If you are not familiar with modules, check out Ansible - Getting Started with Modules.
AVOID TROUBLE
Modifying the state of SELinux can only be done by root or by a user or group that has been granted sudo permission. Refer to Ansible - become (sudo) for the steps on how to grant a user or group become (sudo) permission.
The selinux module is used to enable or disable SELinux on manage nodes (e.g. the target systems). In this example, SELinux is set to enforcing (enabled).
---
- hosts: all
remote_user: root
tasks:
- name: set SELinux to enforcing
selinux:
policy: targeted
state: enforcing
...
In this example, SELinux is set to permissive (targeting but not enforcing).
---
- hosts: all
remote_user: root
tasks:
- name: set SELinux to permissive
selinux:
policy: targeted
state: permissive
...
And in this example, SELinux is disabled.
---
- hosts: all
remote_user: root
tasks:
- name: set SELinux to disabled
selinux:
state: disabled
...
Or, the following parameters can be used to set a file or directory to have a certain SELinux user, role, type, or level.
A reboot is required for this change to take effect, thus you may want to use the reboot module to reboot the managed node after change the SELinux state.
---
- hosts: all
remote_user: root
tasks:
- name: reboot OS
reboot:
msg: "Reboot initiated by Ansible"
connect_timeout: 5
reboot_timeout: 600
pre_reboot_delay: 0
post_reboot_delay: 30
test_command: whoami
...
Did you find this article helpful?
If so, consider buying me a coffee over at