Fix Apparmor libvirt profile removal
The apparmor_parser actually doesn't remove the file or doesn't create the symlink in '/etc/apparmor.d/disable' itself so the next run of the baremetal role will fail with the error "Unable to remove "libvirtd". Even more after reboot, the profile is still active. We need to disable the profile completly ourselves. This change fixes the idempotents of the baremetal role. Closes-Bug: #1960302 Change-Id: I162e417387393e806886b1c9ea8053b89778b4d1 Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
This commit is contained in:
parent
9449bcfb70
commit
75f55d13ad
@ -201,7 +201,11 @@
|
|||||||
when: ansible_facts.distribution == "Ubuntu"
|
when: ansible_facts.distribution == "Ubuntu"
|
||||||
|
|
||||||
- name: Remove apparmor profile for libvirt
|
- name: Remove apparmor profile for libvirt
|
||||||
command: apparmor_parser -R /etc/apparmor.d/usr.sbin.libvirtd
|
shell: |
|
||||||
|
apparmor_parser -v -R /etc/apparmor.d/usr.sbin.libvirtd && \
|
||||||
|
ln -vsf /etc/apparmor.d/usr.sbin.libvirtd /etc/apparmor.d/disable
|
||||||
|
args:
|
||||||
|
executable: /bin/bash
|
||||||
become: True
|
become: True
|
||||||
when:
|
when:
|
||||||
- ansible_facts.distribution == "Ubuntu"
|
- ansible_facts.distribution == "Ubuntu"
|
||||||
|
@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
Fixes the baremetal role to avoid an error "Unable to remove "libvirtd".
|
||||||
|
Now the symlink /etc/apparmor.d/disable/usr.sbin.libvirtd is created by
|
||||||
|
the role.
|
||||||
|
`LP#1960302 <https://bugs.launchpad.net/kolla-ansible/+bug/1960302>`__
|
Loading…
Reference in New Issue
Block a user