add packages needed for selinux setup

[hajaalin]

The packages I added are listed in
https://github.com/openmicroscopy/infrastructure/blob/master/ansible/roles/omero-server/tasks/ansible-prerequisites.yml
but that is included only after omero-web-runtime role is included as a dependency in
https://github.com/openmicroscopy/infrastructure/blob/master/ansible/roles/omero-server/meta/main.yml.

I tested like this:
ansible-playbook -i omero-deploy/inventory/dev infrastructure/ansible/training-server.yml
with
omero_selinux_setup: True

With omero_selinux_setup: False nginx is not allowed to connect to OMERO-web at port 4080. This is on a Vagrant box centos/7.

[manics]

Hi @hajaalin

Thanks for your PR! We're part-way through decoupling the deployment of OMERO.web from OMERO.server, it looks like the duplication of the selinux tasks originates from #105. I'll discuss with the rest of the team how best to fix this.

[manics]

@openmicroscopy/devops We should've picked this up with our Vagrantfile :-(

[manics]

@hajaalin I've cherry-picked your first commit into #124 since I required it for testing some of my other changes.

I'll leave 4e92796 unmerged for now, see the followup comments on #127 (comment)

[joshmoore]

@hajaalin : let us know when you want this to be reviewed again.

[hajaalin]

@joshmoore : you can review it when you have time. It seems to work for me.

[joshmoore]

Hi @hajaalin. Thanks again for this. We had a chance to go through your changes today. A couple of points:

• Our fault for not having a style-guide in place, but we're trying to move toward the long-form (more yaml-like) rather than the short-form (a=b style on a single line). It makes reading the diff much easier.
• How has your experience been with the restart handlers? We're struggling with them ourselves especially with regard to error conditions (i.e. will handlers run if a task fails?).

We're going to need some time from our side to have a solid proposal on the handlers front. If you'd like to split out just the trust store tasks, we'd like to go ahead and get that integrated. Alternatively, if you'd like to be more independent of us (at least initially) this likely could be it's own role. We're (very) slowly but surely going to break the roles out of this repo and move them to http://galaxy.ansible.com. Happy to hear your thoughts on that.

All the best, ~Josh.

[manics]

@hajaalin I've just been through your Java trust store commit 0bda404. If I understand correctly it isn't OMERO specific, and could in fact be used by any Java application that requires a trust store. I think it would therefore be a good candidate for being made into an independent role- e.g. on Ansible Galaxy, where it could potentially be of use to many others instead of just OMERO sysadmins. Is this something you'd like to do?

[hajaalin]

@manics Sorry for slow reply, holidays and such... Anyway, here's an attempt: https://galaxy.ansible.com/hajaalin/truststore/. I didn't try it with OMERO yet, but at least it passes some basic tests.

[joshmoore]

Nice, @hajaalin. We're nearly ready to swap over to using galaxy ourselves (gh-239). Do let us know if you have any issues using all the roles together. Closing this in favor of your repo.