ansible-role-samba icon indicating copy to clipboard operation
ansible-role-samba copied to clipboard

Published 20 hours ago verified publisher icon bertvv

Changed selinux_packages for CentOS 8

Open tvartom opened this issue 5 years ago • 9 comments
trafficstars

The selinux_package libsemanage-python is replaced by python3-libsemanage in CentOS 8. I had to tweak the including of OS specific variables to handle different versions. Possibly, it is the same for RHEL 8, but I have no chance to test it, and it is a bit strange to make an include which mixes ansible_os_family with the version of the distribution.

tvartom avatar Jan 07 '20 22:01 tvartom

A simpler solution would be to just edit vars/os_RedHat.yml With: samba_selinux_packages: - "{{ 'python3-libsemanage' if ansible_distribution_major_version|int >= 8 else 'libsemanage-python' }}" if someone can confirm that RHEL 8 also need the same change. (Above code is not tested)

tvartom avatar Jan 08 '20 08:01 tvartom

I've suggested a very similar approach in the issue #54 but also only tested on CentOS 8, though I don't see why there should be a difference with RHEL 8.

ericzolf avatar Jun 03 '20 15:06 ericzolf

And I realise that it is just a different approach to previous PR #46

ericzolf avatar Jun 03 '20 15:06 ericzolf

Needed for Fedora 32 server too

yodatak avatar Jun 05 '20 01:06 yodatak

I think it would be better to detect the python version on the target and use that to determine which python package should be installed.

For example:

- name: Install SELinux python package
  package:
    name: "{{ samba_python2_selinux_packages }}"
    state: present
  when: ansible_selinux is defined and ansible_selinux.status == 'enabled' and ansible_python.version.major < 3
  tags: samba

- name: Install SELinux python3 package
  package:
    name: "{{ samba_selinux_packages }}"
    state: present
  when: ansible_selinux is defined and ansible_selinux.status == 'enabled' and ansible_python.version.major == 3
  tags: samba

where

samba_selinux_packages:
  - python3-libsemanage

samba_python2_selinux_packages:
  - libsemanage-python

@bertvv do you need some help in maintaining this role? It seems a lot of PRs are open with valid fixes but nothing is getting merged ...

aairey avatar Nov 13 '20 21:11 aairey

@aairey basing the decision on the python version could be a good idea, but I don't think it works under ArchLinux and your code could be made simpler:

- name: Install SELinux python3 package
  package:
    name: "{{ samba_selinux_packages[ansible_python.version.major] }}"
    state: present
  when: ansible_selinux is defined and ansible_selinux.status == 'enabled'
  tags: samba

where the variable is a dictionary of lists:

# RedHat
samba_selinux_packages:
  2:
  - libsemanage-python
  3:
  - python3-libsemanage
#ArchLinux
samba_selinux_packages
  2: [ ]
  3: [ ]

Once Python 4 is out, you only add a new key to the dictionary.

ericzolf avatar Nov 14 '20 06:11 ericzolf

... but I don't think it works under ArchLinux ...

Did you run gather_facts for the target node before reaching this point? Because that is required to get the ansible facts populated.

aairey avatar Nov 15 '20 10:11 aairey

Nothing to do with facts, I didn't try as I don't have ArchLinux, but I couldn't find an ArchLinux package containing the name libsemanage even though it uses Python 3. And, generally, I'm trying to avoid successive when statements as it means useless "skip" messages and doesn't scale well with the number of cases.

ericzolf avatar Nov 15 '20 10:11 ericzolf

@ericzolf it wasn't clear why "it did not work" on ArchLinux from your message. I suspected it was complaining about the ansible_python variable not being set as this role does not issue a gather_facts.

Anyways, I think you need selinux-python from the AUR on ArchLinux (and selinux-python2 for Python2). https://wiki.archlinux.org/index.php/SELinux

aairey avatar Nov 16 '20 13:11 aairey