| --- |
| - name: Refresh setup facts |
| setup: |
| |
| #- name: Report selinux status |
| # debug: |
| # var: ansible_selinux.status |
| |
| - name: Indicate whether selinux is disabled |
| cache: |
| key: 'selinux_disabled' |
| value: "{{ ansible_selinux.status == 'disabled' }}" |
| |
| - name: Permanently disable SELINUX |
| selinux: state=disabled |
| when: ansible_selinux.status == 'enabled' |
| register: selinux_disabled |
| |
| - name: Restart node |
| debug: |
| msg: 'SELinux MUST be disabled, selinux has been updated, please restart node now...' |
| when: selinux_disabled.changed |
