github_runner role works on redhat: selinux-fu
This commit is contained in:
parent
2dff4e3921
commit
7a62c14784
@ -6,6 +6,7 @@ localhost
|
|||||||
|
|
||||||
[docker]
|
[docker]
|
||||||
docker0 ansible_user=ansible
|
docker0 ansible_user=ansible
|
||||||
|
rhel0 ansible_user=ansible
|
||||||
|
|
||||||
[aws]
|
[aws]
|
||||||
aws ansible_user=ubuntu
|
aws ansible_user=ubuntu
|
||||||
|
@ -354,6 +354,7 @@ dnsmasq:
|
|||||||
- 192.168.0.113 node4
|
- 192.168.0.113 node4
|
||||||
- 192.168.0.114 node5
|
- 192.168.0.114 node5
|
||||||
- 192.168.0.115 node6
|
- 192.168.0.115 node6
|
||||||
|
- 192.168.0.103 rhel0
|
||||||
|
|
||||||
# -- Static DHCP config
|
# -- Static DHCP config
|
||||||
staticDhcpEntries: []
|
staticDhcpEntries: []
|
||||||
|
@ -1,4 +1,26 @@
|
|||||||
---
|
---
|
||||||
|
- name: add a policy to allow service to run with selinux
|
||||||
|
ansible.builtin.shell: |
|
||||||
|
ausearch -c '.NET DebugPipe' --raw | audit2allow -M my-NETDebugPipe
|
||||||
|
semodule -X 300 -i my-NETDebugPipe.pp
|
||||||
|
ausearch -c 'runsvc.sh' --raw | audit2allow -M my-runsvcsh
|
||||||
|
semodule -X 300 -i my-runsvcsh.pp
|
||||||
|
ausearch -c 'Runner.Listener' --raw | audit2allow -M my-RunnerListener
|
||||||
|
semodule -i my-RunnerListener.pp
|
||||||
|
ausearch -c 'node' --raw | audit2allow -M my-node
|
||||||
|
semodule -X 300 -i my-node.pp
|
||||||
|
setsebool -P domain_can_mmap_files 1
|
||||||
|
ausearch -c '(unsvc.sh)' --raw | audit2allow -M my-unsvcsh
|
||||||
|
semodule -X 300 -i my-unsvcsh.pp
|
||||||
|
setsebool -P nis_enabled 1
|
||||||
|
ausearch -c '.NET TP Worker' --raw | audit2allow -M my-NETTPWorker
|
||||||
|
semodule -X 300 -i my-NETTPWorker.pp
|
||||||
|
restorecon -Rv /
|
||||||
|
args:
|
||||||
|
chdir: actions_runner
|
||||||
|
become: true
|
||||||
|
when: ansible_os_family == "RedHat"
|
||||||
|
|
||||||
- name: configure action runner on machine
|
- name: configure action runner on machine
|
||||||
ansible.builtin.shell: >
|
ansible.builtin.shell: >
|
||||||
./config.sh --unattended --url {{repository}} --token {{token}} --replace
|
./config.sh --unattended --url {{repository}} --token {{token}} --replace
|
||||||
|
@ -9,6 +9,7 @@
|
|||||||
url: "https://github.com/actions/runner/releases/download/v{{runner_version}}/actions-runner-linux-x64-{{runner_version}}.tar.gz"
|
url: "https://github.com/actions/runner/releases/download/v{{runner_version}}/actions-runner-linux-x64-{{runner_version}}.tar.gz"
|
||||||
dest: "actions_runner/actions_runner.tar.gz"
|
dest: "actions_runner/actions_runner.tar.gz"
|
||||||
mode: '0755'
|
mode: '0755'
|
||||||
|
timeout: 15
|
||||||
|
|
||||||
- name: unpack compressed actions_runner
|
- name: unpack compressed actions_runner
|
||||||
ansible.builtin.unarchive:
|
ansible.builtin.unarchive:
|
||||||
|
Loading…
Reference in New Issue
Block a user