Allow deployments to run when selinux is disabled

This change will allow the generated playbooks to run when selinux is
disabled. Presently the seboolean module will fail when a systems has
selinux disabled. While selinux could be set permissive to avoid an
error, the disabled setting is a valid configuration and should be
respected.

> seboolean will now only run when selinux is enabled.

Change-Id: Ifd31adcf27902a8a77de9c68482306ec9da6d250
Signed-off-by: Kevin Carter <kecarter@redhat.com>
This commit is contained in:
Kevin Carter 2022-02-07 14:38:29 -06:00
parent 557a392c9a
commit 7e8d88afa5
No known key found for this signature in database
GPG Key ID: 5045BC941175BDF5
21 changed files with 64 additions and 1 deletions

View File

@ -803,6 +803,9 @@ outputs:
name: virt_sandbox_use_netlink name: virt_sandbox_use_netlink
persistent: true persistent: true
state: true state: true
when:
- ansible_facts.selinux is defined
- ansible_facts.selinux.status == "enabled"
scale_tasks: scale_tasks:
if: if:
- {get_param: BarbicanPkcs11CryptoLunasaEnabled} - {get_param: BarbicanPkcs11CryptoLunasaEnabled}

View File

@ -139,3 +139,6 @@ outputs:
name: virt_sandbox_use_netlink name: virt_sandbox_use_netlink
persistent: true persistent: true
state: true state: true
when:
- ansible_facts.selinux is defined
- ansible_facts.selinux.status == "enabled"

View File

@ -220,6 +220,9 @@ outputs:
name: virt_sandbox_use_netlink name: virt_sandbox_use_netlink
persistent: true persistent: true
state: true state: true
when:
- ansible_facts.selinux is defined
- ansible_facts.selinux.status == "enabled"
external_upgrade_tasks: external_upgrade_tasks:
- when: - when:
- step|int == 1 - step|int == 1

View File

@ -282,6 +282,9 @@ outputs:
name: virt_sandbox_use_netlink name: virt_sandbox_use_netlink
persistent: true persistent: true
state: true state: true
when:
- ansible_facts.selinux is defined
- ansible_facts.selinux.status == "enabled"
deploy_steps_tasks: deploy_steps_tasks:
- name: Clean up when switching cinder-backup from pcmk to active-active - name: Clean up when switching cinder-backup from pcmk to active-active
when: when:

View File

@ -163,6 +163,9 @@ outputs:
name: virt_sandbox_use_netlink name: virt_sandbox_use_netlink
persistent: true persistent: true
state: true state: true
when:
- ansible_facts.selinux is defined
- ansible_facts.selinux.status == "enabled"
external_upgrade_tasks: external_upgrade_tasks:
- when: - when:
- step|int == 1 - step|int == 1

View File

@ -925,6 +925,9 @@ outputs:
name: os_enable_vtpm name: os_enable_vtpm
persistent: true persistent: true
state: true state: true
when:
- ansible_facts.selinux is defined
- ansible_facts.selinux.status == "enabled"
metadata_settings: metadata_settings:
list_concat: list_concat:
- if: - if:

View File

@ -305,6 +305,9 @@ outputs:
name: virt_sandbox_use_netlink name: virt_sandbox_use_netlink
persistent: true persistent: true
state: true state: true
when:
- ansible_facts.selinux is defined
- ansible_facts.selinux.status == "enabled"
upgrade_tasks: [] upgrade_tasks: []
external_upgrade_tasks: external_upgrade_tasks:
- when: - when:

View File

@ -113,6 +113,9 @@ outputs:
name: logrotate_read_inside_containers name: logrotate_read_inside_containers
persistent: true persistent: true
state: true state: true
when:
- ansible_facts.selinux is defined
- ansible_facts.selinux.status == "enabled"
deploy_steps_tasks: deploy_steps_tasks:
- name: configure tmpwatch on the host - name: configure tmpwatch on the host
when: step|int == 2 when: step|int == 2

View File

@ -128,6 +128,9 @@ outputs:
name: virt_sandbox_use_netlink name: virt_sandbox_use_netlink
persistent: true persistent: true
state: true state: true
when:
- ansible_facts.selinux is defined
- ansible_facts.selinux.status == "enabled"
upgrade_tasks: [] upgrade_tasks: []
external_upgrade_tasks: external_upgrade_tasks:
- when: - when:

View File

@ -428,6 +428,9 @@ outputs:
name: virt_sandbox_use_netlink name: virt_sandbox_use_netlink
persistent: true persistent: true
state: true state: true
when:
- ansible_facts.selinux is defined
- ansible_facts.selinux.status == "enabled"
- name: set conditions - name: set conditions
set_fact: set_fact:
dnsmasq_wrapper_enabled: {get_param: NeutronEnableDnsmasqDockerWrapper} dnsmasq_wrapper_enabled: {get_param: NeutronEnableDnsmasqDockerWrapper}

View File

@ -355,6 +355,9 @@ outputs:
name: virt_sandbox_use_netlink name: virt_sandbox_use_netlink
persistent: true persistent: true
state: true state: true
when:
- ansible_facts.selinux is defined
- ansible_facts.selinux.status == "enabled"
- name: set conditions - name: set conditions
set_fact: set_fact:
keepalived_wrapper_enabled: {get_param: NeutronEnableKeepalivedWrapper} keepalived_wrapper_enabled: {get_param: NeutronEnableKeepalivedWrapper}

View File

@ -211,4 +211,7 @@ outputs:
name: virt_sandbox_use_netlink name: virt_sandbox_use_netlink
persistent: true persistent: true
state: true state: true
when:
- ansible_facts.selinux is defined
- ansible_facts.selinux.status == "enabled"
upgrade_tasks: [] upgrade_tasks: []

View File

@ -418,6 +418,9 @@ outputs:
name: virt_sandbox_use_netlink name: virt_sandbox_use_netlink
persistent: true persistent: true
state: true state: true
when:
- ansible_facts.selinux is defined
- ansible_facts.selinux.status == "enabled"
update_tasks: update_tasks:
# puppetlabs-firewall manages security rules via Puppet but make the rules # puppetlabs-firewall manages security rules via Puppet but make the rules
# consistent by default. Since Neutron also creates some rules, we don't # consistent by default. Since Neutron also creates some rules, we don't

View File

@ -202,6 +202,9 @@ outputs:
name: virt_sandbox_use_netlink name: virt_sandbox_use_netlink
persistent: true persistent: true
state: true state: true
when:
- ansible_facts.selinux is defined
- ansible_facts.selinux.status == "enabled"
- if: - if:
- derive_pci_whitelist_enabled - derive_pci_whitelist_enabled
- - name: "creating directory" - - name: "creating directory"

View File

@ -1525,6 +1525,9 @@ outputs:
name: virt_sandbox_use_netlink name: virt_sandbox_use_netlink
persistent: true persistent: true
state: true state: true
when:
- ansible_facts.selinux is defined
- ansible_facts.selinux.status == "enabled"
- name: install Instance HA recovery script - name: install Instance HA recovery script
when: instance_ha_enabled|bool when: instance_ha_enabled|bool
block: block:

View File

@ -242,6 +242,9 @@ outputs:
name: virt_sandbox_use_netlink name: virt_sandbox_use_netlink
persistent: true persistent: true
state: true state: true
when:
- ansible_facts.selinux is defined
- ansible_facts.selinux.status == "enabled"
external_upgrade_tasks: external_upgrade_tasks:
- when: step|int == 1 - when: step|int == 1
block: &nova_online_db_migration block: &nova_online_db_migration

View File

@ -230,6 +230,9 @@ outputs:
name: virt_sandbox_use_netlink name: virt_sandbox_use_netlink
persistent: true persistent: true
state: true state: true
when:
- ansible_facts.selinux is defined
- ansible_facts.selinux.status == "enabled"
external_post_deploy_tasks: {get_attr: [NovaComputeCommon, nova_compute_common_deploy_steps_tasks]} external_post_deploy_tasks: {get_attr: [NovaComputeCommon, nova_compute_common_deploy_steps_tasks]}
external_upgrade_tasks: external_upgrade_tasks:
- when: - when:

View File

@ -963,6 +963,9 @@ outputs:
name: os_enable_vtpm name: os_enable_vtpm
persistent: true persistent: true
state: true state: true
when:
- ansible_facts.selinux is defined
- ansible_facts.selinux.status == "enabled"
metadata_settings: metadata_settings:
list_concat: list_concat:
- if: - if:

View File

@ -323,6 +323,9 @@ outputs:
name: virt_sandbox_use_netlink name: virt_sandbox_use_netlink
persistent: true persistent: true
state: true state: true
when:
- ansible_facts.selinux is defined
- ansible_facts.selinux.status == "enabled"
external_upgrade_tasks: external_upgrade_tasks:
- when: - when:
- step|int == 1 - step|int == 1

View File

@ -179,6 +179,9 @@ outputs:
name: virt_sandbox_use_netlink name: virt_sandbox_use_netlink
persistent: true persistent: true
state: true state: true
when:
- ansible_facts.selinux is defined
- ansible_facts.selinux.status == "enabled"
update_tasks: {get_attr: [OctaviaBase, role_data, update_tasks]} update_tasks: {get_attr: [OctaviaBase, role_data, update_tasks]}
upgrade_tasks: {get_attr: [OctaviaBase, role_data, upgrade_tasks]} upgrade_tasks: {get_attr: [OctaviaBase, role_data, upgrade_tasks]}
external_upgrade_tasks: external_upgrade_tasks:

View File

@ -420,6 +420,9 @@ outputs:
name: virt_sandbox_use_netlink name: virt_sandbox_use_netlink
persistent: true persistent: true
state: true state: true
when:
- ansible_facts.selinux is defined
- ansible_facts.selinux.status == "enabled"
- name: Copy in cleanup script - name: Copy in cleanup script
copy: copy:
content: {get_file: ../neutron/neutron-cleanup} content: {get_file: ../neutron/neutron-cleanup}