-
Story
-
Resolution: Unresolved
-
Normal
-
None
-
rhel-9.0.0
-
rhel-sst-container-tools
-
3
-
False
-
-
None
-
None
-
None
-
None
-
If docs needed, set a value
-
-
Unspecified
-
None
Hello there,
Description of problem:
Depending on the system update state, it may happen SELinux related packages don't install properly. While we can see the issue in the shell, nothing shows the failure when we run some automation tool like Ansible to install a bunch of packages. Even "rpm" nor "dnf" exit with a correct exit status, making it hard to detect
This recently lead to an issue within TripleO CI[1], and may also hit OSP and other products in the future. Usually, this kind of issue is hard to debug, because it explodes at some other steps, and we have to track the issue using SELinux "cil" files and so on. We're usually losing multiple days in the search, and we may end with a wrong culprit before actually hitting true.
Adding support for `rpm --verify' would allow Operators to actually test the package installation afterward, and know if the install is successful or not. In automated environment, they can add a step that will show precisely the issue if the package isn't properly deployed, making things far easier to debug.
For instance, this was recently added to the openstack-selinux[2] package, and we're now able to validate its state before going forward in the deployment steps of OSP[3]. This is a huge improvement, especially when libselinux version is bumped and we're still using an older image...
I'm more than OK to help on that feature addition, but I'll need to know where to push the content (probably a script, and the related edition in the RPM spec file). Apparently, it's not in the github.com/containers/container-selinux repository, and I didn't find mention of the right location - probably first on Fedora (pagure?), then CentOS (), then RHEL () ?
Thank you for your attention - and, of course, feel free to point the right location so that I can help you adding the content!
Cheers,
C.
[1] https://bugs.launchpad.net/tripleo/+bug/1982744
[2] https://github.com/redhat-openstack/openstack-selinux/pull/93 and https://review.rdoproject.org/r/c/openstack/openstack-selinux-distgit/+/43578
[3] https://github.com/openstack/tripleo-ansible/blob/master/tripleo_ansible/roles/tripleo_bootstrap/tasks/packages.yml#L63-L68
- external trackers
