trinityX icon indicating copy to clipboard operation
trinityX copied to clipboard
verified publisher icon clustervision

SELinux | prepare.sh vs ansible

Open xdkreij opened this issue 2 years ago • 2 comments

prepare.sh selinux config # To disable SElinux on the controller node setenforce 0 sed -i 's/SELINUX=enforcing/SELINUX=permissive/g' /etc/selinux/config

Error running ansible-playbook controller.yml TASK [trinity/bind : Selinux fcontext on files] **************************************************************************************************** fatal: [d-vcpu-srv-01]: FAILED! => {"changed": false, "msg": "SELinux is disabled on this host."}

Expected results

  • prepare.sh to re-enable selinux again and reboot host (to re-enable selinux)
  • AND ansible role to verify if SELinux is enabled & enable it first when it is not

xdkreij avatar Dec 15 '23 10:12 xdkreij

Yes, this is due to the fact you can't go from disabled to permissive without a reboot. The software only supports permissive and enforced is being planned. We will discuss internally how to address this.

msteggink avatar Dec 18 '23 16:12 msteggink

Yes, this is due to the fact you can't go from disabled to permissive without a reboot. The software only supports permissive and enforced is being planned. We will discuss internally how to address this.

It's an easy workaround of course; But in theory, SELinux shouldn't have to be disabled in the first place (most ideal solution)

xdkreij avatar Dec 18 '23 20:12 xdkreij