mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
4c52fdb9d9
Using `local: true` users can enforce to work only with local policy modifications. i.e. # Without `local`, no new modification is added when port already exists $ sudo ansible -m seport -a 'ports=22 state=present setype=ssh_port_t proto=tcp' localhost localhost | SUCCESS => { "changed": false, "ports": [ "22" ], "proto": "tcp", "setype": "ssh_port_t", "state": "present" } $ sudo semanage port -l -C # With `local`, a port is always added/changed in local modification list $ sudo ansible -m seport -a 'ports=22 state=present setype=ssh_port_t proto=tcp local=true' localhost localhost | CHANGED => { "changed": true, "ports": [ "22" ], "proto": "tcp", "setype": "ssh_port_t", "state": "present" } $ sudo semanage port -l -C SELinux Port Type Proto Port Number ssh_port_t tcp 22 # With `local`, seport removes the port only from local modifications $ sudo ansible -m seport -a 'ports=22 state=absent setype=ssh_port_t proto=tcp local=true' localhost localhost | CHANGED => { "changed": true, "ports": [ "22" ], "proto": "tcp", "setype": "ssh_port_t", "state": "absent" } $ sudo semanage port -l -C # Even though the port is still defined in system policy, the module # result is success as there's no port local modification $ sudo ansible -m seport -a 'ports=22 state=absent setype=ssh_port_t proto=tcp local=true' localhost localhost | SUCCESS => { "changed": false, "ports": [ "22" ], "proto": "tcp", "setype": "ssh_port_t", "state": "absent" } # But it fails without `local` as it tries to remove port defined in # system policy $ sudo ansible -m seport -a 'ports=22 state=absent setype=ssh_port_t proto=tcp' localhost An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ValueError: Port tcp/22 is defined in policy, cannot be deleted localhost | FAILED! => { "changed": false, "msg": "ValueError: Port tcp/22 is defined in policy, cannot be deleted\n" } Signed-off-by: Petr Lautrbach <plautrba@redhat.com> Signed-off-by: Petr Lautrbach <plautrba@redhat.com> |
||
---|---|---|
.. | ||
.keep | ||
4520-xfconf-deprecate-disable-facts.yml | ||
4654-alternatives-add-subcommands.yml | ||
4674-use-mh-raise.yaml | ||
4682-compatibility-virtualmedia-resource-location.yaml | ||
4700-code-changes.yml | ||
4712-consul-bugfix.yaml | ||
4719-fix-keycloak-realm.yaml | ||
4724-proxmox-qemu-extend.yaml | ||
4726-zfs.yml | ||
4733-redis-fail.yml | ||
4736-cmd-runner-skip-if-check.yml | ||
4740-puppet-feature.yaml | ||
4746-add-vpn-support-nmcli.yaml | ||
4752-ansible-galaxy-install-mh-updates.yml | ||
4755-mhexception-improvement.yml | ||
4776-xfconf-cmd-runner.yaml | ||
4777-cmd-runner-deprecate-fmt.yaml | ||
4778-gconftool2-deprecate-state-get.yaml | ||
4780-passwordstore-wrapper-compat.yml | ||
4791-cmd-runner-callable.yaml | ||
4794-sudoers-validation.yml | ||
4809-redhat_subscription-unsubscribe.yaml | ||
4810-alternatives-bug.yml | ||
4812-expose-unredirected-headers.yml | ||
4813-fix-nmcli-convert-list.yaml | ||
4814-sudoers-file-permissions.yml | ||
4816-proxmox-fix-extended-status.yaml | ||
4836-alternatives.yml | ||
4839-fix-VirtualMediaInsert-Supermicro.yml | ||
4849-add-password-prompt-support-for-machinectl.yml | ||
4852-sudoers-state-absent.yml | ||
4886-fix-lxd-inventory-hostname.yml | ||
4899-add-GetManagerInventory-for-redfish_info.yml | ||
4901-fix-redfish-chassispower.yml | ||
4903-cmdrunner-bugfix.yaml | ||
4910-fix-for-agent-enabled.yml | ||
4911-dsv-honor-tld-option.yml | ||
4916-opentelemetry-ini-options.yaml | ||
4933-fix-rax-clb-nodes.yaml | ||
4945-fix-get_vm-int-parse-handling.yaml | ||
4953-listen-ports-facts-extend-output.yaml | ||
4955-fix-path-detection-for-gopass.yaml | ||
4956-pacman-install-reason.yaml | ||
4959-pacman-fix-url-packages-name.yaml | ||
4964-fix-keyring-info.yml | ||
4973-introduce-dig-lookup-argument.yaml | ||
4975-xfconf-use-do-raise.yaml | ||
4976-apk-add-support-for-a-custom-world-file.yaml | ||
4996-consul-session-ttl.yml | ||
4999-xfconf-bool.yml | ||
5019-slack-support-more-groups.yml | ||
5022-lastpass-lookup-cleanup.yml | ||
5023-http-agent-param-keycloak.yml | ||
5027-fix-returnall-for-gopass.yaml | ||
5035-mh-base-verbosity.yaml | ||
5037-xfconf-add-cmd-output.yaml | ||
5059-wdc_redfish_command-indicator-leds.yml | ||
5085-pipx-use-cmd-runner.yaml | ||
5100-pipx-req-if.yaml | ||
5105-pipx-state-latest.yaml | ||
5107-proxmox-agent-argument.yaml | ||
5108-proxmox-node-name-condition.yml | ||
5111-fixes.yml | ||
5112-fix-nsupdate-ns-entry.yaml | ||
5124-compatibility-virtualmedia-resource-location.yaml | ||
5129-dig-boolean-params-fix.yml | ||
5151-add-delinea-support-tss-lookup.yml | ||
5194-fix-proxmox-agent-exception.yaml | ||
5203-seport-add-local-argument.yaml | ||
licenses-2.yml | ||
licenses.yml | ||
psf-license.yml | ||
simplified-bsd-license.yml |