add selinux tasks; restructuring
Some checks failed
continuous-integration/drone/push Build is failing
Some checks failed
continuous-integration/drone/push Build is failing
This commit is contained in:
parent
10a46a1d51
commit
a2c3af18ca
@ -1,6 +1,8 @@
|
|||||||
---
|
---
|
||||||
# not working currently
|
# not working currently
|
||||||
cups_version: 2.2.10
|
cups_version: 2.2.10
|
||||||
|
cups_admin_username: cupsadm
|
||||||
|
cups_admin_password: secure
|
||||||
|
|
||||||
cups_bind_url:
|
cups_bind_url:
|
||||||
- localhost:631
|
- localhost:631
|
||||||
|
|||||||
@ -13,11 +13,13 @@
|
|||||||
yum:
|
yum:
|
||||||
name: "{{ __cups_rpm_files }}"
|
name: "{{ __cups_rpm_files }}"
|
||||||
state: present
|
state: present
|
||||||
|
notify: __cupsd_restart
|
||||||
|
|
||||||
- name: Install custom driver packages
|
- name: Install custom driver packages
|
||||||
yum:
|
yum:
|
||||||
name: "{{ cups_custom_driver_packages }}"
|
name: "{{ cups_custom_driver_packages }}"
|
||||||
state: present
|
state: present
|
||||||
|
notify: __cupsd_restart
|
||||||
|
|
||||||
- name: Deploy global config files
|
- name: Deploy global config files
|
||||||
template:
|
template:
|
||||||
|
|||||||
@ -1,5 +1,8 @@
|
|||||||
---
|
---
|
||||||
|
- include_tasks: prepare.yml
|
||||||
- include_tasks: install.yml
|
- include_tasks: install.yml
|
||||||
|
- include_tasks: selinux.yml
|
||||||
|
when: ansible_selinux
|
||||||
- import_tasks: nginx.yml
|
- import_tasks: nginx.yml
|
||||||
when: cups_nginx_vhost_enabled
|
when: cups_nginx_vhost_enabled
|
||||||
- include_tasks: post_tasks.yml
|
- include_tasks: post_tasks.yml
|
||||||
|
|||||||
10
tasks/prepare.yml
Normal file
10
tasks/prepare.yml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
- block:
|
||||||
|
- name: Create user '{{ cups_admin_username }}'
|
||||||
|
user:
|
||||||
|
comment: Cups Admin
|
||||||
|
name: "{{ cups_admin_username }}"
|
||||||
|
password: "{{ cups_admin_password }}"
|
||||||
|
groups: printadmin
|
||||||
|
become: True
|
||||||
|
become_user: root
|
||||||
32
tasks/selinux.yml
Normal file
32
tasks/selinux.yml
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
---
|
||||||
|
- block:
|
||||||
|
- name: Add SELinux file context mapping definitions
|
||||||
|
sefcontext:
|
||||||
|
target: "{{ item.target }}"
|
||||||
|
setype: "{{ item.setype }}"
|
||||||
|
state: present
|
||||||
|
loop:
|
||||||
|
- { target: '/opt/brother', setype: 'bin_t' }
|
||||||
|
- { target: '/etc/opt/brother', setype: 'cupsd_rw_etc_t' }
|
||||||
|
- { target: '/opt/brother/Printers/(.*/)?inf(/.*)?', setype: 'cupsd_rw_etc_t' }
|
||||||
|
- { target: '/opt/brother/Printers/(.*/)?lpd(/.*)?', setype: 'bin_t' }
|
||||||
|
- { target: '/opt/brother/Printers/(.*/)?cupswrapper(/.*)?', setype: 'bin_t' }
|
||||||
|
notify: __cupsd_restart
|
||||||
|
|
||||||
|
- name: Apply new SELinux file context to filesystem
|
||||||
|
command: "restorecon {{ item }}"
|
||||||
|
loop:
|
||||||
|
- -R /opt/brother
|
||||||
|
- -R /etc/opt/brother
|
||||||
|
- -R /opt/brother/Printers
|
||||||
|
- -RFv /usr/lib/cups/filter
|
||||||
|
notify: __cupsd_restart
|
||||||
|
|
||||||
|
- name: Allow cups execmem/execstack
|
||||||
|
seboolean:
|
||||||
|
name: cups_execmem
|
||||||
|
state: yes
|
||||||
|
persistent: yes
|
||||||
|
notify: __cupsd_restart
|
||||||
|
become: True
|
||||||
|
become_user: root
|
||||||
@ -36,6 +36,8 @@ WebInterface Yes
|
|||||||
|
|
||||||
# Restrict access to the admin pages...
|
# Restrict access to the admin pages...
|
||||||
<Location /admin>
|
<Location /admin>
|
||||||
|
AuthType Default
|
||||||
|
Require user @SYSTEM
|
||||||
Order allow,deny
|
Order allow,deny
|
||||||
</Location>
|
</Location>
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user