Ansible - selinux module

If you are not familiar with modules, check out Ansible - Getting Started with Modules.

AVOID TROUBLE

Modifying the state of SELinux can only be done by root or by a user or group that has been granted sudo permission. Refer to Ansible - become (sudo) for the steps on how to grant a user or group become (sudo) permission.

The selinux module is used to enable or disable SELinux on manage nodes (e.g. the target systems). In this example, SELinux is set to enforcing (enabled).

---
- hosts: all
  remote_user: root
  tasks:
  - name: set SELinux to enforcing
    selinux:
      policy: targeted
      state: enforcing
...

 

In this example, SELinux is set to permissive (targeting but not enforcing).

---
- hosts: all
  remote_user: root
  tasks:
  - name: set SELinux to permissive
    selinux:
      policy: targeted
      state: permissive
...

 

And in this example, SELinux is disabled.

---
- hosts: all
  remote_user: root
  tasks:
  - name: set SELinux to disabled
    selinux:
      state: disabled
...

 

Or, the following parameters can be used to set a file or directory to have a certain SELinux user, role, type, or level.

 

A reboot is required for this change to take effect, thus you may want to use the reboot module to reboot the managed node after change the SELinux state.

---
- hosts: all
  remote_user: root
  tasks:
    - name: reboot OS
      reboot:
        msg: "Reboot initiated by Ansible"
        connect_timeout: 5
        reboot_timeout: 600
        pre_reboot_delay: 0
        post_reboot_delay: 30
        test_command: whoami
...

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.





Please enter dbc65 in the box below so that we can be sure you are a human.




Comments

Web design by yours truely - me, myself, and I   |   jeremy.canfield@freekb.net   |