Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1687729

Summary: Code Change - Use dedicated Ansible module for manageing SELinux file context
Product: [oVirt] ovirt-engine-metrics Reporter: Jan Zmeskal <jzmeskal>
Component: GenericAssignee: Shirly Radco <sradco>
Status: CLOSED CURRENTRELEASE QA Contact: Lucie Leistnerova <lleistne>
Severity: low Docs Contact:
Priority: low    
Version: 1.2.0.2CC: bugs, lleistne, sradco
Target Milestone: ovirt-4.4.0Keywords: CodeChange
Target Release: ---Flags: sradco: ovirt-4.4?
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-05-20 20:00:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Metrics RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jan Zmeskal 2019-03-12 09:14:48 UTC
Description of problem:
In install_okd.yaml playbook we use shell Ansible module to manipulate SELinux file context, see here: https://gerrit.ovirt.org/#/c/97643/48/roles/oVirt.metrics-store-installation/templates/install_okd.yaml.template@56

According to Ansible documentation and best practices, using shell and command modules should be avoided unless absolutely necessary, since it:
- makes the code less maintainable
- makes the code less readable
- loses Ansible's idempotency

sefcontext Ansible module looks like a perfect fit for this: https://docs.ansible.com/ansible/latest/modules/sefcontext_module.html
According to its documentation, it's "similar to the semanage fcontext command". So it looks like it should be capable of the very same thing we do with shell module now.

Verification steps: Check that install_okd.yaml does not use shell module for task with name "Fixup SELinux permissions for elasticsearch".

Comment 2 Sandro Bonazzola 2020-05-20 20:00:22 UTC
This bugzilla is included in oVirt 4.4.0 release, published on May 20th 2020.

Since the problem described in this bug report should be
resolved in oVirt 4.4.0 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.