Fix remove libvirt apparmor disabled profile

The bootstrap process tries to removes existing apparmor profiles but
doesn't consider the case where those are disabled. This change fixes
the scenario where the libvirt profile exists but is disabled.

Closes-Bug: 1909874
Change-Id: Ied0f2acc420bd5cf1e092c8aee358cba35bd8d5d
(cherry picked from commit 891ec51dd4)

ansible/roles/baremetal/tasks/post-install.yml

@@ -185,6 +185,12 @@
   register: apparmor_libvirtd_profile
   when: ansible_facts.distribution == "Ubuntu"
 
+- name: Get stat of libvirtd apparmor disable profile
+  stat:
+    path: /etc/apparmor.d/disable/usr.sbin.libvirtd
+  register: apparmor_libvirtd_disable_profile
+  when: ansible_facts.distribution == "Ubuntu"
+
 - name: Remove apparmor profile for libvirt
   shell: |
     apparmor_parser -v -R /etc/apparmor.d/usr.sbin.libvirtd && \
@@ -195,6 +201,7 @@
   when:
     - ansible_facts.distribution == "Ubuntu"
     - apparmor_libvirtd_profile.stat.exists
+    - not apparmor_libvirtd_disable_profile.stat.exists
 
 - name: Get stat of chronyd apparmor profile
   stat:

releasenotes/notes/fix-remove-libvirt-apparmor-disabled-profile-2cab584eec729b71.yaml

@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Fixes an issue where the Libvirt AppArmor profile is disable and the
+    bootstrap-servers process tries to remove it. See `bug 1909874
+    <https://bugs.launchpad.net/kolla-ansible/+bug/1909874>`__ for details.