使用系统角色selinux

使用rhel系统角色 selinux 安装rhel系统角色软件包,并创建符合以下条件的playbook /home/studnet/ansible/selinux.yml

  • 在所有节点上运行,使用 selinux
  • 且配置被管节点的 selinuxenforcing

提示: rhel-system-roles

Answer:

yum -y install rhel-system-roles
cp -a /usr/share/ansible/roles/rhel-system-roles.selinux /home/student/ansible/roles/selinux
cp /usr/share/doc/rhel-system-roles/selinux/example-selinux-playbook.yml /home/student/ansible/
mv example-selinux-playbook.yml selinux.yml 
vim selinux.yml

对内容进行删减,留下面即可

---
- hosts: all 
  vars:
    selinux_policy: targeted
    selinux_state: enforcing
  tasks:
    - name: exectue the role and catch errors
      block:
        - include_role:
            name: selinux
      rescue:
        - name: handle errors
          fail:
            msg: "role failed"
          when: not selinux_reboot_required
        - name: restart managed host
          shell: sleep 2 && shutdown -r now "Ansible updates triggered"
          async: 1
          poll: 0
          ignore_errors: true
        - name: wait for mananged host to come back
          wait_for_connection:
            delay: 10 
            timeout: 300
        - name: reapply the role
          include_role:
            name: selinux
ansible-playbook selinux.yml

验证:

ansible all -a 'grep "^SELINUX=" /etc/selinux/config'

Ansible-selinux-0