taskotron-stg: set selinux context after the dir actually exists

2026-03-30 08:50:55 +08:00 · 2017-01-11 15:01:14 +00:00
parent 3cbfea9a79
commit 7e5a69e1fd
1 changed files with 8 additions and 8 deletions
--- a/roles/taskotron/buildmaster/tasks/main.yml
+++ b/roles/taskotron/buildmaster/tasks/main.yml
@@ -34,14 +34,6 @@
  with_items:
    - python-novaclient

- name: set the selinux fcontext type for the buildmaster_home to var_lib_t
-  command: semanage fcontext -a -t var_lib_t "{{ buildmaster_home }}(/.*)?"
-  when: deployment_type in ['dev', 'stg', 'qa-stg']
-
- name: make sure the selinux fcontext is restored
-  command: restorecon -R "{{ buildmaster_home }}"
-  when: deployment_type in ['dev', 'stg', 'qa-stg']
-
 - name: add the buildmaster user
  user: name={{ buildmaster_user }} home={{ buildmaster_home }}

@@ -53,6 +45,14 @@
  file: path="{{ buildmaster_home }}" state=directory owner=buildmaster group=buildmaster mode=0775
  when: deployment_type in ['dev', 'stg']

+- name: set the selinux fcontext type for the buildmaster_home to var_lib_t
+  command: semanage fcontext -a -t var_lib_t "{{ buildmaster_home }}(/.*)?"
+  when: deployment_type in ['dev', 'stg', 'qa-stg']
+
+- name: make sure the selinux fcontext is restored
+  command: restorecon -R "{{ buildmaster_home }}"
+  when: deployment_type in ['dev', 'stg', 'qa-stg']
+
 - name: allow httpd tcp connections with selinux
  seboolean: name=httpd_can_network_connect state=true persistent=yes