Home Explore Help
Register Sign In
shixiong
/
okd
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Check for existence of sebooleans prior to setting.

Andrew Butcher 8 years ago
parent
166db870ed
commit
ce976181d9
2 changed files with 38 additions and 8 deletions
Split View Show Diff Stats
  1. 23 7
      roles/openshift_node/tasks/storage_plugins/glusterfs.yml
  2. 15 1
      roles/openshift_node/tasks/storage_plugins/nfs.yml

+ 23 - 7
roles/openshift_node/tasks/storage_plugins/glusterfs.yml
View File 

@@ -3,14 +3,30 @@
 
   action: "{{ ansible_pkg_mgr }} name=glusterfs-fuse state=present"
 
   when: not openshift.common.is_atomic | bool
 
 
-- name: Set sebooleans to allow gluster storage plugin access from containers
 
+- name: Check for existence of virt_use_fusefs seboolean
 
+  command: getsebool virt_use_fusefs
 
+  register: virt_use_fusefs_output
 
+  when: ansible_selinux and ansible_selinux.status == "enabled"
 
+  failed_when: false
 
+  changed_when: false
 
+
 
+- name: Set seboolean to allow gluster storage plugin access from containers
 
   seboolean:
 
-    name: "{{ item }}"
 
+    name: virt_use_fusefs
 
     state: yes
 
     persistent: yes
 
+  when: ansible_selinux and ansible_selinux.status == "enabled" and virt_use_fusefs_output.rc == 0
 
+
 
+- name: Check for existence of virt_sandbox_use_fusefs seboolean
 
+  command: getsebool virt_sandbox_use_fusefs
 
+  register: virt_sandbox_use_fusefs_output
 
   when: ansible_selinux and ansible_selinux.status == "enabled"
 
-  with_items:
 
-  - virt_use_fusefs
 
-  - virt_sandbox_use_fusefs
 
-  register: sebool_result
 
-  failed_when: "'state' not in sebool_result and 'msg' in sebool_result and 'SELinux boolean {{ item }} does not exist' not in sebool_result.msg"
 
+  failed_when: false
 
+  changed_when: false
 
+
 
+- name: Set seboolean to allow gluster storage plugin access from containers(sandbox)
 
+  seboolean:
 
+    name: virt_sandbox_use_fusefs
 
+    state: yes
 
+    persistent: yes
 
+  when: ansible_selinux and ansible_selinux.status == "enabled" and virt_sandbox_use_fusefs_output.rc == 0

+ 15 - 1
roles/openshift_node/tasks/storage_plugins/nfs.yml
View File 

@@ -3,16 +3,30 @@
 
   action: "{{ ansible_pkg_mgr }} name=nfs-utils state=present"
 
   when: not openshift.common.is_atomic | bool
 
 
+- name: Check for existence of virt_use_nfs seboolean
 
+  command: getsebool virt_use_nfs
 
+  register: virt_use_nfs_output
 
+  when: ansible_selinux and ansible_selinux.status == "enabled"
 
+  failed_when: false
 
+  changed_when: false
 
+
 
 - name: Set seboolean to allow nfs storage plugin access from containers
 
   seboolean:
 
     name: virt_use_nfs
 
     state: yes
 
     persistent: yes
 
+  when: ansible_selinux and ansible_selinux.status == "enabled" and virt_use_nfs_output.rc == 0
 
+
 
+- name: Check for existence of virt_sandbox_use_nfs seboolean
 
+  command: getsebool virt_sandbox_use_nfs
 
+  register: virt_sandbox_use_nfs_output
 
   when: ansible_selinux and ansible_selinux.status == "enabled"
 
+  failed_when: false
 
+  changed_when: false
 
 
 - name: Set seboolean to allow nfs storage plugin access from containers(sandbox)
 
   seboolean:
 
     name: virt_sandbox_use_nfs
 
     state: yes
 
     persistent: yes
 
-  when: ansible_selinux and ansible_selinux.status == "enabled"
 
+  when: ansible_selinux and ansible_selinux.status == "enabled" and virt_sandbox_use_nfs_output.rc == 0