Page MenuHomeDevCentral

D3501.id9011.diff
No OneTemporary

D3501.id9011.diff

diff --git a/roles/core/certificates/letsencrypt.sls b/roles/core/certificates/letsencrypt.sls
--- a/roles/core/certificates/letsencrypt.sls
+++ b/roles/core/certificates/letsencrypt.sls
@@ -8,6 +8,7 @@
{% from "map.jinja" import dirs, packages with context %}
{% set has_nginx = salt['node']['has_nginx']() %}
+{% set has_selinux = salt["grains.get"]("selinux:enabled", False) %}
# -------------------------------------------------------------
# Software
@@ -26,6 +27,17 @@
- user: root
- dir_mode: 711
+{% if has_selinux %}
+selinux_context_certbot_www:
+ selinux.fcontext_policy_present:
+ - name: /var/letsencrypt-auto
+ - sel_type: httpd_sys_content_t
+
+selinux_context_certbot_www_applied:
+ selinux.fcontext_policy_applied:
+ - name: /var/letsencrypt-auto
+{% endif %}
+
{{ dirs.etc }}/letsencrypt/cli.ini:
file.managed:
- source: salt://roles/core/certificates/files/cli.ini

File Metadata

Mime Type
text/plain
Expires
Mon, Nov 18, 16:31 (21 h, 5 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2250772
Default Alt Text
D3501.id9011.diff (929 B)

Event Timeline