From f0294fb5b6df517ffa9b8c3edcd6664343c616da Mon Sep 17 00:00:00 2001
From: Victor Morales <chipahuac@hotmail.com>
Date: Sat, 2 Jan 2021 11:55:12 -0800
Subject: [PATCH] Fix remove libvirt apparmor disabled profile

The bootstrap process tries to removes existing apparmor profiles but
doesn't consider the case where those are disabled. This change fixes
the scenario where the libvirt profile exists but is disabled.

Closes-Bug: 1909874
Change-Id: Ied0f2acc420bd5cf1e092c8aee358cba35bd8d5d
(cherry picked from commit 891ec51dd417af894f7dde0dfa68b2333f497dcf)
---
 ansible/roles/baremetal/tasks/post-install.yml             | 7 +++++++
 ...libvirt-apparmor-disabled-profile-2cab584eec729b71.yaml | 6 ++++++
 2 files changed, 13 insertions(+)
 create mode 100644 releasenotes/notes/fix-remove-libvirt-apparmor-disabled-profile-2cab584eec729b71.yaml

diff --git a/ansible/roles/baremetal/tasks/post-install.yml b/ansible/roles/baremetal/tasks/post-install.yml
index a454bbd6a0..48813dd788 100644
--- a/ansible/roles/baremetal/tasks/post-install.yml
+++ b/ansible/roles/baremetal/tasks/post-install.yml
@@ -185,6 +185,12 @@
   register: apparmor_libvirtd_profile
   when: ansible_facts.distribution == "Ubuntu"
 
+- name: Get stat of libvirtd apparmor disable profile
+  stat:
+    path: /etc/apparmor.d/disable/usr.sbin.libvirtd
+  register: apparmor_libvirtd_disable_profile
+  when: ansible_facts.distribution == "Ubuntu"
+
 - name: Remove apparmor profile for libvirt
   shell: |
     apparmor_parser -v -R /etc/apparmor.d/usr.sbin.libvirtd && \
@@ -195,6 +201,7 @@
   when:
     - ansible_facts.distribution == "Ubuntu"
     - apparmor_libvirtd_profile.stat.exists
+    - not apparmor_libvirtd_disable_profile.stat.exists
 
 - name: Get stat of chronyd apparmor profile
   stat:
diff --git a/releasenotes/notes/fix-remove-libvirt-apparmor-disabled-profile-2cab584eec729b71.yaml b/releasenotes/notes/fix-remove-libvirt-apparmor-disabled-profile-2cab584eec729b71.yaml
new file mode 100644
index 0000000000..0f2f517886
--- /dev/null
+++ b/releasenotes/notes/fix-remove-libvirt-apparmor-disabled-profile-2cab584eec729b71.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Fixes an issue where the Libvirt AppArmor profile is disable and the
+    bootstrap-servers process tries to remove it. See `bug 1909874
+    <https://bugs.launchpad.net/kolla-ansible/+bug/1909874>`__ for details.