selinux: turn restorecon call into handler

ansible-middleware · Mar 23, 2022 · dfaeaca · dfaeaca
1 parent 83bc70e
commit dfaeaca
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 16 deletions.
diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml
@@ -8,6 +8,8 @@
     tomcat_uid: 53
     tomcat_group: tomcat
     tomcat_gid: 53
+    tomcat_service_name: tomcat
+    tomcat_home: /opt/apache-tomcat-9.0.50
   tasks:
     - name: "Check that user account {{ tomcat_user }} was properly created"
       user:
@@ -45,10 +47,10 @@
         that:
           - ansible_facts is defined
           - ansible_facts.services is defined
-          - ansible_facts.services[tomcat.service.name] is defined
-          - ansible_facts.services[tomcat.service.name]['state'] is defined
-          - ansible_facts.services[tomcat.service.name]['state'] == 'running'
-          - ansible_facts.services[tomcat.service.name]['status'] == 'enabled'
+          - ansible_facts.services['tomcat.service'] is defined
+          - ansible_facts.services['tomcat.service']['state'] is defined
+          - ansible_facts.services['tomcat.service']['state'] == 'running'
+          - ansible_facts.services['tomcat.service']['status'] == 'enabled'
         quiet: true
         fail_msg: "Service is not started."
 

diff --git a/roles/jws/handlers/main.yml b/roles/jws/handlers/main.yml
@@ -25,3 +25,13 @@
     - tomcat.service.enabled is defined
     - tomcat.service.enabled
   listen: "Restart Tomcat service"
+
+- name: Install selinux policy
+  command: semodule -i jws5-tomcat.pp
+  args:
+    chdir: "{{ tomcat.home }}/selinux"
+  listen: "Selinux policy created"
+
+- name: Apply selinux policy
+  command: "restorecon -r {{ tomcat.install_dir }}"
+  listen: "Apply selinux policy"
diff --git a/roles/jws/tasks/systemd/selinux.yml b/roles/jws/tasks/systemd/selinux.yml
@@ -22,15 +22,7 @@
         creates: "{{ tomcat.home }}/selinux/jws5-tomcat.pp"
       when:
         - not policy_path_selinux.stat.exists
-      register: policy_created
-
-    - name: Install selinux policy
-      command: semodule -i jws5-tomcat.pp
-      args:
-        chdir: "{{ tomcat.home }}/selinux"
-      when:
-        - policy_created.changed
-
-    - name: Apply selinux policy
-      command: "restorecon -r {{ tomcat.install_dir }}"
+      notify:
+        - "Selinux policy created"
+        - "Apply selinux policy"
   when: archive_path_selinux.stat.exists
diff --git a/roles/jws/vars/main.yml b/roles/jws/vars/main.yml
@@ -70,4 +70,4 @@ tomcat:
     systemd: "{{ tomcat_service_systemd }}"
     pidfile: "{{ tomcat_service_systemd_pidfile }}"
     type: "{{ tomcat_service_systemd_type }}"
-    hr_name: "{{ 'Jboss Web Server' if tomcat_install_method in ['rhn_zipfiles','rpm'] else 'Tomcat' }}"
+    hr_name: "{{ 'Jboss Web Server' if tomcat_install_method in ['rhn_zipfiles','rpm'] else 'Tomcat' }}"