Update task about selinux set.

1.Fix the invalid value about selinux policy 2.Update description of task about selinux.The permissive mode need enable selinux.The parameter named "disable_selinux" is not good. In order to customize selinux modes, we need a new parameter named "selinux_state". Closes-Bug: #1749046 Change-Id: I20c084cf2e46cc0de149afbd34c6dcb77a1051f4
2018-01-31 21:41:41 +08:00 · 2018-01-31 21:41:41 +08:00 · 4f98f08ffa
commit 4f98f08ffa
parent 437d232dc4
3 changed files with 13 additions and 5 deletions
--- a/ansible/roles/baremetal/defaults/main.yml
+++ b/ansible/roles/baremetal/defaults/main.yml
@ -12,7 +12,9 @@ create_kolla_user: True
 enable_host_ntp: True
-disable_selinux: True
+change_selinux: True
 selinux_state: "permissive"
 docker_storage_driver: ""
--- a/ansible/roles/baremetal/tasks/post-install.yml
+++ b/ansible/roles/baremetal/tasks/post-install.yml
@ -115,13 +115,13 @@
    - ansible_os_family == "RedHat"
    - enable_host_ntp | bool
- name: Disable selinux
+- name: Change state of selinux
  selinux:
-    policy: target
+    policy: targeted
-    state: permissive
+    state: "{{ selinux_state }}"
  become: true
  when:
-    - disable_selinux | bool
+    - change_selinux | bool
    - ansible_os_family == "RedHat"
 - name: Reboot
--- a/releasenotes/notes/add-state-for-selinux-3ab41a8d1c3b099e.yaml
+++ b/releasenotes/notes/add-state-for-selinux-3ab41a8d1c3b099e.yaml
@ -0,0 +1,6 @@
 ---
 features:
  - |
    Add a new parameter for changing selinux state. The default value is
    "permissive". Update a parameter named "disable_selinux", use
    "change_selinux" instead of it.