f5d026badb
This change bumps up the maximum supported Ansible version to 10.x (ansible-core 2.17.x) and minimum to 9.x. This synchronises Kayobe with Kolla Ansible. Change-Id: Idfbf0eed0b2333d550f822e40a0d96ae227f6159
57 lines
1.7 KiB
YAML
57 lines
1.7 KiB
YAML
---
|
|
- name: Ensure required packages are installed
|
|
package:
|
|
name: python3-libselinux
|
|
state: present
|
|
cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
|
|
update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}"
|
|
become: True
|
|
|
|
- name: Check if SELinux configuration file exists
|
|
stat:
|
|
path: /etc/selinux/config
|
|
register: stat_result
|
|
|
|
- name: Ensure desired SELinux state
|
|
selinux:
|
|
policy: "{{ selinux_policy }}"
|
|
state: "{{ selinux_state }}"
|
|
register: selinux_result
|
|
vars:
|
|
ansible_python_interpreter: /usr/bin/python3
|
|
become: True
|
|
when: stat_result.stat.exists
|
|
|
|
- block:
|
|
- name: Abort SELinux configuration because reboot is disabled
|
|
fail:
|
|
msg: >
|
|
SELinux state change requires a reboot, but selinux_do_reboot is
|
|
false. Please run again with selinux_do_reboot set to true to reboot.
|
|
when:
|
|
- not selinux_do_reboot | bool
|
|
|
|
- block:
|
|
- name: Set a fact to determine whether we are running locally
|
|
set_fact:
|
|
is_local: "{{ lookup('pipe', 'hostname') in [ansible_facts.hostname, ansible_facts.nodename] }}"
|
|
|
|
- name: Reboot the system to apply SELinux changes (local)
|
|
command: shutdown -r now "Applying SELinux changes"
|
|
become: True
|
|
when:
|
|
- is_local | bool
|
|
|
|
- name: Reboot the machine to apply SELinux
|
|
reboot:
|
|
reboot_timeout: "{{ selinux_reboot_timeout }}"
|
|
msg: Applying SELinux changes
|
|
become: true
|
|
when:
|
|
- not is_local | bool
|
|
when:
|
|
- selinux_do_reboot | bool
|
|
when:
|
|
- stat_result.stat.exists
|
|
- selinux_result.reboot_required
|