Skip to content
This repository was archived by the owner on Jun 18, 2021. It is now read-only.

add packages needed for selinux setup #119

Closed
hajaalin wants to merge 4 commits into from
Closed

add packages needed for selinux setup #119

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
d25f4d1
add packages needed for selinux setup
hajaalin Sep 22, 2016
4e92796
add handler to update config
hajaalin Sep 27, 2016
7f780c3
Add handlers to reset config and restart OMERO.
hajaalin Sep 30, 2016
0bda404
add trust store setup
hajaalin Sep 30, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions ansible/roles/omero-server/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,3 +80,10 @@ omero_systemd_setup: False
# EXPERIMENTAL, may break your system
# Quoted to prevent autoconversion to bool
omero_systemd_restart: "no"

# Setup trust store
omero_trust_store_setup: False
omero_trust_store: "{{ omero_basedir }}/trust_store.jks"
omero_trust_store_passwd: omero
#omero_trust_store_certificates:
# - { url: 'https://www.digicert.com/CACerts/DigiCertAssuredIDRootCA.crt', name: 'DigiCertAssuredIDRootCA.crt'}
21 changes: 20 additions & 1 deletion ansible/roles/omero-server/handlers/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,27 @@
---
# Handler for nginx

# Handler for nginx
- name: restart nginx
become: yes
service:
name: nginx
state: restarted

- name: reset config
become: yes
become_user: omero
shell: "{{ omero_serverdir }}/{{ omero_server_symlink }}/bin/omero load < config/reset.config"
args:
chdir: "{{ omero_basedir }}"

- name: update config
become: yes
become_user: omero
shell: "{{ omero_serverdir }}/{{ omero_server_symlink }}/bin/omero load < {{ omero_basedir }}/config/omero-base.config"

# Handler for OMERO
- name: restart OMERO
become: yes
service:
name: omero
state: restarted
17 changes: 17 additions & 0 deletions ansible/roles/omero-server/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,12 +66,22 @@
msg: "OMERO.server found but unable to get version, you may have a corrupt installation"
when: omero_server_symlink_st.stat.exists and omero_server_version is undefined

- name: omero | create configuration reset file
become: yes
shell: "touch config/omero-empty.config; cat config/omero-*|grep config|cut -d' ' -f 1,2,3 > config/reset.config"
args:
chdir: "{{ omero_basedir }}"

- name: omero | create common configuration file
become: yes
template:
dest: "{{ omero_basedir }}/config/omero-base.config"
force: yes
src: omero-base.config.j2
notify:
- reset config
- update config
- restart OMERO

- name: omero | empty additional configuration file
become: yes
Expand All @@ -88,6 +98,10 @@
force: yes
src: "{{ omero_prestart_file }}"
when: omero_prestart_file | default(None) != None
notify:
- reset config
- update config
- restart OMERO

- name: omero | set omego options
set_fact:
Expand Down Expand Up @@ -192,3 +206,6 @@

- include: omero-systemd.yml
when: omero_systemd_setup

- include: omero-trust-store.yml
when: omero_trust_store_setup
28 changes: 28 additions & 0 deletions ansible/roles/omero-server/tasks/omero-trust-store.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
---
# Configure trust store for OMERO. This might be needed for LDAPS connection.

# The trust store file is built from scratch every time, to make sure it
# has the exact set of CA certificates configured. For the configuration change
# to take effect, OMERO must be restarted. To avoid unnecessary restarts, once
# you have a working setup, set "omero_trust_store_setup: False".

- name: remove existing trust store
file: path={{ omero_trust_store }} state=absent

- name: create directory for certificates
file: path={{ omero_basedir }}/cacerts state=directory owner={{ omero_system_user }}

- name: download certificates
sudo_user: "{{ omero_system_user }}"
get_url: url={{ item.url }} dest={{ omero_basedir }}/cacerts/{{ item.name }}
with_items:
- "{{ omero_trust_store_certificates }}"

- name: import certificates in a trust store file
sudo_user: "{{ omero_system_user }}"
command: keytool -importcert -noprompt -keystore {{ omero_trust_store }} -storepass {{ omero_trust_store_passwd }} -storetype JKS -providername SUN -file {{ item.name }} -alias {{ item.name }}
args:
chdir: "{{ omero_basedir }}/cacerts"
with_items:
- "{{ omero_trust_store_certificates }}"
notify: restart OMERO
8 changes: 6 additions & 2 deletions ansible/roles/omero-web-runtime/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,8 +48,12 @@
- name: omero | install selinux utilities
become: yes
yum:
name: libselinux-python
name: "{{ item }}"
state: present
with_items:
- libselinux-python
- libsemanage-python
- policycoreutils-python
when: omero_selinux_setup

- name: omero web | selinux booleans
Expand All @@ -71,4 +75,4 @@
proto: tcp
setype: http_port_t
state: present
when: omero_selinux_setup
when: omero_selinux_setup