Remove /var/lib/config-data context task

The task should not be needed since we set the context in
openstack-selinux:

https://github.com/redhat-openstack/openstack-selinux/blob/master/local_settings.sh.in#L89
fcontext -N -$1 -t container_file_t \"$LOCALSTATEDIR/lib/config-data(/.*)?\"

This task is very expensive at scale and we should avoid these king of
things.

svirt_sandbox_file_t is an alias to container_file_t, so let's use
container_file_t directly to be consistent and not creating confusion.

This patch shouldn't be backported to Train because in Train we'll have
this task not removed but moved to run only under FFU context.

Change-Id: I973a49aec1a263e2a1ec3e5199803c86d6f77b35
Closes-Bug: #1887721

common/deploy-steps-playbooks-common.yaml

@@ -43,30 +43,6 @@
   tags:
     - always
 
-- hosts: "{{ deploy_target_host }}"
-  strategy: tripleo_linear
-  name: Ensure /var/lib/config-data context
-  become: true
-  gather_facts: false
-  any_errors_fatal: false
-  ignore_unreachable: true
-  tasks:
-    - name: Ensure /var/lib/config-data context
-      shell: |-
-        set -o pipefail
-        if [[ -e /var/lib/config-data ]]; then
-          chcon -R -t svirt_sandbox_file_t /var/lib/config-data
-        exit 2
-        fi
-      args:
-        executable: /bin/bash
-        warn: no
-      register: _selinux_config_data
-      changed_when: _selinux_config_data.rc == 2
-      failed_when: _selinux_config_data.rc not in [0,2]
-  tags:
-    - always
-
 - hosts: "{{ deploy_target_host }}"
   name: Render all_nodes data as group_vars for overcloud
   gather_facts: "{{ gather_facts | default(false) }}"

common/generate-config-tasks.yaml

@@ -8,7 +8,7 @@
         path: "/var/lib/tripleo-config/container-puppet-config"
         mode: 0700
         recurse: true
-        setype: svirt_sandbox_file_t
+        setype: container_file_t
 
     - name: "Generate container puppet configs for step {{ step }}"
       container_puppet_config: