mirror of https://github.com/ceph/ceph-ansible.git
rgw-loadbalancers: add all rgw_ports to http_port_t type
This adds all rgw ports to the http_port_t selinux type so it
allows haproxy to connect to those ports in order to avoid AVC.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1923890
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 6bbb90198b
)
pull/6436/head
parent
e63e3a65b4
commit
b02c5e8db7
|
@ -33,3 +33,18 @@
|
|||
mode: "0644"
|
||||
notify:
|
||||
- restart keepalived
|
||||
|
||||
- name: selinux related tasks
|
||||
when: ansible_facts['os_family'] == 'RedHat'
|
||||
block:
|
||||
- name: set_fact rgw_ports
|
||||
set_fact:
|
||||
rgw_ports: "{{ rgw_ports | default([]) + [hostvars[item]['rgw_instances']['radosgw_frontend_port']] | unique }}"
|
||||
with_items: "{{ groups.get(rgw_group_name, []) }}"
|
||||
|
||||
- name: add selinux rules
|
||||
seport:
|
||||
ports: "{{ rgw_ports }}"
|
||||
proto: tcp
|
||||
setype: http_port_t
|
||||
state: present
|
||||
|
|
Loading…
Reference in New Issue