Bobcares

How to use Ansible to disable SELinux in a remote host?

by | Feb 29, 2020

Do you want to disable SELinux in remote hosts using Ansible? We can help you.

Even though SELinux is a security module, users often disable it when it affects the working of the application.

At Bobcares, we get requests to manage SELinux using Ansible, as a part of our Server Management Services.

Today, let’s see how our Support Engineers do this without fail.

 

What is SELinux?

SELinux aka Security-Enhanced Linux is a Linux kernel module. It allows users to have control over access control. That is it controls access over users, files, and other resources in a Linux system. This offers additional permission over traditional Linux filesystem permission.

There are three modes or states for SELinux.

  • Enforcing: This mode allows access based on SELinux policy rules.
  • Permissive: In this mode, SELinux just logs actions denied in enforcing mode.
  • Disabled: This mode does not load any SELinux policy.

Now let’s see how can we use Ansible to configure SELinux in a remote host.

 

Using Ansible to configure mode and policy of SELinux

Ansible is an IT management tool. It allows one to make changes in a machine remotely without actually logging in.

We can use Ansible to configure SELinux modes and policies. This may require a reboot, but Ansible will just notify this if needed.

But to manage SELinux, Ansible needs a module named libselinux-python. The libselinux-python is a package for SELinux python binding.

So while creating a playbook to manage SELinux always install the libselinux-python module in the remote server.

Now let’s see how our Support Engineers disable SELinux using Ansible.

 

How do we disable SELinux using Ansible?

To disable SELinux we need to execute the following tasks. So we edit the associated YAML file that holds the tasks Ansible execute.

Users can either add tasks in the Playbook itself or else add tasks in a tasks file and specify about this in the Playbook. Also, the playbook will contain the host details where we want to disable SELinux. And the tasks in the YAML file appears as,

- name: Update repositories cache
apt: update_cache=yes

- name: Install build-essential
apt: name=build-essential state=present

- name: Install the libselinux-python package
apt: name=python-selinux state=present

- name: Disable SELinux
selinux: state=disabled

Here we first update the repository cache. Then we install the build-essential package as it includes information of software needed for compiling a package. Then we install the libselinux-python package. And finally, disable SELinux.

Later we run this playbook using the command,

ansible-playbook <name_of_the_playbook>

The output of running this Ansible playbook to disable SELinux in one host appears as,

Ansible disable SELinux.

Thus we successfully disabled SELinux in the remote host as mentioned in the Playbook.

 

[Need assistance in managing servers using Ansible? – We can help you.]

 

Conclusion

So far we saw how our Support Engineers use Ansible to disable SELinux in a remote host. We use a properly configured Ansible playbook to disable SELinux successfully.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.