Add a exclude on logserver so we don't have to wait hours for updates on restorecon on selinux policy updates.

2 files changed, 8 insertions, 0 deletions

diff --git a/files/logserver/fixfiles_exclude_dirs b/files/logserver/fixfiles_exclude_dirs
new file mode 100644
index 000000000..81a340f02
--- /dev/null
+++ b/files/logserver/fixfiles_exclude_dirs
@@ -0,0 +1 @@
+/var/log/hosts
diff --git a/playbooks/groups/logserver.yml b/playbooks/groups/logserver.yml
index 67399a63b..b5e5a88a7 100644
--- a/playbooks/groups/logserver.yml
+++ b/playbooks/groups/logserver.yml
@@ -28,6 +28,13 @@
   - include: "{{ tasks }}/2fa_client.yml"
   - include: "{{ tasks }}/motd.yml"
 
+#
+# We exclude some dirs from restorecon on updates on logservers as they are very large
+# and it takes a long long time to run restorecon over them. 
+#
+  - name: exclude some directories from selinux relabeling on updates
+    copy: src="{{ files }}"/logserver/fixfiles_exclude_dirs dest=/etc/selinux/fixfiles_exclude_dirs owner=root mode=0644
+
   handlers:
   - include: "{{ handlers }}/restart_services.yml"
   - include: "{{ handlers }}/semanage.yml"