Add new SELinux validation check
As the default SELinux mode for CentOS is Permissive, we only warn (not fail) if SELinux is not running in Enforcing mode on CentOS. Change-Id: Id991b39a062b4962355b682c175fe92e8f92e0bb Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
This commit is contained in:
parent
13c108aab6
commit
c6e62ac7bf
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
New validation to check for the SELinux Enforcing mode on the Undercloud.
|
|
@ -0,0 +1,35 @@
|
|||
---
|
||||
- hosts: undercloud
|
||||
vars:
|
||||
metadata:
|
||||
name: Undercloud SELinux Enforcing Mode Check
|
||||
description: >
|
||||
Check if the Undercloud is running SELinux in Enforcing mode.
|
||||
groups:
|
||||
- prep
|
||||
- pre-introspection
|
||||
tasks:
|
||||
- name: Get current SELinux mode
|
||||
command: getenforce
|
||||
become: true
|
||||
register: sestatus
|
||||
changed_when: False
|
||||
|
||||
- name: Fail if SELinux is not in Enforced mode (RHEL)
|
||||
fail:
|
||||
msg: >-
|
||||
SELinux is running in {{ sestatus.stdout }} mode on the Undercloud.
|
||||
Ensure that SELinux is enabled and running in Enforcing mode.
|
||||
when:
|
||||
- "sestatus.stdout != 'Enforcing'"
|
||||
- "ansible_distribution == 'RedHat'"
|
||||
|
||||
- name: Warn if SELinux is not in Enforced mode (CentOS)
|
||||
warn:
|
||||
msg: >-
|
||||
SELinux is running in {{ sestatus.stdout }} mode on the Undercloud.
|
||||
Ensure that SELinux is enabled and running in Enforcing mode.
|
||||
when:
|
||||
- "sestatus.stdout != 'Enforcing'"
|
||||
- "ansible_distribution == 'CentOS'"
|
||||
|
Loading…
Reference in New Issue