Bootstrap FreeKB - Ansible - SELinux module
Ansible - SELinux module

Updated:   |  Ansible articles

If you are not familiar with modules, check out Ansible - Getting Started with Modules.

AVOID TROUBLE

Modifying the state of SELinux can only be done by root or by a user or group that has been granted sudo permission. Refer to Ansible - become (sudo) for the steps on how to grant a user or group become (sudo) permission.

The selinux module is used to enable or disable SELinux on manage nodes (e.g. the target systems). In this example, SELinux is set to enforcing (enabled).

---
- hosts: all
  remote_user: root
  tasks:
  - name: set SELinux to enforcing
    selinux:
      policy: targeted
      state: enforcing
...

 

In this example, SELinux is set to permissive (targeting but not enforcing).

---
- hosts: all
  remote_user: root
  tasks:
  - name: set SELinux to permissive
    selinux:
      policy: targeted
      state: permissive
...

 

And in this example, SELinux is disabled.

---
- hosts: all
  remote_user: root
  tasks:
  - name: set SELinux to disabled
    selinux:
      state: disabled
...

 

Or, the following parameters can be used to set a file or directory to have a certain SELinux user, role, type, or level.

 

A reboot is required for this change to take effect, thus you may want to use the reboot module to reboot the managed node after change the SELinux state.

---
- hosts: all
  remote_user: root
  tasks:
    - name: reboot OS
      reboot:
        msg: "Reboot initiated by Ansible"
        connect_timeout: 5
        reboot_timeout: 600
        pre_reboot_delay: 0
        post_reboot_delay: 30
        test_command: whoami
...

 




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee



Comments


Add a Comment


Please enter adf08a in the box below so that we can be sure you are a human.