From 17282f8d60c2bc3e2336b473b69b5046fa8a8b29 Mon Sep 17 00:00:00 2001
From: "Chandan Kumar (raukadah)" <chkumar@redhat.com>
Date: Mon, 16 Dec 2019 14:05:38 +0530
Subject: [PATCH] Use osp_release flag to set selinux mode

In Upstream and rdo-cloud tripleo ci jobs on RHEL & CentOS, we
use selinux mode to permissive but currently it is harded for
CentOS only.

In Downstream jobs, we use enforcing mode. So instead of depending
upon ansible_distribution, we can rely on osp_release to toggle
selinux mode and will work for both centOS and RHEL.

Related-Bug: 1853028

Change-Id: I6a6449777ea28198002b8c028a345ab16b733901
Signed-off-by: Chandan Kumar (raukadah) <chkumar@redhat.com>
---
 roles/overcloud-deploy/defaults/main.yml  | 6 +++---
 roles/undercloud-deploy/defaults/main.yml | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/roles/overcloud-deploy/defaults/main.yml b/roles/overcloud-deploy/defaults/main.yml
index e67b011d8..3c807df77 100644
--- a/roles/overcloud-deploy/defaults/main.yml
+++ b/roles/overcloud-deploy/defaults/main.yml
@@ -183,8 +183,8 @@ resource_registry_args:
 
 # We disable selinux when running under CentOS. It's enabled for RHEL
 overcloud_selinux_enabled: >-
-   {% if ansible_distribution == 'CentOS' -%}
-   permissive
-   {%- else -%}
+   {% if osp_release is defined -%}
    enforcing
+   {%- else -%}
+   permissive
    {%- endif -%}
diff --git a/roles/undercloud-deploy/defaults/main.yml b/roles/undercloud-deploy/defaults/main.yml
index d40c6bac6..bf4935784 100644
--- a/roles/undercloud-deploy/defaults/main.yml
+++ b/roles/undercloud-deploy/defaults/main.yml
@@ -85,10 +85,10 @@ default_undercloud_roles_data_path: "{{ undercloud_templates_path }}/roles_data_
 
 # We disable selinux when running under CentOS. It's enabled for RHEL
 undercloud_selinux_enabled: >-
-   {% if ansible_distribution == 'CentOS' -%}
-   false
-   {%- else -%}
+   {% if osp_release is defined -%}
    true
+   {%- else -%}
+   false
    {%- endif -%}
 
 undercloud_container_cli: >-