Update task about selinux set.

1.Fix the invalid value about selinux policy 2.Update description of task about selinux.The permissive mode need enable selinux.The parameter named "disable_selinux" is not good. In order to customize selinux modes, we need a new parameter named "selinux_state". Closes-Bug: #1749046 Change-Id: I20c084cf2e46cc0de149afbd34c6dcb77a1051f4
2018-01-31 21:41:41 +08:00 · 2018-01-31 21:41:41 +08:00 · 4f98f08ffa
parent 437d232dc4
commit 4f98f08ffa
3 changed files with 13 additions and 5 deletions
--- a/ansible/roles/baremetal/defaults/main.yml
+++ b/ansible/roles/baremetal/defaults/main.yml
@ -12,7 +12,9 @@ create_kolla_user: True

 enable_host_ntp: True

-disable_selinux: True
+change_selinux: True
+
+selinux_state: "permissive"

 docker_storage_driver: ""

--- a/ansible/roles/baremetal/tasks/post-install.yml
+++ b/ansible/roles/baremetal/tasks/post-install.yml
@ -115,13 +115,13 @@
    - ansible_os_family == "RedHat"
    - enable_host_ntp | bool

- name: Disable selinux
+- name: Change state of selinux
  selinux:
-    policy: target
-    state: permissive
+    policy: targeted
+    state: "{{ selinux_state }}"
  become: true
  when:
-    - disable_selinux | bool
+    - change_selinux | bool
    - ansible_os_family == "RedHat"

 - name: Reboot
--- a/releasenotes/notes/add-state-for-selinux-3ab41a8d1c3b099e.yaml
+++ b/releasenotes/notes/add-state-for-selinux-3ab41a8d1c3b099e.yaml
@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Add a new parameter for changing selinux state. The default value is
+    "permissive". Update a parameter named "disable_selinux", use
+    "change_selinux" instead of it.