- (ceph_tcmalloc_max_total_thread_cache | int) > 0
- osd_objectstore == 'filestore'
- (ceph_origin == 'repository' or ceph_origin == 'distro')
+
+- name: include selinux.yml
+ include_tasks: selinux.yml
+ when:
+ - ansible_facts['os_family'] == 'RedHat'
+ - inventory_hostname in groups.get(nfs_group_name, [])
+ or inventory_hostname in groups.get(rgwloadbalancer_group_name, [])
\ No newline at end of file
--- /dev/null
+---
+- name: if selinux is not disabled
+ when: ansible_facts['selinux']['status'] == 'enabled'
+ block:
+ - name: install policycoreutils-python
+ package:
+ name: policycoreutils-python
+ state: present
+ register: result
+ until: result is succeeded
+ when: ansible_facts['distribution_major_version'] == '7'
+
+ - name: install python3-policycoreutils on RHEL 8
+ package:
+ name: python3-policycoreutils
+ state: present
+ register: result
+ until: result is succeeded
+ when:
+ - inventory_hostname in groups.get(nfs_group_name, [])
+ or inventory_hostname in groups.get(rgwloadbalancer_group_name, [])
+ - ansible_facts['distribution_major_version'] == '8'
+++ /dev/null
----
-- name: check if selinux is enabled
- command: getenforce
- register: selinuxstatus
- changed_when: false
- failed_when: false
- check_mode: no
-
-- name: if selinux is not disable
- when: selinuxstatus.stdout != 'Disabled'
- block:
- - name: install policycoreutils-python
- package:
- name: policycoreutils-python
- state: present
- register: result
- until: result is succeeded
- when: ansible_facts['distribution_major_version'] == '7'
-
- - name: install nfs-ganesha-selinux and python3-policycoreutils on RHEL 8
- package:
- name: ['nfs-ganesha-selinux', 'python3-policycoreutils']
- state: present
- register: result
- until: result is succeeded
- when: ansible_facts['distribution_major_version'] == '8'
-
- - name: add ganesha_t to permissive domain
- selinux_permissive:
- name: ganesha_t
- permissive: true
- failed_when: false
import_tasks: create_rgw_nfs_user.yml
when: groups.get(mon_group_name, []) | length > 0
+- name: install nfs-ganesha-selinux on RHEL 8
+ package:
+ name: nfs-ganesha-selinux
+ state: present
+ register: result
+ until: result is succeeded
+ when:
+ - not containerized_deployment | bool
+ - inventory_hostname in groups.get(nfs_group_name, [])
+ - ansible_facts['os_family'] == 'RedHat'
+ - ansible_facts['distribution_major_version'] == '8'
+
# NOTE (leseb): workaround for issues with ganesha and librgw
-- name: include ganesha_selinux_fix.yml
- import_tasks: ganesha_selinux_fix.yml
+- name: add ganesha_t to permissive domain
+ selinux_permissive:
+ name: ganesha_t
+ permissive: true
+ failed_when: false
when:
- not containerized_deployment | bool
- ansible_facts['os_family'] == 'RedHat'
+ - ansible_facts['selinux']['status'] == 'enabled'
- name: nfs with external ceph cluster task related
when:
- restart keepalived
- name: selinux related tasks
- when: ansible_facts['os_family'] == 'RedHat'
+ when:
+ - ansible_facts['os_family'] == 'RedHat'
+ - ansible_facts['selinux']['status'] == 'enabled'
block:
- name: set_fact rgw_ports
set_fact:
projects / ceph-ansible.git / commitdiff