644
index 6d6df50..0000000
--- a/roles/torrelay/files/tor-selinux-centos6.6-policy-module.pp
+++ /dev/null
diff --git a/roles/torrelay/files/tor-selinux-f22-policy-module.pp b/roles/torrelay/files/tor-selinux-f22-policy-module.pp
deleted file mode 100644
index 62f4c26..0000000
--- a/roles/torrelay/files/tor-selinux-f22-policy-module.pp
+++ /dev/null
diff --git a/roles/torrelay/tasks/selinux.yml b/roles/torrelay/tasks/selinux.yml
index c3ba4c2..57e88bd 100644
--- a/roles/torrelay/tasks/selinux.yml
+++ b/roles/torrelay/tasks/selinux.yml
@@ -1,23 +1,57 @@
-- name: Déploiement du module SELinux pour hidden_services
-  copy:
-    src: tor-selinux-f22-policy-module.pp
-    dest: /root/tor-selinux-f22-policy-module.pp
-    mode: 0644
+- name: Suppression du module SELinux pour hidden_services
+  file:
+    path: /root/tor-selinux-f22-policy-module.pp
+    state: absent
   when: ansible_distribution == "Fedora"
 
-- name: Déploiement du module SELinux pour AVC dac error
+- name: Suppression du module SELinux pour AVC dac error
+  file:
+    path: /root/tor-dac-capabilities.pp
+    state: absent
+  when: ansible_distribution == "Fedora"
+
+- name: Suppression du module SELinux pour hidden_services
+  file:
+    path: /root/tor-selinux-centos6.6-policy-module.pp
+    state: absent
+  when: ansible_distribution == "CentOS"
+
+- name: Installation des modules SELinux pour Centos
   copy:
-    src: tor-dac-capabilities.pp
-    dest: /root/tor-dac-capabilities.pp
+    src: "{{ item }}-7.5.pp"
+    dest: "/root/{{ item }}-7.5.pp"
     mode: 0644
-  when: ansible_distribution == "Fedora"
+  with_items:
+    - tor-bind-pop_port-centos
+    - tor-dac-capabilities-centos
+  when: ansible_distribution == "CentOS" and ansible_distribution_version|int >= 7.5.1804
 
-- name: Déploiement du module SELinux pour hidden_services
+- name: Installation des modules SELinux pour Fedora
   copy:
-    src: tor-selinux-centos6.6-policy-module.pp
-    dest: /root/tor-selinux-centos6.6-policy-module.pp
+    src: "{{ item }}-{{ ansible_distribution_version }}.pp"
+    dest: "/root/{{ item }}-{{ ansible_distribution_version }}.pp"
     mode: 0644
-  when: ansible_distribution == "CentOS"
+  with_items:
+    - tor-bind-pop_port-fedora
+    - tor-dac-capabilities-fedora
+  when: ansible_distribution == "Fedora" and ansible_distribution_version|int >= 27
+
+- name: Vérification des modules
+  shell: semodule -l | grep '{{ item }}'
+  args:
+    executable: /usr/bin/zsh
+  with_items:
+    - tor-bind-pop_port
+    - tor-dac-capabilities
+  register: semodulelist
+  ignore_errors: yes
+
+- name: Installation des modules
+  command: semodule -i /root/'{{ item }}'
+  with_items:
+    - tor-bind-pop_port
+    - tor-dac-capabilities
+  when: semodulelist is failed
 
 - name: Configuration du booleen SELinux
   seboolean: name=tor_can_network_relay state=yes persistent=yes
author	Matthieu Saulnier <fantom@fedoraproject.org>	2018-11-17 18:18:02 +0100
committer	Matthieu Saulnier <fantom@fedoraproject.org>	2018-11-17 18:18:02 +0100
commit	e2f0144d972978bb46c2b71e0798e1136cd7c0f1 (patch)
tree	8b9d845a147c755fcbe601547d0650819a9c4de5
parent	1a618c4243bfdbd4c1ccac98965c924710da9ebe (diff)
download	playbooks-ansible-e2f0144d972978bb46c2b71e0798e1136cd7c0f1.tar.gz playbooks-ansible-e2f0144d972978bb46c2b71e0798e1136cd7c0f1.tar.xz playbooks-ansible-e2f0144d972978bb46c2b71e0798e1136cd7c0f1.zip