efd03ccda7
This reverts commit 5085d45d7b.
Installing packages in the background doesn't seem so stable since
sometimes we observe problems like the following one:
==> centos7: TASK [lxc_hosts : Ensure SELinux distro packages have finished installing] *****
==> centos7: FAILED - RETRYING: Ensure SELinux distro packages have finished installing (30 retries left).
==> centos7: FAILED - RETRYING: Ensure SELinux distro packages have finished installing (29 retries left).
==> centos7: FAILED - RETRYING: Ensure SELinux distro packages have finished installing (28 retries left).
==> centos7: FAILED - RETRYING: Ensure SELinux distro packages have finished installing (27 retries left).
==> centos7: FAILED - RETRYING: Ensure SELinux distro packages have finished installing (26 retries left).
==> centos7: FAILED - RETRYING: Ensure SELinux distro packages have finished installing (25 retries left).
...
==> centos7: fatal: [localhost]: FAILED! => {"ansible_job_id": "350629830198.20986", "attempts": 30, "changed": false, "finished": 0, "started": 1}
==> centos7: to retry, use: --limit @/vagrant/tests/test.retry
As such, lets revert the change and install them in the normal way.
Change-Id: I6e6a890f2fa98e9874597b69e4caf2dfd78182f4
65 lines
2.1 KiB
YAML
65 lines
2.1 KiB
YAML
---
|
|
# Copyright 2017, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Create directory for compiling SELinux policy
|
|
file:
|
|
path: "/tmp/lxc-attach-selinux/"
|
|
state: 'directory'
|
|
mode: '0755'
|
|
|
|
- name: Deploy SELinux type enforcement file
|
|
copy:
|
|
src: "lxc-attach.te"
|
|
dest: "/tmp/lxc-attach-selinux/lxc-attach.te"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0755"
|
|
|
|
- name: Compile and load SELinux module
|
|
shell: 'make -f /usr/share/selinux/devel/Makefile && semodule -i /tmp/lxc-attach-selinux/lxc-attach.pp'
|
|
args:
|
|
creates: '/etc/selinux/targeted/active/modules/400/lxc-attach/cil'
|
|
chdir: "/tmp/lxc-attach-selinux/"
|
|
register: compile_selinux_async
|
|
async: 90
|
|
poll: 0
|
|
|
|
- name: Check if /openstack/log exists
|
|
stat:
|
|
path: /openstack/log
|
|
register: openstack_log_dir
|
|
|
|
- name: Check for SELinux equivalence for /openstack/log
|
|
shell: "semanage fcontext -l /openstack/log | grep ^/openstack/log || true"
|
|
register: fcontext_check
|
|
tags:
|
|
- skip_ansible_lint
|
|
|
|
- name: Create SELinux fcontext equivalence for OpenStack container logs
|
|
command: semanage fcontext --add --equal /var/log /openstack/log
|
|
failed_when: selinux_equivalence.rc not in [0,1]
|
|
changed_when: selinux_equivalence.rc == 0
|
|
register: selinux_equivalence
|
|
when:
|
|
- openstack_log_dir.stat.exists
|
|
- '"/openstack/log" not in fcontext_check.stdout'
|
|
|
|
- name: Apply updated SELinux contexts on /openstack/log
|
|
command: restorecon -R /openstack/log
|
|
when:
|
|
- openstack_log_dir.stat.exists
|
|
- '"/openstack/log" not in fcontext_check.stdout'
|
|
- selinux_equivalence | changed
|