diff --git a/inventory/inventory b/inventory/inventory index fab83e1..d17b02b 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -6,6 +6,7 @@ localhost [docker] docker0 ansible_user=ansible +rhel0 ansible_user=ansible [aws] aws ansible_user=ubuntu diff --git a/manifests/pihole/values.yaml b/manifests/pihole/values.yaml index 0311c5a..36bf7ad 100644 --- a/manifests/pihole/values.yaml +++ b/manifests/pihole/values.yaml @@ -354,6 +354,7 @@ dnsmasq: - 192.168.0.113 node4 - 192.168.0.114 node5 - 192.168.0.115 node6 + - 192.168.0.103 rhel0 # -- Static DHCP config staticDhcpEntries: [] diff --git a/roles/github_runner/tasks/configure_runner.yml b/roles/github_runner/tasks/configure_runner.yml index 017c875..7adb505 100644 --- a/roles/github_runner/tasks/configure_runner.yml +++ b/roles/github_runner/tasks/configure_runner.yml @@ -1,4 +1,26 @@ --- +- name: add a policy to allow service to run with selinux + ansible.builtin.shell: | + ausearch -c '.NET DebugPipe' --raw | audit2allow -M my-NETDebugPipe + semodule -X 300 -i my-NETDebugPipe.pp + ausearch -c 'runsvc.sh' --raw | audit2allow -M my-runsvcsh + semodule -X 300 -i my-runsvcsh.pp + ausearch -c 'Runner.Listener' --raw | audit2allow -M my-RunnerListener + semodule -i my-RunnerListener.pp + ausearch -c 'node' --raw | audit2allow -M my-node + semodule -X 300 -i my-node.pp + setsebool -P domain_can_mmap_files 1 + ausearch -c '(unsvc.sh)' --raw | audit2allow -M my-unsvcsh + semodule -X 300 -i my-unsvcsh.pp + setsebool -P nis_enabled 1 + ausearch -c '.NET TP Worker' --raw | audit2allow -M my-NETTPWorker + semodule -X 300 -i my-NETTPWorker.pp + restorecon -Rv / + args: + chdir: actions_runner + become: true + when: ansible_os_family == "RedHat" + - name: configure action runner on machine ansible.builtin.shell: > ./config.sh --unattended --url {{repository}} --token {{token}} --replace diff --git a/roles/github_runner/tasks/install_runner.yml b/roles/github_runner/tasks/install_runner.yml index 4904828..2b701e3 100644 --- a/roles/github_runner/tasks/install_runner.yml +++ b/roles/github_runner/tasks/install_runner.yml @@ -9,6 +9,7 @@ url: "https://github.com/actions/runner/releases/download/v{{runner_version}}/actions-runner-linux-x64-{{runner_version}}.tar.gz" dest: "actions_runner/actions_runner.tar.gz" mode: '0755' + timeout: 15 - name: unpack compressed actions_runner ansible.builtin.unarchive: