ceph
/
ceph-ansible
mirror of https://github.com/ceph/ceph-ansible.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

rgw-loadbalancers: add all rgw_ports to http_port_t type 

This adds all rgw ports to the http_port_t selinux type so it
allows haproxy to connect to those ports in order to avoid AVC.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1923890

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 6bbb90198b)
pull/6437/head
Guillaume Abrioux 2021-04-01 09:50:54 +02:00
parent ef99ac623e
commit cc6a10bd02
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
roles/ceph-rgw-loadbalancer/tasks/pre_requisite.yml
View File

@ -33,3 +33,18 @@
mode: "0644" mode: "0644"
notify: notify:
- restart keepalived - restart keepalived
- name: selinux related tasks
when: ansible_facts['os_family'] == 'RedHat'
block:
- name: set_fact rgw_ports
set_fact:
rgw_ports: "{{ rgw_ports | default([]) + [hostvars[item]['rgw_instances']['radosgw_frontend_port']] | unique }}"
with_items: "{{ groups.get(rgw_group_name, []) }}"
- name: add selinux rules
seport:
ports: "{{ rgw_ports }}"
proto: tcp
setype: http_port_t
state: present