summaryrefslogtreecommitdiffstats
path: root/roles/openshift_node/tasks
diff options
context:
space:
mode:
authorScott Dodson <sdodson@redhat.com>2016-10-13 11:44:52 -0400
committerGitHub <noreply@github.com>2016-10-13 11:44:52 -0400
commite5ee1f1188a778ca6e3b2291d62d89f79417c63e (patch)
tree5255d9a2a0963afdbc8cfe81c9cada376eefed28 /roles/openshift_node/tasks
parent2024a1005d963bf5fe58df04b3e97afe2190f1a7 (diff)
parent08c1c8d33d749bb058319b9fce03eb177ae3d6c5 (diff)
downloadopenshift-e5ee1f1188a778ca6e3b2291d62d89f79417c63e.tar.gz
openshift-e5ee1f1188a778ca6e3b2291d62d89f79417c63e.tar.bz2
openshift-e5ee1f1188a778ca6e3b2291d62d89f79417c63e.tar.xz
openshift-e5ee1f1188a778ca6e3b2291d62d89f79417c63e.zip
Merge pull request #2586 from cgwalters/seboolean-handle-aliases
nfs: Handle seboolean aliases not just in Fedora
Diffstat (limited to 'roles/openshift_node/tasks')
-rw-r--r--roles/openshift_node/tasks/main.yml2
-rw-r--r--roles/openshift_node/tasks/storage_plugins/nfs.yml32
2 files changed, 15 insertions, 19 deletions
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index 8e9c9f511..64c90db50 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -112,6 +112,8 @@
- name: NFS storage plugin configuration
include: storage_plugins/nfs.yml
+ tags:
+ - nfs
- name: GlusterFS storage plugin configuration
include: storage_plugins/glusterfs.yml
diff --git a/roles/openshift_node/tasks/storage_plugins/nfs.yml b/roles/openshift_node/tasks/storage_plugins/nfs.yml
index 22b539d16..5f99f129c 100644
--- a/roles/openshift_node/tasks/storage_plugins/nfs.yml
+++ b/roles/openshift_node/tasks/storage_plugins/nfs.yml
@@ -3,30 +3,24 @@
action: "{{ ansible_pkg_mgr }} name=nfs-utils state=present"
when: not openshift.common.is_atomic | bool
-- name: Check for existence of virt_use_nfs seboolean
- command: getsebool virt_use_nfs
- register: virt_use_nfs_output
+- name: Check for existence of seboolean
+ command: getsebool {{ item }}
+ register: getsebool_status
when: ansible_selinux and ansible_selinux.status == "enabled"
failed_when: false
changed_when: false
+ with_items:
+ - virt_use_nfs
+ - virt_sandbox_use_nfs
- name: Set seboolean to allow nfs storage plugin access from containers
seboolean:
- name: virt_use_nfs
+ name: "{{ item.item }}"
state: yes
persistent: yes
- when: ansible_selinux and ansible_selinux.status == "enabled" and virt_use_nfs_output.rc == 0
-
-- name: Check for existence of virt_sandbox_use_nfs seboolean (RHEL)
- command: getsebool virt_sandbox_use_nfs
- register: virt_sandbox_use_nfs_output
- when: ansible_distribution != "Fedora" and ansible_selinux and ansible_selinux.status == "enabled"
- failed_when: false
- changed_when: false
-
-- name: Set seboolean to allow nfs storage plugin access from containers(sandbox) (RHEL)
- seboolean:
- name: virt_sandbox_use_nfs
- state: yes
- persistent: yes
- when: ansible_distribution != "Fedora" and ansible_selinux and ansible_selinux.status == "enabled" and virt_sandbox_use_nfs_output.rc == 0
+ # We need to detect whether or not the boolean is an alias, since `seboolean`
+ # will error if it is an alias. We do this by inspecting stdout for the boolean name,
+ # since getsebool prints the resolved name. (At some point Ansible's seboolean module
+ # should learn to deal with aliases)
+ when: ansible_selinux and ansible_selinux.status == "enabled" and item.rc == 0 and item.stdout.find(item.item) != -1
+ with_items: "{{ getsebool_status.results }}"