From 4f98f08ffa53425ab474e53c22c572d14c91a47d Mon Sep 17 00:00:00 2001 From: pengdake <19921207pq@gmail.com> Date: Wed, 31 Jan 2018 21:41:41 +0800 Subject: [PATCH] Update task about selinux set. 1.Fix the invalid value about selinux policy 2.Update description of task about selinux.The permissive mode need enable selinux.The parameter named "disable_selinux" is not good. In order to customize selinux modes, we need a new parameter named "selinux_state". Closes-Bug: #1749046 Change-Id: I20c084cf2e46cc0de149afbd34c6dcb77a1051f4 --- ansible/roles/baremetal/defaults/main.yml | 4 +++- ansible/roles/baremetal/tasks/post-install.yml | 8 ++++---- .../notes/add-state-for-selinux-3ab41a8d1c3b099e.yaml | 6 ++++++ 3 files changed, 13 insertions(+), 5 deletions(-) create mode 100644 releasenotes/notes/add-state-for-selinux-3ab41a8d1c3b099e.yaml diff --git a/ansible/roles/baremetal/defaults/main.yml b/ansible/roles/baremetal/defaults/main.yml index 62584c8b20..aff8ccfe5f 100644 --- a/ansible/roles/baremetal/defaults/main.yml +++ b/ansible/roles/baremetal/defaults/main.yml @@ -12,7 +12,9 @@ create_kolla_user: True enable_host_ntp: True -disable_selinux: True +change_selinux: True + +selinux_state: "permissive" docker_storage_driver: "" diff --git a/ansible/roles/baremetal/tasks/post-install.yml b/ansible/roles/baremetal/tasks/post-install.yml index 63b8a3a8fa..2a19455d5a 100644 --- a/ansible/roles/baremetal/tasks/post-install.yml +++ b/ansible/roles/baremetal/tasks/post-install.yml @@ -115,13 +115,13 @@ - ansible_os_family == "RedHat" - enable_host_ntp | bool -- name: Disable selinux +- name: Change state of selinux selinux: - policy: target - state: permissive + policy: targeted + state: "{{ selinux_state }}" become: true when: - - disable_selinux | bool + - change_selinux | bool - ansible_os_family == "RedHat" - name: Reboot diff --git a/releasenotes/notes/add-state-for-selinux-3ab41a8d1c3b099e.yaml b/releasenotes/notes/add-state-for-selinux-3ab41a8d1c3b099e.yaml new file mode 100644 index 0000000000..6a4ec5a43c --- /dev/null +++ b/releasenotes/notes/add-state-for-selinux-3ab41a8d1c3b099e.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Add a new parameter for changing selinux state. The default value is + "permissive". Update a parameter named "disable_selinux", use + "change_selinux" instead of it.