Merge "Remove disable-selinux from default DIB elements"

ansible/inventory/group_vars/all/bifrost

@@ -28,11 +28,8 @@ kolla_bifrost_dib_os_element: "{{ os_distribution }}"
 # DIB image OS release. Default is {{ os_release }}.
 kolla_bifrost_dib_os_release: "{{ os_release }}"
 
-# List of default DIB elements. Default is ["disable-selinux",
-# "enable-serial-console", "vm"] when os_distribution is "centos" or "rocky",
-# ["enable-serial-console", "vm"] otherwise.
+# List of default DIB elements. Default is ["enable-serial-console", "vm"].
 kolla_bifrost_dib_elements_default:
-  - "{% if os_distribution in ['centos', 'rocky'] %}disable-selinux{% endif %}"
   - "enable-serial-console"
   - "vm"
 

ansible/inventory/group_vars/all/overcloud-dib

@@ -32,17 +32,11 @@ overcloud_dib_os_element: "{{ 'rocky-container' if os_distribution == 'rocky' el
 # DIB image OS release. Default is {{ os_release }}.
 overcloud_dib_os_release: "{{ os_release }}"
 
-# List of default DIB elements. Default is ["centos", "cloud-init-datasources",
-# "disable-selinux", "enable-serial-console", "vm"] when
-# overcloud_dib_os_element is "centos", or ["rocky-container",
-# "cloud-init-datasources", "disable-selinux", "enable-serial-console", "vm"]
-# when overcloud_dib_os_element is "rocky" or
-# ["ubuntu", "cloud-init-datasources", "enable-serial-console", "vm"]
-# when overcloud_dib_os_element is "ubuntu".
+# List of default DIB elements. Default is ["{{ overcloud_dib_os_element }}",
+# "cloud-init-datasources", "enable-serial-console", "vm"].
 overcloud_dib_elements_default:
   - "{{ overcloud_dib_os_element }}"
   - "cloud-init-datasources"
-  - "{% if overcloud_dib_os_element in ['centos', 'rocky'] %}disable-selinux{% endif %}"
   - "enable-serial-console"
   - "vm"
 

doc/source/configuration/reference/bifrost.rst

@@ -64,11 +64,9 @@ the default method of building images with
     *Added in the Train release. Use kolla_bifrost_dib_elements in earlier
     releases.*
 
-    List of default DIB elements. Default is ``["disable-selinux",
-    "enable-serial-console", "vm"]`` when ``os_distribution`` is ``centos`` or
-    ``rocky``, ``["enable-serial-console", "vm"]`` otherwise. The ``vm`` element
-    is poorly named, and causes DIB to build a whole disk image rather than a
-    single partition.
+    List of default DIB elements. Default is ``["enable-serial-console",
+    "vm"]``. The ``vm`` element is poorly named, and causes DIB to build a
+    whole disk image rather than a single partition.
 ``kolla_bifrost_dib_elements_extra``
     *Added in the Train release. Use kolla_bifrost_dib_elements in earlier
     releases.*

doc/source/configuration/reference/overcloud-dib.rst

@@ -55,15 +55,10 @@ the configuration drive built by Bifrost during provisioning.
 ``overcloud_dib_os_release``
     DIB image OS release. Default is ``{{ os_release }}``.
 ``overcloud_dib_elements_default``
-    List of default DIB elements. Default is ``["centos",
-    "cloud-init-datasources", "disable-selinux", "enable-serial-console",
-    "vm"]`` when ``overcloud_dib_os_element`` is ``centos``, or
-    ``["rocky-container", "cloud-init-datasources", "disable-selinux",
-    "enable-serial-console", "vm"]`` when overcloud_dib_os_element is ``rocky``
-    or ``["ubuntu", "cloud-init-datasources", "enable-serial-console", "vm"]``
-    when ``overcloud_dib_os_element`` is ``ubuntu``. The ``vm`` element is
-    poorly named, and causes DIB to build a whole disk image rather than a
-    single partition.
+    List of default DIB elements. Default is ``["{{ overcloud_dib_os_element
+    }}", "cloud-init-datasources", "enable-serial-console", "vm"]``. The ``vm``
+    element is poorly named, and causes DIB to build a whole disk image rather
+    than a single partition.
 ``overcloud_dib_elements_extra``
     List of additional DIB elements. Default is none.
 ``overcloud_dib_elements``

etc/kayobe/bifrost.yml

@@ -28,9 +28,7 @@
 # DIB image OS release. Default is {{ os_release }}.
 #kolla_bifrost_dib_os_release:
 
-# List of default DIB elements. Default is ["disable-selinux",
-# "enable-serial-console", "vm"] when os_distribution is "centos", or
-# ["enable-serial-console", "vm"] otherwise.
+# List of default DIB elements. Default is ["enable-serial-console", "vm"].
 #kolla_bifrost_dib_elements_default:
 
 # List of additional DIB elements. Default is none.

etc/kayobe/overcloud-dib.yml

@@ -28,13 +28,8 @@
 # DIB image OS release. Default is {{ os_release }}.
 #overcloud_dib_os_release:
 
-# List of default DIB elements. Default is ["centos", "cloud-init-datasources",
-# "disable-selinux", "enable-serial-console", "vm"] when
-# overcloud_dib_os_element is "centos", or ["rocky-container",
-# "cloud-init-datasources", "disable-selinux", "enable-serial-console", "vm"]
-# when overcloud_dib_os_element is "rocky" or
-# ["ubuntu", "cloud-init-datasources", "enable-serial-console", "vm"]
-# when overcloud_dib_os_element is "ubuntu".
+# List of default DIB elements. Default is ["{{ overcloud_dib_os_element }}",
+# "cloud-init-datasources", "enable-serial-console", "vm"].
 #overcloud_dib_elements_default:
 
 # List of additional DIB elements. Default is none.

releasenotes/notes/dib-remove-disable-selinux-11c4fb8823c005fa.yaml

@@ -0,0 +1,7 @@
+---
+upgrade:
+  - |
+    Removes the ``disable-selinux`` element from the default lists of DIB
+    elements. This makes host images more compatible with the default SELinux
+    configuration applied by Kayobe, which is ``permissive`` since the Zed
+    release.