From 2af3d27b72583a49d51c628e0c36b5d64dcc10f1 Mon Sep 17 00:00:00 2001 From: Prajith Kesava Prasad Date: Sun, 12 Apr 2020 19:48:24 +0530 Subject: [PATCH 1/3] This change is a workaround for an upstream issue with template module ansible/ansible#56243 (comment) This change is a workround for the error invalid selinux context issue resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1821907 Signed-off-by: Prajith Kesava Prasad --- playbooks/ganesha-conf-create.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/playbooks/ganesha-conf-create.yml b/playbooks/ganesha-conf-create.yml index 7a800d61..5080593e 100644 --- a/playbooks/ganesha-conf-create.yml +++ b/playbooks/ganesha-conf-create.yml @@ -10,6 +10,9 @@ - name: Copy ganesha.conf to config directory on shared volume shell: cp -rf /etc/ganesha/* "{{ ha_base_dir }}" + - name: ensure file already exists at template dest to work around 'invalid selinux context' issue + file: path="{{ ha_base_dir }}/ganesha-ha.conf" state=touch + - name: Creating ganesha-ha.conf file template: src=ganesha-ha.conf dest="{{ ha_base_dir }}" From c42b83812aa5e8e679e65daebb6e93086083a843 Mon Sep 17 00:00:00 2001 From: Prajith Kesava Prasad Date: Sun, 12 Apr 2020 19:57:56 +0530 Subject: [PATCH 2/3] SElinux from RHEL8 does not overwrite existing labels with "fcontext a" , it throws "ValueError: File context for {{mount path}} already defined" So a pretask which deletes the label which corresponds to the existing mount points is added resolves:https://bugzilla.redhat.com/show_bug.cgi?id=1820728 Signed-off-by: Prajith Kesava Prasad --- playbooks/set-selinux-labels.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/playbooks/set-selinux-labels.yml b/playbooks/set-selinux-labels.yml index c2cbc4f8..ab760039 100644 --- a/playbooks/set-selinux-labels.yml +++ b/playbooks/set-selinux-labels.yml @@ -4,6 +4,12 @@ gather_facts: no tasks: + - name: Deleting existing SELinux label if any + shell: semanage fcontext -d {{ item.path }} + with_items: "{{ mntpath }}" + when: mntpath is defined + ignore_errors: yes + - name: Set SELinux labels on the bricks shell: semanage fcontext -a -t glusterd_brick_t {{ item.path }} with_items: "{{ mntpath }}" @@ -12,5 +18,4 @@ - name: Restore the SELinux context shell: restorecon -Rv {{ item.path }} with_items: "{{ mntpath }}" - when: mntpath is defined - + when: mntpath is defined \ No newline at end of file From 8e2258bed6a32b75ab10cbfd1a25f518109ba9e7 Mon Sep 17 00:00:00 2001 From: Prajith Kesava Prasad Date: Sun, 12 Apr 2020 19:57:56 +0530 Subject: [PATCH 3/3] SElinux from RHEL8 does not overwrite existing labels with "fcontext a" , it throws "ValueError: File context for {{mount path}} already defined" So a pretask which deletes the label which corresponds to the existing mount points is added resolves:https://bugzilla.redhat.com/show_bug.cgi?id=1820728 Signed-off-by: Prajith Kesava Prasad --- playbooks/set-selinux-labels.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/playbooks/set-selinux-labels.yml b/playbooks/set-selinux-labels.yml index c2cbc4f8..9d7b0fb0 100644 --- a/playbooks/set-selinux-labels.yml +++ b/playbooks/set-selinux-labels.yml @@ -4,6 +4,12 @@ gather_facts: no tasks: + - name: Deleting existing SELinux label if any + shell: semanage fcontext -d {{ item.path }} + with_items: "{{ mntpath }}" + when: mntpath is defined + ignore_errors: yes + - name: Set SELinux labels on the bricks shell: semanage fcontext -a -t glusterd_brick_t {{ item.path }} with_items: "{{ mntpath }}" @@ -13,4 +19,3 @@ shell: restorecon -Rv {{ item.path }} with_items: "{{ mntpath }}" when: mntpath is defined -