Skip to content
This repository has been archived by the owner on Jun 4, 2021. It is now read-only.

target uses selinux but python bindings (libselinux-python) aren't installed!"} #1444

Closed
ghost opened this issue Sep 6, 2018 · 5 comments
Closed

target uses selinux but python bindings (libselinux-python) aren't installed!"} #1444

ghost opened this issue Sep 6, 2018 · 5 comments
Labels
status/information-needed For items missing required information

Comments

@ghost
Copy link

ghost commented Sep 6, 2018

Fedora 28 host / digital ocean droplet running

deploy/streisand-new-cloud-server.sh --provider digitalocean --site-config global_vars/noninteractive/digitalocean-site.yml

I have updated my ssh and tokens in digitalocean-site.yml

PLAY [Collect diagnostics in case of error] ***********************************************************************************************************************************************************************************************************************************************************************************

TASK [diagnostics : Determine the git revision of the current Streisand clone] ************************************************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [diagnostics : Determine if there are untracked changes in the Streisand clone] ******************************************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [diagnostics : Produce the diagnostics markdown file to share if there is an error] **************************************************************************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "checksum": "8917d7d8f3fbbc09a01ae814eec3575cd2efa990", "msg": "Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!"}
to retry, use: --limit @/home/dingo/streisand/playbooks/digitalocean.retry

PLAY RECAP ********************************************************************************************************************************************************************************************************************************************************************************************************************
188.166.106.18 : ok=6 changed=1 unreachable=0 failed=0
localhost : ok=12 changed=1 unreachable=0 failed=1
@nopdotcom
Copy link
Member

It's working for me on macOS. If you haven't, could you try util/venv-dependencies.sh ./venv to get a fresh virtualenv?

@nopdotcom nopdotcom added the status/information-needed For items missing required information label Sep 8, 2018
@cpu
Copy link
Collaborator

cpu commented Oct 20, 2018

I'm going to close this issue since the request to try the venv hasn't produced any actionable information.

I'd guess this is an issue specific to deploying from Fedora. If someone with a Fedora machine is able to reproduce & produce a PR that will address the SELinux problem I would try to find cycles to review it.

Thanks!

@cpu cpu closed this as completed Oct 20, 2018
@aenertia
Copy link

aenertia commented Feb 28, 2019
edited

I am still getting this error on rawhide and a fresh checkout of streisand as of today.

python2 and python3 libsebindings are installed on the host and i've tried refreshing the venv. Attached log

streisand-log-fedora-rawhide-1-03-2019.txt

@aenertia
Copy link

I think I have found the root cause. Newer versions of fedora use the package python2-libselinux and the requirements in the selinux.py bindings only check for the old unversioned python-libselinux package:

Binary file ./venv/lib/python2.7/site-packages/ansible/modules/system/sefcontext.pyc matches
Binary file ./venv/lib/python2.7/site-packages/ansible/modules/system/seboolean.pyc matches
./venv/lib/python2.7/site-packages/ansible/modules/system/seport.py:- libselinux-python
./venv/lib/python2.7/site-packages/ansible/modules/system/seport.py: module.fail_json(msg="This module requires libselinux-python")
./venv/lib/python2.7/site-packages/ansible/modules/system/selinux.py:requirements: [ libselinux-python ]
./venv/lib/python2.7/site-packages/ansible/modules/system/selinux.py: module.fail_json(msg='libselinux-python required for this module')
./venv/lib/python2.7/site-packages/ansible/modules/system/sefcontext.py:- libselinux-python
./venv/lib/python2.7/site-packages/ansible/modules/system/sefcontext.py: module.fail_json(msg="This module requires libselinux-python")
./venv/lib/python2.7/site-packages/ansible/modules/system/seboolean.py:- libselinux-python
./venv/lib/python2.7/site-packages/ansible/modules/system/seboolean.py: module.fail_json(msg="This module requires libselinux-python support")
Binary file ./venv/lib/python2.7/site-packages/ansible/modules/commands/raw.pyc matches
./venv/lib/python2.7/site-packages/ansible/modules/commands/raw.py: raw: dnf install -y python2 python2-dnf libselinux-python
Binary file ./venv/lib/python2.7/site-packages/ansible/module_utils/basic.pyc matches
./venv/lib/python2.7/site-packages/ansible/module_utils/basic.py: self.fail_json(msg="Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!")
Binary file ./venv/lib64/python2.7/site-packages/ansible/modules/system/seport.pyc matches
Binary file ./venv/lib64/python2.7/site-packages/ansible/modules/system/selinux.pyc matches
Binary file ./venv/lib64/python2.7/site-packages/ansible/modules/system/sefcontext.pyc matches
Binary file ./venv/lib64/python2.7/site-packages/ansible/modules/system/seboolean.pyc matches
./venv/lib64/python2.7/site-packages/ansible/modules/system/seport.py:- libselinux-python
./venv/lib64/python2.7/site-packages/ansible/modules/system/seport.py: module.fail_json(msg="This module requires libselinux-python")
./venv/lib64/python2.7/site-packages/ansible/modules/system/selinux.py:requirements: [ libselinux-python ]
./venv/lib64/python2.7/site-packages/ansible/modules/system/selinux.py: module.fail_json(msg='libselinux-python required for this module')
./venv/lib64/python2.7/site-packages/ansible/modules/system/sefcontext.py:- libselinux-python
./venv/lib64/python2.7/site-packages/ansible/modules/system/sefcontext.py: module.fail_json(msg="This module requires libselinux-python")
./venv/lib64/python2.7/site-packages/ansible/modules/system/seboolean.py:- libselinux-python
./venv/lib64/python2.7/site-packages/ansible/modules/system/seboolean.py: module.fail_json(msg="This module requires libselinux-python support")
Binary file ./venv/lib64/python2.7/site-packages/ansible/modules/commands/raw.pyc matches
./venv/lib64/python2.7/site-packages/ansible/modules/commands/raw.py: raw: dnf install -y python2 python2-dnf libselinux-python
Binary file ./venv/lib64/python2.7/site-packages/ansible/module_utils/basic.pyc matches
./venv/lib64/python2.7/site-packages/ansible/module_utils/basic.py: self.fail_json(msg="Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!")
(venv) [maui@maui streisand]$ vim ./venv/lib/python2.7/site-packages/ansible/modules/system/selinux.py^C
(venv) [maui@maui streisand]$ dnf search libselinux
RPM Fusion for Fedora 30 - Free tainted 47 kB/s | 71 kB 00:01
Failed to synchronize cache for repo 'rpmfusion-free-tainted'
RPM Fusion for Fedora 30 - Nonfree tainted 47 kB/s | 71 kB 00:01
Failed to synchronize cache for repo 'rpmfusion-nonfree-tainted'
Ignoring repositories: rpmfusion-free-tainted, rpmfusion-nonfree-tainted
Last metadata expiration check: 0:25:26 ago on Fri 01 Mar 2019 09:32:56 NZDT.
============================================================================================ Name Exactly Matched: libselinux =============================================================================================
libselinux.x86_64 : SELinux library and simple utilities
libselinux.i686 : SELinux library and simple utilities
libselinux.x86_64 : SELinux library and simple utilities
=========================================================================================== Summary & Name Matched: libselinux ============================================================================================
libselinux-utils.x86_64 : SELinux libselinux utilies
libselinux-utils.x86_64 : SELinux libselinux utilies
libselinux-ruby.x86_64 : SELinux ruby bindings for libselinux
python2-libselinux.x86_64 : SELinux python bindings for libselinux
python2-libselinux.x86_64 : SELinux python bindings for libselinux
python3-libselinux.x86_64 : SELinux python 3 bindings for libselinux
python3-libselinux.x86_64 : SELinux python 3 bindings for libselinux
================================================================================================ Name Matched: libselinux =================================================================================================
libselinux-devel.x86_64 : Header files and libraries used to build SELinux
libselinux-devel.i686 : Header files and libraries used to build SELinux
libselinux-devel.x86_64 : Header files and libraries used to build SELinux
libselinux-static.x86_64 : Static libraries used to build SELinux
libselinux-static.i686 : Static libraries used to build SELinux
libselinux-static.x86_64 : Static libraries used to build SELinux

@aenertia
Copy link

Hrm this needs a 'use system packages' approach I think to solving given that the libselinux bindings are installed variously on different platforms and don't get added to the venv

related bug : ansible/ansible#34340

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
status/information-needed For items missing required information
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@aenertia @cpu @nopdotcom