-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
inital role with config options for policy, state and booleans
- Loading branch information
Showing
3 changed files
with
94 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,2 +1,65 @@ | ||
| # ansible-selinux-role | ||
| Advanced Base role to configure selinux through variables. | ||
| ansible-selinux-role | ||
| ========= | ||
|
|
||
| Allows you to configure SELinux. | ||
|
|
||
| Config options: | ||
| * policy | ||
| * state | ||
| * booleans | ||
|
|
||
| Requirements | ||
| ------------ | ||
|
|
||
| Tested on RHEL 7 and CentOS 7 only. | ||
|
|
||
| Ansible 2.0 or above | ||
|
|
||
| Role Variables | ||
| -------------- | ||
|
|
||
| The following variables are used to configure SELinux policy and state: | ||
|
|
||
| ``` | ||
| selinux_config: (optional, default: /etc/selinux/config) | ||
| selinux_policy: (optional, default: targeted) | ||
| selinux_state: (optional, only values: enforcing|permissive|disabled, default: enforcing) | ||
| ``` | ||
|
|
||
| --- | ||
|
|
||
| The following variables are used to toggle SELinux booleans: | ||
|
|
||
| ``` | ||
| selinux_boolean: | ||
| name_of_selinux_boolean: | ||
| state: (optional, only values: yes|no default: yes) | ||
| persistent: (optional, only values: yes|no, default: yes) | ||
| ``` | ||
|
|
||
| Example Playbook | ||
| ---------------- | ||
|
|
||
| ``` | ||
| - hosts: server | ||
| become: yes | ||
| become_user: root | ||
| become_method: su | ||
| roles: | ||
| - { role: ansible-selinux-role } | ||
| vars: | ||
| selinux_policy: "targeted" | ||
| selinux_state: "enforcing" | ||
| selinux_boolean: | ||
| antivirus_can_scan_system: | ||
| state: yes | ||
| persistent: yes | ||
| httpd_can_sendmail: | ||
| state: yes | ||
| persistent: yes | ||
| ``` | ||
|
|
||
| License | ||
| ------- | ||
|
|
||
| MIT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| --- | ||
| galaxy_info: | ||
| author: FlatKey | ||
| description: Advanced Base role to configure SELinux through variables. You can configure the SELinux policy, state and booleans. | ||
| license: MIT | ||
| min_ansible_version: 2.0 | ||
| platforms: | ||
| - name: EL | ||
| versions: | ||
| - 7 | ||
| galaxy_tags: | ||
| - selinux | ||
| - system | ||
| - security | ||
| - centos | ||
| - centos7 | ||
| - rhel | ||
| - rhel7 | ||
| dependencies: [] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| --- | ||
| - name: ensure libselinux-python is installed | ||
| yum: name=libselinux-python state=present | ||
|
|
||
| - name: configure selinux policy and state | ||
| selinux: conf={{selinux_config|default('/etc/selinux/config')}} policy={{selinux_policy|default('targeted')}} state={{selinux_state|default('enforcing')}} | ||
|
|
||
| - name: toggle selinux booleans | ||
| seboolean: name={{item.key}} state={{item.value.state|default('yes')}} persistent={{item.value.persistent|default('yes')}} | ||
| with_dict: "{{selinux_boolean|default({})}}" |