From 442fd1b92df0cb718c35355d8aea416aa0e41b64 Mon Sep 17 00:00:00 2001 From: Tim Flink Date: Aug 19 2020 00:23:23 +0000 Subject: blockerbugs: set another sebool so openid works Turns out that the httpd_can_network_connect sebool has to be set in newer OSs (previous was el7) in order for python_openid to be able to initiate discovery as part of login. This is a simple change that sets httpd_can_network_connect to 1 for the blockerbugs role that should only affect machines running the app. --- diff --git a/roles/blockerbugs/tasks/main.yml b/roles/blockerbugs/tasks/main.yml index f271d0a..8eecca4 100644 --- a/roles/blockerbugs/tasks/main.yml +++ b/roles/blockerbugs/tasks/main.yml @@ -41,6 +41,12 @@ - httpd - blockerbugs +- name: allow httpd to connect to network, enabling openid + seboolean: name=httpd_can_network_connect state=true persistent=true + tags: + - config + - blockerbugs + - name: set sebooleans so blockerbugs can talk to the db seboolean: name=httpd_can_network_connect_db state=true persistent=true tags: