ceph-nfs: apply selinux fix anyway

Because ansible_distribution_version doesn't return minor version on
CentOS with ansible 2.8 we can apply the selinux anyway but only for
CentOS/RHEL 7.
Starting RHEL 8, there's a dedicated package for selinux called
nfs-ganesha-selinux [1].

Also replace the command module + semanage by the selinux_permissive
module.

[1] https://github.com/nfs-ganesha/nfs-ganesha/commit/a7911f

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 0ee833432e)
pull/4016/head
Dimitri Savineau 2019-04-18 10:02:12 -04:00 committed by Guillaume Abrioux
parent 78ce0aa0b5
commit 6e917da52a
2 changed files with 22 additions and 20 deletions

View File

@ -6,25 +6,28 @@
failed_when: false
check_mode: no
- name: install policycoreutils-python to get semanage
package:
name: policycoreutils-python
state: present
register: result
until: result is succeeded
- name: if selinux is not disable
when: selinuxstatus.stdout != 'Disabled'
block:
- name: install policycoreutils-python
package:
name: policycoreutils-python
state: present
register: result
until: result is succeeded
when: ansible_distribution_major_version == '7'
- name: test if ganesha_t is already permissive
shell: |
semanage permissive -l | grep -soq ganesha_t
changed_when: false
failed_when: false
register: ganesha_t_permissive
- name: add ganesha_t to permissive domain
selinux_permissive:
name: ganesha_t
permissive: true
failed_when: false
when: ansible_distribution_major_version == '7'
- name: run semanage permissive -a ganesha_t
command: semanage permissive -a ganesha_t
changed_when: false
failed_when: false
when:
- selinuxstatus.stdout != 'Disabled'
- ganesha_t_permissive.rc != 0
- name: install nfs-ganesha-selinux on RHEL 8
package:
name: nfs-ganesha-selinux
state: present
register: result
until: result is succeeded
when: ansible_distribution_major_version == '8'

View File

@ -24,7 +24,6 @@
when:
- not containerized_deployment
- ansible_os_family == 'RedHat'
- ansible_distribution_version >= '7.4'
- name: include start_nfs.yml
import_tasks: start_nfs.yml