Selinux module fails if selinux is not installed

[alop]

ISSUE TYPE

• Bug Report

COMPONENT NAME

selinux module

ANSIBLE VERSION

ansible 2.2.1.0
  config file = 
  configured module search path = Default w/o overrides

CONFIGURATION

OS / ENVIRONMENT

SUMMARY

If a task wants to set selinux to permissive, but selinux is not installed (RPMS have been erased, /etc/selinux/config doesn't exist) the module fails because it cannot find the config file. This particular case should be OK, as setting it to permissive is effectively disabling it, and it's already disabled.

STEPS TO REPRODUCE

deploy a CentOS/RHEL vm, delete the selinux rpms, rm -rf /etc/selinux
Then attempt to disable to set selinux to permissive

- selinux:
    state: permissive

# Disable SELinux
- selinux:
    state: disabled

EXPECTED RESULTS

Since selinux is not installed, it should be a noop

ACTUAL RESULTS

```
IOError: [Errno 2] No such file or directory: '/etc/selinux/config'\n",
"module_stdout": "", "msg": "MODULE FAILURE"}
```

[ansibot]

cc @goozbach
click here for bot help

[yabhinav]

+1

faced similar issue when selinux is not installed on centOS6

- name: Ensure Selinux Disabled
  selinux: state=disabled 
  when: ansible_os_family == 'RedHat'
  become: True

TASK [role_under_test : Ensure Selinux Disabled] *******************************
task path: /etc/ansible/roles/role_under_test/tasks/main.yml:36
Using module file /root/.virtualenvs/ansible_2.2.0.0/lib/python2.6/site-packages/ansible/modules/core/system/selinux.py
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: root
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1488086499.63-182067330321355 `" && echo ansible-tmp-1488086499.63-182067330321355="` echo $HOME/.ansible/tmp/ansible-tmp-1488086499.63-182067330321355 `" ) && sleep 0'
<localhost> PUT /tmp/tmppzlwwe TO /root/.ansible/tmp/ansible-tmp-1488086499.63-182067330321355/selinux.py
<localhost> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1488086499.63-182067330321355/ /root/.ansible/tmp/ansible-tmp-1488086499.63-182067330321355/selinux.py && sleep 0'
<localhost> EXEC /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-tmp-1488086499.63-182067330321355/selinux.py; rm -rf "/root/.ansible/tmp/ansible-tmp-1488086499.63-182067330321355/" > /dev/null 2>&1 && sleep 0'
An exception occurred during task execution. The full traceback is:
Traceback (most recent call last):
  File "/tmp/ansible_Ik_yPG/ansible_module_selinux.py", line 211, in <module>
    main()
  File "/tmp/ansible_Ik_yPG/ansible_module_selinux.py", line 151, in main
    config_policy         = get_config_policy(configfile)
  File "/tmp/ansible_Ik_yPG/ansible_module_selinux.py", line 78, in get_config_policy
    myfile = open(configfile, "r")
IOError: [Errno 2] No such file or directory: '/etc/selinux/config'
fatal: [localhost]: FAILED! => {
    "changed": false, 
    "failed": true, 
    "invocation": {
        "module_name": "selinux"
    }, 
    "module_stderr": "Traceback (most recent call last):\n  File \"/tmp/ansible_Ik_yPG/ansible_module_selinux.py\", line 211, in <module>\n    main()\n  File \"/tmp/ansible_Ik_yPG/ansible_module_selinux.py\", line 151, in main\n    config_policy         = get_config_policy(configfile)\n  File \"/tmp/ansible_Ik_yPG/ansible_module_selinux.py\", line 78, in get_config_policy\n    myfile = open(configfile, \"r\")\nIOError: [Errno 2] No such file or directory: '/etc/selinux/config'\n", 
    "module_stdout": "", 
    "msg": "MODULE FAILURE"
}

[Akasurde]

resolved_by_pr #24437

[boxrick]

This is still very much a problem if SELINUX is missing Ansible 2.6.4

fatal: [centos6]: FAILED! => {"changed": false, "details": "Please install SELinux-policy package, if this package is not installed previously.", "msg": "Unable to find file /etc/selinux/config"

[Akasurde]

@boxrick Could you please open a new issue with your playbook and environment details ? In that way it will be easy to track your issue rather than posting here. Thanks.