-
Bug
-
Resolution: Won't Do
-
Undefined
-
None
-
rhel-8.9.0, rhel-9.7
-
No
-
Low
-
rhel-system-roles
-
0
-
False
-
False
-
-
None
-
None
-
None
-
None
-
Unspecified
-
Unspecified
-
Unspecified
-
None
What were you trying to do that didn't work?
Customer is trying to use the role, and it is failing/trying to enable the Booleans even if the SELinux is disabled.
What is the impact of this issue to you?
Customer is not able to use the rhel-system-roles
Please provide the package NVR for which the bug is seen:
rhel-system-roles-1.23.0-4.el8_10.noarch
How reproducible is this bug?:
I am able to reproduce the issue, running the role with a playbook that enables boolean at a host that SELinux is set to `disabled`.
Steps to reproduce
- Create a playbook as the Playbook example.
- Run it against a host with SELinux disabled.
Expected results
The task should be ignored.
Actual results
It is failing at the Set SELinux booleans to get the list of boolean names, but the selinux is disabled, this task should be ignored.
TASK [rhel-system-roles.selinux : Set SELinux booleans] *********************************************************************
failed: [localhost] (item={'name': 'samba_enable_home_dirs', 'state': True}) => {"__selinux_item": {"name": "samba_enable_home_dirs", "state": true}, "ansible_loop_var": "__selinux_item", "changed": false, "msg": "Failed to get list of boolean names"}
failed: [localhost] (item={'name': 'ssh_sysadm_login', 'state': True, 'persistent': True}) => {"__selinux_item": {"name": "ssh_sysadm_login", "persistent": true, "state": true}, "ansible_loop_var": "__selinux_item", "changed": false, "msg": "Failed to get list of boolean names"}
TASK [Fail if failed for a different reason than selinux_reboot_required] ***************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "role failed"}
PLAY RECAP ******************************************************************************************************************
localhost : ok=12 changed=1 unreachable=0 failed=1 skipped=10 rescued=1 ignored=0
Playbook
--- - name: Manage SELinux policy example hosts: all vars: selinux_policy: targeted selinux_state: disabled selinux_booleans: # session only - name: samba_enable_home_dirs state: true - name: ssh_sysadm_login state: true persistent: true selinux_fcontexts: - target: '/tmp/test_dir(/.*)?' setype: user_home_dir_t ftype: d state: present selinux_restore_dirs: - /tmp/test_dir selinux_ports: - ports: 22100 proto: tcp setype: ssh_port_t state: present tasks: - name: Creates directory file: path: /tmp/test_dir state: directory mode: "0755" - name: Execute the role and reboot in a rescue block block: - name: Include selinux role include_role: name: rhel-system-roles.selinux rescue: - name: >- Fail if failed for a different reason than selinux_reboot_required fail: msg: "role failed" when: not selinux_reboot_required - name: Restart managed host reboot: - name: Reapply the role include_role: name: rhel-system-roles.selinux
