ansible-install | ansible | ansible-ntp | ansible-rhel
Setting up permissive selinux by default and define a variable (here enforce) if you need enforcing
vi /etc/ansible/selinux.yml
- hosts: hosts
tasks:
- name: enforcing selinux depending on enforce var
selinux:
policy: targeted
state: enforcing
when: enforce is defined or enforce
- name: permissive selinux depending on enforce var
selinux:
policy: targeted
state: permissive
when: enforce is undefined or not enforce
also
mkdir /etc/ansible/host_vars/ vi /etc/ansible/host_var/nginx1 enforce: 1
apply and check on target systems
ansible-playbook selinux.yml #sestatus ansible hosts -m shell -a "grep ^SELINUX /etc/sysconfig/selinux" ansible hosts -m shell -a getenforce
Disabling FirewallD on RHEL7 systems and ip{6}tables on RHEL6 systems – assuming real firewalls behind the systems
vi /etc/ansible/firewalls.yml
- hosts: hosts
tasks:
- name: firewalld disabled
service: name=firewalld state=stopped enabled=no
when:
- ansible_os_family == "RedHat"
- ansible_distribution_major_version == "7"
- name: iptables disabled
service: name=iptables state=stopped enabled=no
when:
- ansible_os_family == "RedHat"
- ansible_distribution_major_version == "6"
- name: ip6tables disabled
service: name=ip6tables state=stopped enabled=no
when:
- ansible_os_family == "RedHat"
- ansible_distribution_major_version == "6"
apply and check on the target systems
ansible-playbook -C selinux.yml ansible-playbook selinux.yml ansible rhel6 -m shell -a "chkconfig --list | grep tables" ansible rhel7 -m shell -a "systemctl list-unit-files | grep tables" ansible rhel7 -m shell -a "systemctl list-unit-files | grep fire"
http://docs.ansible.com/ansible/selinux_module.html
http://docs.ansible.com/ansible/selinux_permissive_module.html
https://github.com/ansible/ansible-examples/blob/master/lamp_simple/roles/common/tasks/main.yml