| --- | |
| - name: Refresh setup facts | |
| setup: | |
| - name: Report selinux status | |
| debug: | |
| var: ansible_selinux.status | |
| - name: Indicate whether selinux is disabled | |
| cache: | |
| key: 'selinux_disabled' | |
| value: "{{ ansible_selinux.status == 'disabled' | bool }}" | |
| - name: Permanently disable SELINUX | |
| selinux: state=disabled | |
| when: selinux_disabled == False | bool | |
| - name: Restart node | |
| debug: | |
| msg: 'SELinux MUST be disabled, selinux has been updated, please restart node now...' | |
| when: selinux_disabled == False | bool |