From ce976181d94be39c5510252c1faef4e796bc48c3 Mon Sep 17 00:00:00 2001
From: Andrew Butcher <abutcher@redhat.com>
Date: Sun, 17 Jul 2016 18:11:59 -0400
Subject: Check for existence of sebooleans prior to setting.

---
 .../tasks/storage_plugins/glusterfs.yml            | 30 +++++++++++++++++-----
 roles/openshift_node/tasks/storage_plugins/nfs.yml | 16 +++++++++++-
 2 files changed, 38 insertions(+), 8 deletions(-)

(limited to 'roles/openshift_node/tasks')

diff --git a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml
index 8fc8497fa..4fd9cd10b 100644
--- a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml
+++ b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml
@@ -3,14 +3,30 @@
   action: "{{ ansible_pkg_mgr }} name=glusterfs-fuse state=present"
   when: not openshift.common.is_atomic | bool
 
-- name: Set sebooleans to allow gluster storage plugin access from containers
+- name: Check for existence of virt_use_fusefs seboolean
+  command: getsebool virt_use_fusefs
+  register: virt_use_fusefs_output
+  when: ansible_selinux and ansible_selinux.status == "enabled"
+  failed_when: false
+  changed_when: false
+
+- name: Set seboolean to allow gluster storage plugin access from containers
   seboolean:
-    name: "{{ item }}"
+    name: virt_use_fusefs
     state: yes
     persistent: yes
+  when: ansible_selinux and ansible_selinux.status == "enabled" and virt_use_fusefs_output.rc == 0
+
+- name: Check for existence of virt_sandbox_use_fusefs seboolean
+  command: getsebool virt_sandbox_use_fusefs
+  register: virt_sandbox_use_fusefs_output
   when: ansible_selinux and ansible_selinux.status == "enabled"
-  with_items:
-  - virt_use_fusefs
-  - virt_sandbox_use_fusefs
-  register: sebool_result
-  failed_when: "'state' not in sebool_result and 'msg' in sebool_result and 'SELinux boolean {{ item }} does not exist' not in sebool_result.msg"
+  failed_when: false
+  changed_when: false
+
+- name: Set seboolean to allow gluster storage plugin access from containers(sandbox)
+  seboolean:
+    name: virt_sandbox_use_fusefs
+    state: yes
+    persistent: yes
+  when: ansible_selinux and ansible_selinux.status == "enabled" and virt_sandbox_use_fusefs_output.rc == 0
diff --git a/roles/openshift_node/tasks/storage_plugins/nfs.yml b/roles/openshift_node/tasks/storage_plugins/nfs.yml
index 8380714d4..e384c1bd7 100644
--- a/roles/openshift_node/tasks/storage_plugins/nfs.yml
+++ b/roles/openshift_node/tasks/storage_plugins/nfs.yml
@@ -3,16 +3,30 @@
   action: "{{ ansible_pkg_mgr }} name=nfs-utils state=present"
   when: not openshift.common.is_atomic | bool
 
+- name: Check for existence of virt_use_nfs seboolean
+  command: getsebool virt_use_nfs
+  register: virt_use_nfs_output
+  when: ansible_selinux and ansible_selinux.status == "enabled"
+  failed_when: false
+  changed_when: false
+
 - name: Set seboolean to allow nfs storage plugin access from containers
   seboolean:
     name: virt_use_nfs
     state: yes
     persistent: yes
+  when: ansible_selinux and ansible_selinux.status == "enabled" and virt_use_nfs_output.rc == 0
+
+- name: Check for existence of virt_sandbox_use_nfs seboolean
+  command: getsebool virt_sandbox_use_nfs
+  register: virt_sandbox_use_nfs_output
   when: ansible_selinux and ansible_selinux.status == "enabled"
+  failed_when: false
+  changed_when: false
 
 - name: Set seboolean to allow nfs storage plugin access from containers(sandbox)
   seboolean:
     name: virt_sandbox_use_nfs
     state: yes
     persistent: yes
-  when: ansible_selinux and ansible_selinux.status == "enabled"
+  when: ansible_selinux and ansible_selinux.status == "enabled" and virt_sandbox_use_nfs_output.rc == 0
-- 
cgit v1.2.3