Run selinux playbook on seed hypervisor

Change-Id: Iec0b9cd24eda4fc0fc38003dea66c50ece7425b6

ansible/seed-hypervisor-host-configure.yml

@@ -9,6 +9,7 @@
 - import_playbook: "wipe-disks.yml"
 - import_playbook: "users.yml"
 - import_playbook: "dev-tools.yml"
+- import_playbook: "selinux.yml"
 - import_playbook: "network.yml"
 - import_playbook: "firewall.yml"
 - import_playbook: "tuned.yml"

ansible/selinux.yml

@@ -1,6 +1,6 @@
 ---
 - name: Configure SELinux state and reboot if required
-  hosts: seed:overcloud:infra-vms
+  hosts: seed:seed-hypervisor:overcloud:infra-vms
   tags:
     - selinux
   roles:

playbooks/kayobe-infra-vm-base/pre.yml

@@ -32,12 +32,6 @@
         value: 1
       become: true
 
-    - name: Ensure SELinux is disabled
-      selinux:
-        state: disabled
-      become: True
-      when: ansible_os_family in ['RedHat', 'Rocky']
-
     # NOTE(mgoddard): Use the name zz-overrides.yml to ensure this takes
     # precedence over the standard config files.
     - name: Ensure kayobe-config override config file exists

playbooks/kayobe-seed-vm-base/pre.yml

@@ -32,12 +32,6 @@
         value: 1
       become: true
 
-    - name: Ensure SELinux is disabled
-      selinux:
-        state: disabled
-      become: True
-      when: ansible_os_family in ['RedHat', 'Rocky']
-
     # NOTE(mgoddard): Use the name zz-overrides.yml to ensure this takes
     # precedence over the standard config files.
     - name: Ensure kayobe-config override config file exists

releasenotes/notes/selinux-seed-hypervisor-40c74b625ea93a7e.yaml

@@ -0,0 +1,9 @@
+---
+features:
+  - |
+    Kayobe now configures SELinux on the seed hypervisor. The default is to set
+    SELinux to ``permissive``.
+fixes:
+  - |
+    Configures SELinux to ``permissive`` on the seed hypervisor, which fixes
+    permission issues when provisioning seed or infra VMs.