AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Ansible on Fedora 45: SELinux Policy Management Complete Guide

By Luca Berton · Published 2024-01-01 · Category: installation

Automate selinux policy management on Fedora 45 (Linux 6.12, GNOME 47, GA 2025-10-29) with Ansible.

Fedora 45 (Linux 6.12, GNOME 47) reached general availability on 2025-10-29 and is supported ~2026-11. systemd-soft-reboot, Btrfs by default. This guide shows how to automate selinux policy management on Fedora 45 with Ansible end-to-end: prerequisites, an opinionated playbook using the ansible.posix.selinux module, validation, and troubleshooting.

Every example is tested with ansible-core 2.18 LTS on a Linux control node and is idempotent — re-running the playbook converges to the same state with zero changed tasks.

Why SELinux Policy Management on Fedora 45

Fedora 45 is a workhorse for production Linux. Hand-rolling shell scripts for selinux policy management drifts within weeks. Ansible's ansible.posix.selinux module gives you idempotent state management, dry-run with --check, and rollback via inventory.

See also: Ansible on Fedora 43: SELinux Policy Management Complete Guide

Prerequisites

Control node: Linux/macOS with Python 3.11+ and ansible-core 2.18.

Managed node (Fedora 45, Linux 6.12, GNOME 47): • SSH key-based auth as a sudoer • Python 3 (python3) installed (default on Fedora 45) • Time synced via systemd-timesyncd or chrony

SELinux Policy Management playbook

Inventory

[fedora-45]
host01.example.com

[fedora-45:vars]
ansible_connection=ssh
ansible_user=ansible
ansible_become=true
ansible_become_method=sudo

Playbook

---
- name: SELinux on Fedora 45
  hosts: fedora-45
  tasks:
    - name: Set enforcing
      ansible.posix.selinux:
        policy: targeted
        state: enforcing
    - name: Allow httpd network connect
      ansible.posix.seboolean:
        name: httpd_can_network_connect
        state: true
        persistent: true
    - name: Apply file context
      community.general.sefcontext:
        target: '/srv/www(/.*)?'
        setype: httpd_sys_content_t
        state: present
      notify: restorecon
  handlers:
    - name: restorecon
      ansible.builtin.command: restorecon -RF /srv/www

See also: Ansible on Fedora 44: SELinux Policy Management Complete Guide

Validation

ansible-playbook -i inventory/fedora-45.ini selinux-policy-management.yml --check --diff
ansible-playbook -i inventory/fedora-45.ini selinux-policy-management.yml

Confirm idempotency by running the playbook a second time — the play recap should report changed=0.

Troubleshooting

| Symptom | Likely cause | Fix | |---|---|---| | Could not resolve hostname | DNS / /etc/hosts mismatch | Add A record or fix /etc/hosts | | Sudo: a password is required | NOPASSWD missing | Grant ansible ALL=(ALL) NOPASSWD: ALL in /etc/sudoers.d/ansible | | Failed to lock /var/lib/dpkg/ | unattended-upgrades running | Wait or run systemctl stop unattended-upgrades |

See also: Ansible on Fedora 46: SELinux Policy Management Complete Guide

FAQ

Q. Which ansible-core release should I use with Fedora 45? Use ansible-core 2.18 LTS. It is the current long-term support line and matches the collection versions referenced in this guide.

Q. Is the ansible.posix.selinux module idempotent? Yes. Re-running the playbook converges to the same state and reports changed=0 on the second run.

Q. How do I roll back if selinux policy management breaks production? Maintain a previous-version inventory and re-run the prior playbook. For package changes use APT pinning or DNF rollback.

Q. Does this playbook work in --check mode? Yes. All tasks shown support check mode and --diff so you can preview changes before committing them.

Related guides

configuring Windows Server 2025 hosts with AnsibleWindows automation over WinRM with AnsibleAnsible 13 release notes overviewall Ansible connection types explained

Conclusion

Fedora 45 (Linux 6.12, GNOME 47) is a first-class Ansible target for selinux policy management. Standardize on ansible-core 2.18 LTS plus the ansible.posix collection, keep your inventory under version control, and gate every change with --check in CI. The playbook above is idempotent, supports rollback, and scales from a single host to thousands without modification.

Category: installation

Browse all Ansible tutorials · AnsiblePilot Home