213cbfcdb5
Sometimes it's necessary to configure SELinux before it's enabled on the
system. There's `ignore_selinux_state` which should allow it. Before
this change `seboolean` module failed on SELinux disabled system even
with `ignore_selinux_state: true` and SELinux policy installed while
`semanage boolean` worked as expected:
$ ansible -i 192.168.121.153, -m seboolean -a "name=ssh_sysadm_login state=on ignore_selinux_state=true" all
192.168.121.153 | FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"msg": "Failed to get list of boolean names"
}
$ ssh root@192.168.121.153 semanage boolean -l | grep ssh_sysadm_login
ssh_sysadm_login (off , off) Allow ssh to sysadm login
It's caused by `selinux.security_get_boolean_names()` and
`selinux.security_get_boolean_active(name)` which required SELinux
enabled system.
This change adds a fallback to semanage API which works in SELinux
disabled system when SELinux targeted policy is installed:
ANSIBLE_LIBRARY=plugins/modules ansible -i 192.168.121.153, -m seboolean -a "name=ssh_sysadm_login state=on persistent=true ignore_selinux_state=true" all
192.168.121.153 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": true,
"name": "ssh_sysadm_login",
"persistent": true,
"state": true
}
$ ssh root@192.168.121.153 semanage boolean -l | grep ssh_sysadm_login
ssh_sysadm_login (on , on) Allow ssh to sysadm login
Note that without `persistent=true` this module is effectively NO-OP now.
Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
|
||
|---|---|---|
| .azure-pipelines | ||
| .github | ||
| changelogs | ||
| docs | ||
| hacking | ||
| meta | ||
| plugins | ||
| tests | ||
| .gitignore | ||
| bindep.txt | ||
| CHANGELOG.rst | ||
| codecov.yml | ||
| COPYING | ||
| galaxy.yml | ||
| PSF-license.txt | ||
| README.md | ||
| requirements.txt | ||
| shippable.yml | ||
| test-requirements.txt | ||
ansible.posix
An Ansible Collection of modules and plugins that target POSIX UNIX/Linux and derivative Operating Systems.
Supported Versions of Ansible
Ansible version compatibility
This collection has been tested against following Ansible versions: >=2.9.
For collections that support Ansible 2.9, please ensure you update your network_os to use the
fully qualified collection name (for example, cisco.ios.ios).
Plugins and modules within a collection may be tested with only specific Ansible versions.
A collection may contain metadata that identifies these versions.
PEP440 is the schema used to describe the versions of Ansible.
Included content
Modules
| Name | Description |
|---|---|
| ansible.posix.acl | Set and retrieve file ACL information. |
| ansible.posix.at | Schedule the execution of a command or script file via the at command |
| ansible.posix.authorized_key | Adds or removes an SSH authorized key |
| ansible.posix.firewalld | Manage arbitrary ports/services with firewalld |
| ansible.posix.firewalld_info | Gather information about firewalld |
| ansible.posix.mount | Control active and configured mount points |
| ansible.posix.patch | Apply patch files using the GNU patch tool |
| ansible.posix.rhel_facts | Facts module to set or override RHEL specific facts. |
| ansible.posix.rhel_rpm_ostree | Ensure packages exist in a RHEL for Edge rpm-ostree based system |
| ansible.posix.rpm_ostree_upgrade | Manage rpm-ostree upgrade transactions |
| ansible.posix.seboolean | Toggles SELinux booleans |
| ansible.posix.selinux | Change policy and state of SELinux |
| ansible.posix.synchronize | A wrapper around rsync to make common tasks in your playbooks quick and easy |
| ansible.posix.sysctl | Manage entries in sysctl.conf. |
Installing this collection
You can install the ansible.posix collection with the Ansible Galaxy CLI:
ansible-galaxy collection install ansible.posix
You can also include it in a requirements.yml file and install it with ansible-galaxy collection install -r requirements.yml, using the format:
---
collections:
- name: ansible.posix
Using this collection
See Ansible Using collections for more details.
NOTE: For Ansible 2.9, you may not see deprecation warnings when you run your playbooks with this collection. Use this documentation to track when a module is deprecated.
Contributing to this collection
We welcome community contributions to this collection. See Contributing to Ansible-maintained collections for complete details.
Code of Conduct
This collection follows the Ansible project's Code of Conduct. Please read and familiarize yourself with this document.
Release notes
See changelog for more details.
External requirements
None
Tested with Ansible
- ansible-core 2.14 (devel)
- ansible-core 2.13 (stable)
- ansible-core 2.12 (stable)
- ansible-core 2.11 (stable)
- ansible-base 2.10 (stable)
- ansible 2.9 (stable)
Roadmap
More information
- Ansible Collection overview
- Ansible User guide
- Ansible Developer guide
- Ansible Community code of conduct
Licensing
GNU General Public License v3.0 or later.
See COPYING to see the full text.