diff options
| author | Andrew Butcher <abutcher@redhat.com> | 2016-07-17 18:11:59 -0400 |
|---|---|---|
| committer | Andrew Butcher <abutcher@redhat.com> | 2016-07-18 09:33:47 -0400 |
| commit | ce976181d94be39c5510252c1faef4e796bc48c3 (patch) | |
| tree | 22f1aefacaaadd43eb437851848b4c439a21b51b /roles/openshift_node | |
| parent | 166db870ed38eaff45a040128c9f4aca252f25d0 (diff) | |
| download | openshift-ce976181d94be39c5510252c1faef4e796bc48c3.tar.gz openshift-ce976181d94be39c5510252c1faef4e796bc48c3.tar.bz2 openshift-ce976181d94be39c5510252c1faef4e796bc48c3.tar.xz openshift-ce976181d94be39c5510252c1faef4e796bc48c3.zip | |
Check for existence of sebooleans prior to setting.
Diffstat (limited to 'roles/openshift_node')
| -rw-r--r-- | roles/openshift_node/tasks/storage_plugins/glusterfs.yml | 30 | ||||
| -rw-r--r-- | roles/openshift_node/tasks/storage_plugins/nfs.yml | 16 |
2 files changed, 38 insertions, 8 deletions
diff --git a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml index 8fc8497fa..4fd9cd10b 100644 --- a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml +++ b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml @@ -3,14 +3,30 @@ action: "{{ ansible_pkg_mgr }} name=glusterfs-fuse state=present" when: not openshift.common.is_atomic | bool -- name: Set sebooleans to allow gluster storage plugin access from containers +- name: Check for existence of virt_use_fusefs seboolean + command: getsebool virt_use_fusefs + register: virt_use_fusefs_output + when: ansible_selinux and ansible_selinux.status == "enabled" + failed_when: false + changed_when: false + +- name: Set seboolean to allow gluster storage plugin access from containers seboolean: - name: "{{ item }}" + name: virt_use_fusefs state: yes persistent: yes + when: ansible_selinux and ansible_selinux.status == "enabled" and virt_use_fusefs_output.rc == 0 + +- name: Check for existence of virt_sandbox_use_fusefs seboolean + command: getsebool virt_sandbox_use_fusefs + register: virt_sandbox_use_fusefs_output when: ansible_selinux and ansible_selinux.status == "enabled" - with_items: - - virt_use_fusefs - - virt_sandbox_use_fusefs - register: sebool_result - failed_when: "'state' not in sebool_result and 'msg' in sebool_result and 'SELinux boolean {{ item }} does not exist' not in sebool_result.msg" + failed_when: false + changed_when: false + +- name: Set seboolean to allow gluster storage plugin access from containers(sandbox) + seboolean: + name: virt_sandbox_use_fusefs + state: yes + persistent: yes + when: ansible_selinux and ansible_selinux.status == "enabled" and virt_sandbox_use_fusefs_output.rc == 0 diff --git a/roles/openshift_node/tasks/storage_plugins/nfs.yml b/roles/openshift_node/tasks/storage_plugins/nfs.yml index 8380714d4..e384c1bd7 100644 --- a/roles/openshift_node/tasks/storage_plugins/nfs.yml +++ b/roles/openshift_node/tasks/storage_plugins/nfs.yml @@ -3,16 +3,30 @@ action: "{{ ansible_pkg_mgr }} name=nfs-utils state=present" when: not openshift.common.is_atomic | bool +- name: Check for existence of virt_use_nfs seboolean + command: getsebool virt_use_nfs + register: virt_use_nfs_output + when: ansible_selinux and ansible_selinux.status == "enabled" + failed_when: false + changed_when: false + - name: Set seboolean to allow nfs storage plugin access from containers seboolean: name: virt_use_nfs state: yes persistent: yes + when: ansible_selinux and ansible_selinux.status == "enabled" and virt_use_nfs_output.rc == 0 + +- name: Check for existence of virt_sandbox_use_nfs seboolean + command: getsebool virt_sandbox_use_nfs + register: virt_sandbox_use_nfs_output when: ansible_selinux and ansible_selinux.status == "enabled" + failed_when: false + changed_when: false - name: Set seboolean to allow nfs storage plugin access from containers(sandbox) seboolean: name: virt_sandbox_use_nfs state: yes persistent: yes - when: ansible_selinux and ansible_selinux.status == "enabled" + when: ansible_selinux and ansible_selinux.status == "enabled" and virt_sandbox_use_nfs_output.rc == 0 |