The final task of the role is to set HTTP in SELinux to be permissive; to do this, we have the following variable in roles/stack-config/defaults/main.yml:
selinux: http_permissive: true
The task in roles/stack-config/tasks/main.yml has a condition that runs if selinux.http_permissive equals true:
- name: set the selinux allowing httpd_t to be permissive is required selinux_permissive: name: httpd_t permissive: true when: selinux.http_permissive == true
We will be looking more at SELinux in a later chapter; for now, we are just allowing all HTTP requests.