Description of problem: In install_okd.yaml playbook we use shell Ansible module to manipulate SELinux file context, see here: https://gerrit.ovirt.org/#/c/97643/48/roles/oVirt.metrics-store-installation/templates/install_okd.yaml.template@56 According to Ansible documentation and best practices, using shell and command modules should be avoided unless absolutely necessary, since it: - makes the code less maintainable - makes the code less readable - loses Ansible's idempotency sefcontext Ansible module looks like a perfect fit for this: https://docs.ansible.com/ansible/latest/modules/sefcontext_module.html According to its documentation, it's "similar to the semanage fcontext command". So it looks like it should be capable of the very same thing we do with shell module now. Verification steps: Check that install_okd.yaml does not use shell module for task with name "Fixup SELinux permissions for elasticsearch".
This bugzilla is included in oVirt 4.4.0 release, published on May 20th 2020. Since the problem described in this bug report should be resolved in oVirt 4.4.0 release, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report.