From 891ec51dd417af894f7dde0dfa68b2333f497dcf Mon Sep 17 00:00:00 2001 From: Victor Morales Date: Sat, 2 Jan 2021 11:55:12 -0800 Subject: [PATCH] Fix remove libvirt apparmor disabled profile The bootstrap process tries to removes existing apparmor profiles but doesn't consider the case where those are disabled. This change fixes the scenario where the libvirt profile exists but is disabled. Closes-Bug: 1909874 Change-Id: Ied0f2acc420bd5cf1e092c8aee358cba35bd8d5d --- ansible/roles/baremetal/tasks/post-install.yml | 7 +++++++ ...libvirt-apparmor-disabled-profile-2cab584eec729b71.yaml | 6 ++++++ 2 files changed, 13 insertions(+) create mode 100644 releasenotes/notes/fix-remove-libvirt-apparmor-disabled-profile-2cab584eec729b71.yaml diff --git a/ansible/roles/baremetal/tasks/post-install.yml b/ansible/roles/baremetal/tasks/post-install.yml index 5fdc471b0e..0f1b468974 100644 --- a/ansible/roles/baremetal/tasks/post-install.yml +++ b/ansible/roles/baremetal/tasks/post-install.yml @@ -152,12 +152,19 @@ register: apparmor_libvirtd_profile when: ansible_distribution == "Ubuntu" +- name: Get stat of libvirtd apparmor disable profile + stat: + path: /etc/apparmor.d/disable/usr.sbin.libvirtd + register: apparmor_libvirtd_disable_profile + when: ansible_distribution == "Ubuntu" + - name: Remove apparmor profile for libvirt command: apparmor_parser -R /etc/apparmor.d/usr.sbin.libvirtd become: True when: - ansible_distribution == "Ubuntu" - apparmor_libvirtd_profile.stat.exists + - not apparmor_libvirtd_disable_profile.stat.exists - name: Get stat of chronyd apparmor profile stat: diff --git a/releasenotes/notes/fix-remove-libvirt-apparmor-disabled-profile-2cab584eec729b71.yaml b/releasenotes/notes/fix-remove-libvirt-apparmor-disabled-profile-2cab584eec729b71.yaml new file mode 100644 index 0000000000..0f2f517886 --- /dev/null +++ b/releasenotes/notes/fix-remove-libvirt-apparmor-disabled-profile-2cab584eec729b71.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Fixes an issue where the Libvirt AppArmor profile is disable and the + bootstrap-servers process tries to remove it. See `bug 1909874 + `__ for details.