openstack
/
validations-common
Code Issues Proposed changes
validations-common/validations_common/roles/check_selinux_mode/tasks/main.yml

30 lines
941 B
YAML
Raw Blame History

---
- name: Get current SELinux mode
command: getenforce
become: true
register: sestatus
changed_when: false
when:
- "ansible_os_family is defined and ansible_os_family == 'RedHat'"
- name: Check sestatus
block:
- name: Fail if SELinux is not in Enforced mode (RHEL)
fail:
msg: >-
SELinux is running in {{ sestatus.stdout }} mode on the Undercloud.
Ensure that SELinux is enabled and running in Enforcing mode.
when:
- "sestatus.stdout != 'Enforcing'"
- "ansible_distribution == 'RedHat'"
- name: Warn if SELinux is not in Enforced mode (CentOS)
warn:
msg: >-
SELinux is running in {{ sestatus.stdout }} mode on the Undercloud.
Ensure that SELinux is enabled and running in Enforcing mode.
when:
- "sestatus.stdout != 'Enforcing'"
- "ansible_distribution == 'CentOS'"
when: sestatus.stdout is defined
View Git Blame Copy Permalink