upd

hornos · Mar 12, 2013 · 04de0fb · 04de0fb
1 parent b575738
commit 04de0fb
Show file tree

Hide file tree

Showing 11 changed files with 62 additions and 18 deletions.
diff --git a/basic.yml b/basic.yml
@@ -2,6 +2,6 @@
 - name: Basic Setup
   hosts: all
 
+- include: basic_selinux.yml
 - include: basic_root.yml
 - include: basic_repo.yml
-- include: basic_selinux.yml
diff --git a/basic_selinux.yml b/basic_selinux.yml
@@ -17,3 +17,11 @@
   - name: Install libselinux-python
     yum: name=libselinux-python
          state=installed
+
+  - name: Install semanage
+    yum: name=policycoreutils-python
+         state=installed
+
+  - name: Permissive policy
+    selinux: policy=targeted
+             state=permissive
diff --git a/dnsmasq.yml b/dnsmasq.yml
@@ -3,6 +3,9 @@
 ---
 - hosts: all
 
+  vars_files:
+    - networks.yml
+
   tasks:
   - name: Install dnsmasq
     yum: name=dnsmasq
@@ -53,6 +56,13 @@
               group=wheel
               mode=0644
 
+  - name: Add networks in /etc/networks
+    template: src=etc/networks.j2
+              dest=/etc/networks
+              owner=bin
+              group=wheel
+              mode=0644
+
   - name: Restart dnsmasq
     service: name=dnsmasq
              state=restarted

diff --git a/etc/httpd/conf.d/ganglia.conf.j2 b/etc/httpd/conf.d/ganglia.conf.j2
@@ -0,0 +1,9 @@
+  Alias /ganglia /usr/share/ganglia
+
+  <Location /ganglia>
+    Order allow,deny
+    Allow from {{ networks['system'] }}/{{ masks['system'] }}
+    Allow from 127.0.0.1
+    Allow from ::1
+    Deny from all
+  </Location>
diff --git a/etc/networks.j2 b/etc/networks.j2
@@ -0,0 +1,6 @@
+default 0.0.0.0
+loopback 127.0.0.0
+link-local 169.254.0.0
+{% for net in networks %}
+{{ net }} {{ networks[net] }}
+{% endfor %}
diff --git a/etc/shorewall/rules.d/root.j2 b/etc/shorewall/rules.d/root.j2
@@ -6,3 +6,4 @@ ACCEPT     sys           $FW       tcp       514
 # ganglia
 ACCEPT     sys           $FW       udp      8649
 ACCEPT     sys           $FW       tcp      8649
+ACCEPT     sys           $FW       tcp      80
diff --git a/ganglia.yml b/ganglia.yml
@@ -3,6 +3,7 @@
 
   vars_files:
     - ganglia_vars.yml
+    - networks.yml
 
   tasks:
   - name: Install ganglia
@@ -61,6 +62,16 @@
                state=true
                persistent=yes
 
+#  - name: Put HTTP in permissive mode
+#    command: /usr/sbin/semanage permissive -a httpd_t
+
+  - name: Allow networks
+    template: src=etc/httpd/conf.d/ganglia.conf.j2
+              dest=/etc/httpd/conf.d/ganglia.conf
+              owner=root
+              group=root
+              mode=0644
+
   - name: Restart HTTP
     service: name=httpd
              state=restarted

diff --git a/ganglia_vars.yml b/ganglia_vars.yml
@@ -4,4 +4,4 @@
 # mcast_dev: eth0
 
 cluster_name: root
-
+allow_from: system
diff --git a/network.yml b/network.yml
diff --git a/networks.yml b/networks.yml
@@ -0,0 +1,12 @@
+---
+networks:
+  bmc: 10.0.0.0
+  system: 10.1.0.0
+  storage: 10.2.0.0
+  mpi: 10.3.0.0
+
+masks:
+  system: 255.255.0.0
+
+broadcasts:
+  system: 10.1.255.255
diff --git a/ntp_server.yml b/ntp_server.yml
@@ -4,7 +4,7 @@
 - hosts: all
 
   vars_files:
-    - network.yml
+    - networks.yml
 
   tasks:
     - name: Install NTP Server
@@ -13,9 +13,9 @@
     - name: Setup NTP Server
       lineinfile: dest=/etc/ntp.conf
                   state=present
-                  regexp="broadcast ${network_system_bcast} autokey version 4"
+                  regexp="^broadcast .* autokey version 4"
                   insertafter="# broadcast server"
-                  line="broadcast ${network_system_bcast} autokey version 4"
+                  line="broadcast ${broadcasts['system']} autokey version 4"
                   # backup=yes
       notify:
         - restart ntpd
Original file line number	Diff line number	Diff line change
Expand Up		@@ -4,4 +4,4 @@
		# mcast_dev: eth0

		cluster_name: root

		allow_from: system