Bug 2091684

Summary: Add python38-libselinux package for SELINUX in Ansible
Product: [Fedora] Fedora EPEL Reporter: gabryel.mason-williams
Component: ansibleAssignee: Kevin Fenzi <kevin>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: epel8CC: a.badger, dmsimard, kevin, maxwell, patrick
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-31 18:32:12 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description gabryel.mason-williams 2022-05-30 17:37:45 UTC 
Description of problem:

Due to the recent update to Ansible 5.4.0-2.el8, it now uses python3.8. However, this causes an issue when using the ansible collection "ansible.posix.selinux" for a task. The task will fail as it requires python-libselinux. However, the only package available for python-libselinux is in python3.6, which means that the task using Ansibles built-in collection for selinux will fail as it requires packages in python3.8.  

Version-Release number of selected component (if applicable):

5.4.0-2.el8

How reproducible:

100% there's no python38-libselinux package available.

Steps to Reproduce:
1. Install Ansible 
2. Run example task ```
- name: Put SELinux in permissive mode, logging actions that would be blocked.
  ansible. posix.selinux:
    policy: targeted
    state: permissive
```

Actual results:

Error message with: "ModuleNotFoundError: No module named 'selinux'" "Failed to import the required Python library (libselinux-python)."

Expected results:

No error, libselinux to be found and changes required made. 

Additional info:
Comment 1 Maxwell G 2022-05-30 18:22:13 UTC 
Are you running this playbook against localhost or a remote host?
Comment 2 gabryel.mason-williams 2022-05-31 08:21:39 UTC 
(In reply to Maxwell G from comment #1)
> Are you running this playbook against localhost or a remote host?

The playbook is running against localhost.
Comment 3 Maxwell G 2022-05-31 12:43:12 UTC 
You should set `ansible_python_interpreter` to `/usr/bin/python3.6` or `/usr/libexec/platform-python` for localhost in your Ansible inventory. This way, the controller will still run on python3.8, but the actual modules will run on python3.6. It looks like Tomas Orsava recommended the same thing in the Bugzilla you linked.

This will bypass the need to package the selinux module for python3.8. We will still need to package python modules for python3.8 that are needed for ansible plugins that run on the controller (e.g. callback plugins, filter plugins, connection plugins).
Comment 4 Maxwell G 2022-05-31 12:55:24 UTC 
Thank you for the bug report. Please let us know if this fixes your issue.
Comment 5 gabryel.mason-williams 2022-05-31 13:57:59 UTC 
Hello, Thank you that has solved the problem.
Comment 6 Maxwell G 2022-05-31 18:32:12 UTC 
Great! I've closed this.