39 lines
1.1 KiB
YAML
39 lines
1.1 KiB
YAML
|
# roles/dhcp/tasks/apparmor-fix.yml
|
||
|
|
# This playbook adds an AppArmor policy rule that allows the dhcpd process to
|
||
|
|
# acces temporary config files copied to the server by Ansible.
|
||
|
|
---
|
||
|
|
|
||
|
|
- name: AppArmor fix | Check if policy file exists
|
||
|
|
stat:
|
||
|
|
path: "{{ dhcp_apparmor_policy }}"
|
||
|
|
register: apparmor_policyfile
|
||
|
|
tags: dhcp
|
||
|
|
|
||
|
|
- name: AppArmor fix | Ensure dhcpd can acces temp config file for validation (1/2)
|
||
|
|
lineinfile:
|
||
|
|
dest: "{{ dhcp_apparmor_policy }}"
|
||
|
|
line: ' capability dac_override,'
|
||
|
|
insertafter: ' capability setuid,'
|
||
|
|
state: present
|
||
|
|
create: false
|
||
|
|
when: apparmor_policyfile.stat.exists
|
||
|
|
failed_when: false
|
||
|
|
notify: restart apparmor
|
||
|
|
tags: dhcp
|
||
|
|
|
||
|
|
- name: AppArmor fix | Ensure dhcpd can acces temp config file for validation (2/2)
|
||
|
|
lineinfile:
|
||
|
|
dest: "{{ dhcp_apparmor_policy }}"
|
||
|
|
line: ' /home/*/.ansible/** r,'
|
||
|
|
insertbefore: '.*/etc/dhcp/ r,'
|
||
|
|
state: present
|
||
|
|
create: false
|
||
|
|
when: apparmor_policyfile.stat.exists
|
||
|
|
failed_when: false
|
||
|
|
#register: apparmor_fix_2
|
||
|
|
notify: restart apparmor
|
||
|
|
tags: dhcp
|
||
|
|
|
||
|
|
- name: AppArmor fix | Force running handlers now
|
||
|
|
meta: flush_handlers
|