openstack/kayobe
Code Issues Proposed changes

Don't disable SELinux if it is not installed

Browse Source 
Kayobe has a role to disable SELinux. Some systems do not have SELinux
installed (this can be reproduced by removing the selinux-policy package
and removing /etc/selinux/config). This causes the selinux
Ansible module to fail, since it can't write to /etc/selinux/config:

    Please install SELinux-policy package, if this package is not
    installed previously.

This change fixes the issue by only disabling SELinux if the config file
exists.

Change-Id: I25c7282c1e8dcdee3e7feddef9d66ca5beeb1bce
Story: 2007704
Task: 39820
This commit is contained in:
Mark Goddard
2020-05-21 12:28:05 +01:00
parent f2c2114370
commit 09754df82f
2 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ansible/roles/disable-selinux/tasks/main.yml
View File

@@ -5,11 +5,17 @@
state: present state: present
become: True become: True
- name: Check if SELinux configuration file exists
stat:
path: /etc/selinux/config
register: stat_result
- name: Ensure SELinux is disabled - name: Ensure SELinux is disabled
selinux: selinux:
state: disabled state: disabled
register: selinux_result register: selinux_result
become: True become: True
when: stat_result.stat.exists
- block: - block:
- name: Set a fact to determine whether we are running locally - name: Set a fact to determine whether we are running locally

6
releasenotes/notes/fix-disable-selinux-not-installed-eff17c715efc1fdb.yaml Normal file
View File

@@ -0,0 +1,6 @@
---
fixes:
- |
Fixes an issue where disabling SELinux would fail on systems without
SELinux installed. See `story 2007704
<https://storyboard.openstack.org/#!/story/2007704>`__.