ceph-nfs: apply selinux fix anyway

Because ansible_distribution_version doesn't return minor version on CentOS with ansible 2.8 we can apply the selinux anyway but only for CentOS/RHEL 7. Starting RHEL 8, there's a dedicated package for selinux called nfs-ganesha-selinux [1]. Also replace the command module + semanage by the selinux_permissive module. [1] https://github.com/nfs-ganesha/nfs-ganesha/commit/a7911f Signed-off-by: Dimitri Savineau <dsavinea@redhat.com> (cherry picked from commit 0ee833432e)
2019-04-18 10:02:12 -04:00 · 2019-04-18 10:02:12 -04:00 · 6e917da52a
parent 78ce0aa0b5
commit 6e917da52a
2 changed files with 22 additions and 20 deletions
--- a/roles/ceph-nfs/tasks/ganesha_selinux_fix.yml
+++ b/roles/ceph-nfs/tasks/ganesha_selinux_fix.yml
@ -6,25 +6,28 @@
  failed_when: false
  check_mode: no

- name: install policycoreutils-python to get semanage
+- name: if selinux is not disable
+  when: selinuxstatus.stdout != 'Disabled'
+  block:
+    - name: install policycoreutils-python
      package:
        name: policycoreutils-python
        state: present
      register: result
      until: result is succeeded
-  when: selinuxstatus.stdout != 'Disabled'
+      when: ansible_distribution_major_version == '7'

- name: test if ganesha_t is already permissive
-  shell: |
-    semanage permissive -l | grep -soq ganesha_t
-  changed_when: false
+    - name: add ganesha_t to permissive domain
+      selinux_permissive:
+        name: ganesha_t
+        permissive: true
      failed_when: false
-  register: ganesha_t_permissive
+      when: ansible_distribution_major_version == '7'

- name: run semanage permissive -a ganesha_t
-  command: semanage permissive -a ganesha_t
-  changed_when: false
-  failed_when: false
-  when:
-    - selinuxstatus.stdout != 'Disabled'
-    - ganesha_t_permissive.rc != 0
+    - name: install nfs-ganesha-selinux on RHEL 8
+      package:
+        name: nfs-ganesha-selinux
+        state: present
+      register: result
+      until: result is succeeded
+      when: ansible_distribution_major_version == '8'
--- a/roles/ceph-nfs/tasks/main.yml
+++ b/roles/ceph-nfs/tasks/main.yml
@ -24,7 +24,6 @@
  when:
    - not containerized_deployment
    - ansible_os_family == 'RedHat'
-    - ansible_distribution_version >= '7.4'

 - name: include start_nfs.yml
  import_tasks: start_nfs.yml