Don't disable SELinux if it is not installed

Kayobe has a role to disable SELinux. Some systems do not have SELinux installed (this can be reproduced by removing the selinux-policy package and removing /etc/selinux/config). This causes the selinux Ansible module to fail, since it can't write to /etc/selinux/config: Please install SELinux-policy package, if this package is not installed previously. This change fixes the issue by only disabling SELinux if the config file exists. Change-Id: I25c7282c1e8dcdee3e7feddef9d66ca5beeb1bce Story: 2007704 Task: 39820
2020-05-21 12:28:05 +01:00 · 2020-05-21 12:28:05 +01:00 · 09754df82f
parent f2c2114370
commit 09754df82f
2 changed files with 12 additions and 0 deletions
--- a/ansible/roles/disable-selinux/tasks/main.yml
+++ b/ansible/roles/disable-selinux/tasks/main.yml
@ -5,11 +5,17 @@
    state: present
  become: True

+- name: Check if SELinux configuration file exists
+  stat:
+    path: /etc/selinux/config
+  register: stat_result
+
 - name: Ensure SELinux is disabled
  selinux:
    state: disabled
  register: selinux_result
  become: True
+  when: stat_result.stat.exists

 - block:
    - name: Set a fact to determine whether we are running locally
--- a/releasenotes/notes/fix-disable-selinux-not-installed-eff17c715efc1fdb.yaml
+++ b/releasenotes/notes/fix-disable-selinux-not-installed-eff17c715efc1fdb.yaml
@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Fixes an issue where disabling SELinux would fail on systems without
+    SELinux installed. See `story 2007704
+    <https://storyboard.openstack.org/#!/story/2007704>`__.