tasks/main.yml - private-cloud-ansible-playbooks/apigee-opdk-setup-selinux-disable - Git at Google

 ---
 - name: Refresh setup facts
   setup:

 - name: Indicate whether selinux is disabled
   cache:
     key: 'selinux_disabled'
     value: "{{ ansible_selinux.status == 'disabled' }}"

 - name: Confirm existence of selinux config file
   stat:
     path: /etc/sysconfig/selinux
   register: selinux_state

 - block:
   - name: Permanently disable SELINUX
     selinux:
       state: disabled
     when:  ansible_selinux.status == 'enabled'
     register: selinux_disabled

   - name: Persist SELINUX disabled state
     lineinfile:
       path: /etc/sysconfig/selinux
       line: 'SELINUX=disabled'
       regexp: '^SELINUX=.*'
   become: yes
   when: selinux_state.stat.exists

 - name: Restart node
   debug:
     msg: 'SELinux MUST be disabled, selinux has been updated, please restart node now...'
   when: selinux_disabled.changed
	---
	- name: Refresh setup facts
	setup:

	- name: Indicate whether selinux is disabled
	cache:
	key: 'selinux_disabled'
	value: "{{ ansible_selinux.status == 'disabled' }}"

	- name: Confirm existence of selinux config file
	stat:
	path: /etc/sysconfig/selinux
	register: selinux_state

	- block:
	- name: Permanently disable SELINUX
	selinux:
	state: disabled
	when: ansible_selinux.status == 'enabled'
	register: selinux_disabled

	- name: Persist SELINUX disabled state
	lineinfile:
	path: /etc/sysconfig/selinux
	line: 'SELINUX=disabled'
	regexp: '^SELINUX=.*'
	become: yes
	when: selinux_state.stat.exists

	- name: Restart node
	debug:
	msg: 'SELinux MUST be disabled, selinux has been updated, please restart node now...'
	when: selinux_disabled.changed