Commit 466e1bb3 authored by Oyvind.Gjesdal's avatar Oyvind.Gjesdal
Browse files

add sefcontext, restorecon and separate file permissions for script, update...

add sefcontext, restorecon and separate file permissions for script, update service template (type forking, comment)
parent 35fb11c3
......@@ -3,16 +3,27 @@
src: "handle-server.service.j2"
dest: "/etc/systemd/system/handle-server.service"
- name: "allow selinux context for systemd for start-handle-server script"
- name: "set startup_script path"
set_facts:
handle_startup_script_path: "{{ build_dir }}/bin/start-handle-server"
- name: "set permissions for startup script"
file:
path: "{{ build_dir }}/bin/start-handle-server"
serole: "system_r"
setype: "init_t"
seuser: "system_u"
path: "{{ handle_startup_script_path }}"
owner: "root"
group: "{{ clarin_dspace_tomcat_user }}"
mode: "0554"
- name: "allow selinux context for systemd for start-handle-server script"
sefcontext:
target: "{{ handle_startup_script_path }}"
serole: "system_r"
setype: "init_t"
seuser: "system_u"
- name: "restorecon on handleserver start script"
shell: "restorecon {{ handle_startup_script_path }}"
- name: "enable and start handle service"
systemd:
name: "handle-server"
......
Systemd Unit file for Handle Service used by DSpace
# Systemd Unit file for Handle Service used by DSpace
# retrieved and edited from https://gist.github.com/cwilper/cd1fe3525edba1cc7a32340327a359ed
# On hosts that use systemd, like RHEL7, this can be used to auto-start
# the handle service and provide the familiar "servicectl start|status|stop"
......@@ -34,8 +34,8 @@ Description=Handle Service
After=syslog.target network.target
[Service]
Type=simple
ExecStart={{ build_dir }}/bin/start-handle-server && /usr/bin/fg
Type=forking
ExecStart={{ build_dir }}/bin/start-handle-server
ExecStop=/bin/kill $MAINPID
User={{ dspace_clarin_handle_user | default('tomcat') }}
Group={{ dspace_clarin_handle_group | default('tomcat') }}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment