Fix remove libvirt apparmor disabled profile

The bootstrap process tries to removes existing apparmor profiles but doesn't consider the case where those are disabled. This change fixes the scenario where the libvirt profile exists but is disabled. Closes-Bug: 1909874 Change-Id: Ied0f2acc420bd5cf1e092c8aee358cba35bd8d5d
2021-01-02 11:55:12 -08:00 · 2021-01-02 11:55:12 -08:00 · 891ec51dd4
commit 891ec51dd4
parent 045c2f1565
2 changed files with 13 additions and 0 deletions
--- a/ansible/roles/baremetal/tasks/post-install.yml
+++ b/ansible/roles/baremetal/tasks/post-install.yml
@ -152,12 +152,19 @@
  register: apparmor_libvirtd_profile
  when: ansible_distribution == "Ubuntu"

+- name: Get stat of libvirtd apparmor disable profile
+  stat:
+    path: /etc/apparmor.d/disable/usr.sbin.libvirtd
+  register: apparmor_libvirtd_disable_profile
+  when: ansible_distribution == "Ubuntu"
+
 - name: Remove apparmor profile for libvirt
  command: apparmor_parser -R /etc/apparmor.d/usr.sbin.libvirtd
  become: True
  when:
    - ansible_distribution == "Ubuntu"
    - apparmor_libvirtd_profile.stat.exists
+    - not apparmor_libvirtd_disable_profile.stat.exists

 - name: Get stat of chronyd apparmor profile
  stat:
--- a/releasenotes/notes/fix-remove-libvirt-apparmor-disabled-profile-2cab584eec729b71.yaml
+++ b/releasenotes/notes/fix-remove-libvirt-apparmor-disabled-profile-2cab584eec729b71.yaml
@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Fixes an issue where the Libvirt AppArmor profile is disable and the
+    bootstrap-servers process tries to remove it. See `bug 1909874
+    <https://bugs.launchpad.net/kolla-ansible/+bug/1909874>`__ for details.