mirror of https://github.com/ceph/ceph-ansible.git
ceph-nfs: apply selinux fix anyway
Because ansible_distribution_version doesn't return minor version on CentOS with ansible 2.8 we can apply the selinux anyway but only for CentOS/RHEL 7. Starting RHEL 8, there's a dedicated package for selinux called nfs-ganesha-selinux [1]. Also replace the command module + semanage by the selinux_permissive module. [1] https://github.com/nfs-ganesha/nfs-ganesha/commit/a7911f Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>pull/4013/head
Dimitri Savineau
Guillaume Abrioux
parent
0c7fd79865
commit
0ee833432e
|
|
@ -6,25 +6,28 @@
|
||||||
failed_when: false
|
failed_when: false
|
||||||
check_mode: no
|
check_mode: no
|
||||||
|
|
||||||
- name: install policycoreutils-python to get semanage
|
- name: if selinux is not disable
|
||||||
package:
|
|
||||||
name: policycoreutils-python
|
|
||||||
state: present
|
|
||||||
register: result
|
|
||||||
until: result is succeeded
|
|
||||||
when: selinuxstatus.stdout != 'Disabled'
|
when: selinuxstatus.stdout != 'Disabled'
|
||||||
|
block:
|
||||||
|
- name: install policycoreutils-python
|
||||||
|
package:
|
||||||
|
name: policycoreutils-python
|
||||||
|
state: present
|
||||||
|
register: result
|
||||||
|
until: result is succeeded
|
||||||
|
when: ansible_distribution_major_version == '7'
|
||||||
|
|
||||||
- name: test if ganesha_t is already permissive
|
- name: add ganesha_t to permissive domain
|
||||||
shell: |
|
selinux_permissive:
|
||||||
semanage permissive -l | grep -soq ganesha_t
|
name: ganesha_t
|
||||||
changed_when: false
|
permissive: true
|
||||||
failed_when: false
|
failed_when: false
|
||||||
register: ganesha_t_permissive
|
when: ansible_distribution_major_version == '7'
|
||||||
|
|
||||||
- name: run semanage permissive -a ganesha_t
|
- name: install nfs-ganesha-selinux on RHEL 8
|
||||||
command: semanage permissive -a ganesha_t
|
package:
|
||||||
changed_when: false
|
name: nfs-ganesha-selinux
|
||||||
failed_when: false
|
state: present
|
||||||
when:
|
register: result
|
||||||
- selinuxstatus.stdout != 'Disabled'
|
until: result is succeeded
|
||||||
- ganesha_t_permissive.rc != 0
|
when: ansible_distribution_major_version == '8'
|
||||||
|
|
|
||||||
|
|
@ -24,7 +24,6 @@
|
||||||
when:
|
when:
|
||||||
- not containerized_deployment
|
- not containerized_deployment
|
||||||
- ansible_os_family == 'RedHat'
|
- ansible_os_family == 'RedHat'
|
||||||
- ansible_distribution_version >= '7.4'
|
|
||||||
|
|
||||||
- name: include start_nfs.yml
|
- name: include start_nfs.yml
|
||||||
import_tasks: start_nfs.yml
|
import_tasks: start_nfs.yml
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue