Dustin C. Hatch
bc4c7edbad
If the Python bindings for SELinux policy management are not installed
when Ansible gathers host facts, no SELinux-related facts will be set.
Thus, any tasks that are conditional based on these facts will not run.
Typically, such tasks are required for SELinux-enabled hosts, but must
not be performed for non-SELinux hosts. If they are not run when they
should, the deployment may fail or applications may experience issues at
runtime.
To avoid these potential issues, the *base* role now forces Ansible to
gather facts again if it installed the Python SELinux bindings.
Note: one might suggest using `meta: clear_facts` instead of `setup` and
letting Ansible decide if and when to gather facts again. Unfortunately,
this for some reason doesn't work; the `clear_facts` meta task just
causes Ansible to crash with a "shared connection to {host} closed."
35 lines
736 B
YAML
35 lines
736 B
YAML
- name: load distribution-specific values
|
|
include_vars: '{{ item }}'
|
|
with_first_found:
|
|
- '{{ ansible_distribution }}.yml'
|
|
- defaults.yml
|
|
tags:
|
|
- always
|
|
|
|
- name: ensure selinux python bindings are installed
|
|
package:
|
|
name: '{{ selinux_python_libs }}'
|
|
state: present
|
|
notify:
|
|
- gather facts
|
|
tags:
|
|
- install
|
|
|
|
- name: ensure root password is set
|
|
user:
|
|
name: root
|
|
password: '{{ root_password_hash }}'
|
|
when: root_password_hash is defined
|
|
tags:
|
|
- root-user
|
|
- user
|
|
- name: ensure ssh keys are authorized for root login
|
|
ansible.posix.authorized_key:
|
|
user: root
|
|
exclusive: true
|
|
key: '{{ root_authorized_keys }}'
|
|
when: root_authorized_keys is defined
|
|
tags:
|
|
- root-user
|
|
- ssh-key
|