Ansible, Vagrant and SELinux

Disabling in Vagrantfile

config.vm.provision :shell, :inline => "setenforce 0", run: "always"

is fine except it will be run after after server has started so services like Apache will already have broken

Disabling in the playbook

- name: Install nano, git, etc
        yum: pkg={{ item }} state=installed
    - policycoreutils-python

    - name: Remove SELinux for Apache
    selinux_permissive: name=httpd_t permissive=true

Disabling SELinux manually

vi /etc/selinux/config
change the SELINUX line to SELINUX=disabled