cloud-noc01: set selinux to allow ntp port on 124

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2026-05-04 01:54:40 +08:00 · 2019-05-08 22:49:55 +00:00
parent 57d7b73581
commit 6ceb5a873b
1 changed files with 18 additions and 0 deletions
--- a/playbooks/hosts/cloud-noc01.cloud.fedoraproject.org.yml
+++ b/playbooks/hosts/cloud-noc01.cloud.fedoraproject.org.yml
@@ -28,6 +28,24 @@
  - import_tasks: "{{ tasks_path }}/2fa_client.yml"
  - import_tasks: "{{ tasks_path }}/motd.yml"

+  - name: check if ntpd port is already known by selinux
+    shell: semanage port -l | grep ntp
+    register: ntp_selinux_port
+    check_mode: no
+    changed_when: false
+    failed_when: false
+    tags:
+    - config
+    - selinux
+
+  - name: allow alternate ntpd port
+    command: semanage port -a -t ntp_port_t -p tcp 124
+    when: "124" not in ntp_selinux_port
+    failed_when: false
+    tags:
+    - config
+    - selinux
+
  handlers:
  - import_tasks: "{{ handlers_path }}/restart_services.yml"