Remove chrony package if containerized chrony is enabled

This patch is removing chrony package from docker host when containerized chrony is enabled. It is also fixing issue with chrony container running under Ubuntu docker host as noted below. + exec /usr/sbin/chronyd -d -f /etc/chrony/chrony.conf 2020-06-08T08:19:09Z chronyd version 3.4 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +SECHASH +IPV6 -DEBUG) 2020-06-08T08:19:09Z Fatal error : Could not open configuration file /etc/chrony/chrony.conf : Permission denied Added also removal apparmor profile for ubuntu when containerized chrony is enabled, as chrony's package is not removing apparmor profile, and therefore containerized chrony is not working. Change-Id: Icf3bbae38b9f5630b69d5c8cf6a8bee11786a836 Closes-Bug: #1882513
2020-06-08 11:12:19 +02:00 · 2020-06-08 11:12:19 +02:00 · 3d747b7200
commit 3d747b7200
parent 03b6aaf3a7
3 changed files with 24 additions and 0 deletions
--- a/ansible/roles/baremetal/defaults/main.yml
+++ b/ansible/roles/baremetal/defaults/main.yml
@ -60,11 +60,13 @@ ubuntu_pkg_removals:
 - lxc
 - libvirt-bin
 - open-iscsi
+ - "{% if enable_chrony | bool %}chrony{% endif %}"

 redhat_pkg_removals:
 - libvirt
 - libvirt-daemon
 - iscsi-initiator-utils
+ - "{% if enable_chrony | bool %}chrony{% endif %}"

 # Path to a virtualenv in which to install python packages. If None, a
 # virtualenv will not be used.
--- a/ansible/roles/baremetal/tasks/post-install.yml
+++ b/ansible/roles/baremetal/tasks/post-install.yml
@ -146,6 +146,22 @@
    - ansible_distribution == "Ubuntu"
    - apparmor_libvirtd_profile.stat.exists

+- name: Get stat of chronyd apparmor profile
+  stat:
+    path: /etc/apparmor.d/usr.sbin.chronyd
+  register: apparmor_chronyd_profile
+  when:
+    - ansible_os_family == "Debian"
+    - enable_chrony | bool
+
+- name: Remove apparmor profile for chrony
+  command: apparmor_parser -R /etc/apparmor.d/usr.sbin.chronyd
+  become: True
+  when:
+    - ansible_os_family == "Debian"
+    - enable_chrony | bool
+    - apparmor_chronyd_profile.stat.exists
+
 - name: Create docker group
  group:
    name: docker
--- a/releasenotes/notes/bug-1882513-chrony-permission-denied-917b3bffc5cdb38d.yaml
+++ b/releasenotes/notes/bug-1882513-chrony-permission-denied-917b3bffc5cdb38d.yaml
@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Removing chrony package and AppArmor profile from docker host if
+    containerized chrony is enabled.
+    `LP#1882513 <https://bugs.launchpad.net/kolla-ansible/+bug/1882513>`__