SELinux configuration

The final task of the role is to set HTTP in SELinux to be permissive; to do this, we have the following variable in  roles/stack-config/defaults/main.yml:

selinux:
  http_permissive: true

The task in roles/stack-config/tasks/main.yml has a condition that runs if selinux.http_permissive equals true:

- name: set the selinux allowing httpd_t to be permissive is required
  selinux_permissive:
    name: httpd_t
    permissive: true
  when: selinux.http_permissive == true

We will be looking more at SELinux in a later chapter; for now, we are just allowing all HTTP requests.