From 4f98f08ffa53425ab474e53c22c572d14c91a47d Mon Sep 17 00:00:00 2001
From: pengdake <19921207pq@gmail.com>
Date: Wed, 31 Jan 2018 21:41:41 +0800
Subject: [PATCH] Update task about selinux set.

1.Fix the invalid value about selinux policy
2.Update description of task about selinux.The permissive mode
need enable selinux.The parameter named "disable_selinux" is not good.
In order to customize selinux modes, we need a new
parameter named "selinux_state".

Closes-Bug: #1749046
Change-Id: I20c084cf2e46cc0de149afbd34c6dcb77a1051f4
---
 ansible/roles/baremetal/defaults/main.yml                 | 4 +++-
 ansible/roles/baremetal/tasks/post-install.yml            | 8 ++++----
 .../notes/add-state-for-selinux-3ab41a8d1c3b099e.yaml     | 6 ++++++
 3 files changed, 13 insertions(+), 5 deletions(-)
 create mode 100644 releasenotes/notes/add-state-for-selinux-3ab41a8d1c3b099e.yaml

diff --git a/ansible/roles/baremetal/defaults/main.yml b/ansible/roles/baremetal/defaults/main.yml
index 62584c8b2..aff8ccfe5 100644
--- a/ansible/roles/baremetal/defaults/main.yml
+++ b/ansible/roles/baremetal/defaults/main.yml
@@ -12,7 +12,9 @@ create_kolla_user: True
 
 enable_host_ntp: True
 
-disable_selinux: True
+change_selinux: True
+
+selinux_state: "permissive"
 
 docker_storage_driver: ""
 
diff --git a/ansible/roles/baremetal/tasks/post-install.yml b/ansible/roles/baremetal/tasks/post-install.yml
index 63b8a3a8f..2a19455d5 100644
--- a/ansible/roles/baremetal/tasks/post-install.yml
+++ b/ansible/roles/baremetal/tasks/post-install.yml
@@ -115,13 +115,13 @@
     - ansible_os_family == "RedHat"
     - enable_host_ntp | bool
 
-- name: Disable selinux
+- name: Change state of selinux
   selinux:
-    policy: target
-    state: permissive
+    policy: targeted
+    state: "{{ selinux_state }}"
   become: true
   when:
-    - disable_selinux | bool
+    - change_selinux | bool
     - ansible_os_family == "RedHat"
 
 - name: Reboot
diff --git a/releasenotes/notes/add-state-for-selinux-3ab41a8d1c3b099e.yaml b/releasenotes/notes/add-state-for-selinux-3ab41a8d1c3b099e.yaml
new file mode 100644
index 000000000..6a4ec5a43
--- /dev/null
+++ b/releasenotes/notes/add-state-for-selinux-3ab41a8d1c3b099e.yaml
@@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Add a new parameter for changing selinux state. The default value is
+    "permissive". Update a parameter named "disable_selinux", use
+    "change_selinux" instead of it.
-- 
GitLab