ceph
/
ceph-ansible
mirror of https://github.com/ceph/ceph-ansible.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ceph-osd: Set selinux to permissive 

Currently we don't yet support runnings OSDs w/ selinux in
enforcing mode. Thus its better to ensure that ceph-ansible
explicitly makes selinux permissive. This should help in
scenarios such as hyperconverged where OSDs are colocated
with VMs on compute nodes which needs selinux enforcing, but
OSDs don't.

Signed-off-by: Deepak C Shetty <deepakcs@redhat.com>
pull/619/head
Deepak C Shetty 2016-03-11 09:25:25 +00:00
parent 1a62a81006
commit 2b908ed8cf
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
roles/ceph-osd/tasks/activate_osds.yml
View File

@ -41,6 +41,16 @@
- include: osd_fragment.yml - include: osd_fragment.yml
when: crush_location when: crush_location
- name: set selinux to permissive and make it persistent
selinux:
policy: targeted
state: permissive
when:
ansible_selinux != false and
ansible_selinux['status'] == 'enabled' and
ansible_selinux['config_mode'] != 'disabled' and
not is_ceph_infernalis
- name: start and add that the osd service(s) to the init sequence (before infernalis) - name: start and add that the osd service(s) to the init sequence (before infernalis)
service: service:
name: ceph name: ceph