setup module fails with AttributeError: 'module' object has no attribute 'selinux_getpolicytype' in get_selinux_facts on Fedora Stream 8

[Minivolk02]

Environment:

• Cloud provider or hardware configuration: python3.11

• OS (printf "$(uname -srm)\n$(cat /etc/os-release)\n"): NAME="CentOS Stream" VERSION="8" ID="centos" ID_LIKE="rhel fedora" VERSION_ID="8" PLATFORM_ID="platform:el8" PRETTY_NAME="CentOS Stream 8" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:centos:centos:8" HOME_URL="https://centos.org/" BUG_REPORT_URL="https://bugzilla.redhat.com/" REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux 8" REDHAT_SUPPORT_PRODUCT_VERSION="CentOS Stream

• Version of Ansible (ansible --version):

• Version of Python (python --version): python3.11

Kubespray version (commit) (git rev-parse --short HEAD):

Network plugin used: calico

Full inventory with variables (ansible -i inventory/sample/inventory.ini all -m debug -a "var=hostvars[inventory_hostname]"):

Command used to invoke ansible:

Output of ansible run:

Anything else do we need to know:

[jamallorock]

I have the same problem with oracle linux 8.8 and python 3.11 :

TASK [kubernetes/preinstall : Set selinux policy] ******************************************************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: AttributeError: module 'selinux' has no attribute 'selinux_getpolicytype'
fatal: [redacted]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n  File \"<stdin>\", line 107, in <module>\n  File \"<stdin>\", line 99, in _ansiballz_main\n  File \"<stdin>\", line 47, in invoke_module\n  File \"<frozen runpy>\", line 226, in run_module\n  File \"<frozen runpy>\", line 98, in _run_module_code\n  File \"<frozen runpy>\", line 88, in _run_code\n  File \"/tmp/ansible_ansible.posix.selinux_payload_vv6y9kx6/ansible_ansible.posix.selinux_payload.zip/ansible_collections/ansible/posix/plugins/modules/selinux.py\", line 347, in <module>\n  File \"/tmp/ansible_ansible.posix.selinux_payload_vv6y9kx6/ansible_ansible.posix.selinux_payload.zip/ansible_collections/ansible/posix/plugins/modules/selinux.py\", line 249, in main\nAttributeError: module 'selinux' has no attribute 'selinux_getpolicytype'\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

[mator]

i have the same error on oracle linux 8 and python 3.11

can't use default python-3.6 because it's too old (actually pip3 from python 3.6 branch is too old, complaining about upgrade) and you can't install ansible or cryptography module with 3.6 python... and python3-libselinux-2.9-8.el8.x86_64 is compiled against python-3.6 , so can't be used with version 3.11

i have to take libselinux-2.9-8.el8.src.rpm sources package, and rebuild it against python3.11:

$ diff -u rpmbuild/SPECS/libselinux.spec_orig rpmbuild/SPECS/libselinux.spec
--- rpmbuild/SPECS/libselinux.spec_orig 2023-03-31 14:44:11.000000000 +0300
+++ rpmbuild/SPECS/libselinux.spec      2023-11-21 17:57:34.663611290 +0300
@@ -40,7 +40,7 @@
 %else
 BuildRequires: libsepol-static >= %{libsepolver} swig pcre2-devel xz-devel
 %endif
-BuildRequires: python3 python3-devel
+BuildRequires: python3.11 python3.11-devel
 %if 0%{?with_python2}
 BuildRequires: python2 python2-devel
 %endif

rpm rebuild:

$ yumdownload --source libselinux
$ rpm -ivh libselinux-2.9-8.el8.src.rpm
$ patch -p1 < libselinux-python-3.11.patch
$ rpmbuild -bb rpmbuild/SPECS/libselinux.spec
$ rpm --reinstall rpmbuild/RPMS/x86_64/python3-libselinux-2.9-8.el8.x86_64.rpm

and only after that ansible selinux linux problem vanished. And I suggest to reinstall/restore original python3-libselinux package (linked to python 3.6) after k8s installation.

PS: or don't use oracle linux as a host on which you run kubespray, use some other linux distribution, like ubuntu 22.04, which does not have multiple python versions.

PS2: does it makes sense to patch kubespray to skip selinux setup on oracle linux 8 hosts?

[VannTen]

Upstream issue (look like) : https://github.com/ansible-collections/ansible.posix/issues/502

PS2: does it makes sense to patch kubespray to skip selinux setup on oracle linux 8 hosts?

I would lean towards no, but maybe others have a different opinions...

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle rotten
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[javasparx]

QUICK FIX / HOT FIX FOR LAZY PEOPLE LIKE ME ))

• open selinux config file on the host server cat /etc/selinux/config

• find SELINUXTYPE param, eg. for me it was SELINUXTYPE=targeted, remember value targeted

• edit file selinux.py nano $(kubespray_dir)/.venv/lib/$(which python3)/site-packages/ansible_collections/ansible/posix/plugins/modules/selinux.py

• find line runtime_policy = selinux.selinux_getpolicytype()[1], optionally you can comment the line (put # before the line), and put value from SELINUXTYPE for variable runtime_policy , result in my case:

... #runtime_policy = selinux.selinux_getpolicytype()[1] runtime_policy = 'targeted' ...

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue with /reopen
• Mark this issue as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

[k8s-ci-robot]

@k8s-triage-robot: Closing this issue, marking it as "Not Planned".

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue with /reopen
• Mark this issue as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.