Jean-Philippe Evrard

I would be okay to make this completely optional, but I am also curious about your opinion on whether this can be completely removed from the role (and maybe moved...

Side note, to not run this part of the role, you only need to define this in your variables: `keepalived_selinux_compile_rules: []`

@tsabirgaliev , well, interestingly enough, other contributors are in need of this coordination for HA. As integration between roles is done in collections (which allow the sharing of playbooks), it...

For me, the way to override the variable doesn't matter much, what matters is that we define what's the good way forward: Should this part of the code be removed,...

Thanks @major ! Not really sure what `new SELinux policy booleans` means though. At least we tried to use both our memories :) I assume this means that I will...

So you meant that some keepalived selinux booleans could exist now, and an investigation has to be made to leverage them. I think I got it :) Thanks @major !

Wow thanks for that link. I think it helps me take a decision. From what I can see in that policy, the second part of the current opt-out list of...

It matches what I have seen on my side.

Hello, It is a bit hard to know without seeing your group vars ;) You can see more details about the implementation in https://github.com/evrardjp/ansible-keepalived/blob/0c9625bcc90104c72581af07bcb2e654fef14215/templates/keepalived.conf.j2#L117-L124 It looks like the `if` block...

That should work indeed. I am not sure you need to define unicast_src_ip in your case (it depends on your nics). This could simplify a bit. For the unicast_peer, there...