openstack/openstack-ansible-haproxy_server
Code Issues Proposed changes

Move selinux fix to haproxy_post_install.yml

Browse Source 
haproxy_service_config.yml is not a valid place for selinux fix.
It should be moved to haproxy_post_install.yml.

Change-Id: Ice55e1cd9fdbac6e564c7f084dc1a020940a0da8
This commit is contained in:
Damian Dabrowski
2023-02-14 12:24:43 +01:00
parent 445b15f9c3
commit d5b3bdba20
2 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
tasks/haproxy_post_install.yml
View File

@@ -77,3 +77,15 @@
opts: bind opts: bind
state: mounted state: mounted
fstype: none fstype: none
- name: Prevent SELinux from preventing haproxy from binding to arbitrary ports
seboolean:
name: haproxy_connect_any
state: yes
persistent: yes
tags:
- haproxy-service-config
notify:
- Reload haproxy
when:
- ansible_facts['selinux']['status'] == "enabled"

12
tasks/haproxy_service_config.yml
View File

@@ -41,15 +41,3 @@
(item.service.state is defined and item.service.state == 'absent') (item.service.state is defined and item.service.state == 'absent')
tags: tags:
- haproxy-service-config - haproxy-service-config
- name: Prevent SELinux from preventing haproxy from binding to arbitrary ports
seboolean:
name: haproxy_connect_any
state: yes
persistent: yes
tags:
- haproxy-service-config
notify:
- Reload haproxy
when:
- ansible_facts['selinux']['status'] == "enabled"