From: Deepak C Shetty <deepakcs@redhat.com>
Date: Fri, 11 Mar 2016 09:25:25 +0000 (+0000)
Subject: ceph-osd: Set selinux to permissive
X-Git-Tag: v1.0.3~24^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F619%2Fhead;p=ceph-ansible.git

ceph-osd: Set selinux to permissive

Currently we don't yet support runnings OSDs w/ selinux in
enforcing mode. Thus its better to ensure that ceph-ansible
explicitly makes selinux permissive. This should help in
scenarios such as hyperconverged where OSDs are colocated
with VMs on compute nodes which needs selinux enforcing, but
OSDs don't.

Signed-off-by: Deepak C Shetty <deepakcs@redhat.com>
---

diff --git a/roles/ceph-osd/tasks/activate_osds.yml b/roles/ceph-osd/tasks/activate_osds.yml
index 956c0cc5b..b9b7c1f02 100644
--- a/roles/ceph-osd/tasks/activate_osds.yml
+++ b/roles/ceph-osd/tasks/activate_osds.yml
@@ -41,6 +41,16 @@
 - include: osd_fragment.yml
   when: crush_location
 
+- name: set selinux to permissive and make it persistent
+  selinux:
+    policy: targeted
+    state: permissive
+  when:
+    ansible_selinux != false and
+    ansible_selinux['status'] == 'enabled' and
+    ansible_selinux['config_mode'] != 'disabled' and
+    not is_ceph_infernalis
+
 - name: start and add that the osd service(s) to the init sequence (before infernalis)
   service:
     name: ceph