From 7582fe41352f3356b1f7e09325a8ec051e1c8610 Mon Sep 17 00:00:00 2001 From: Adam DeConinck Date: Fri, 22 Apr 2022 22:04:40 +0000 Subject: [PATCH] Check for SELinux disabled in Ansible tasks In tasks that interact with SELinux, add a check so we skip the task if SELinux is fully disabled (rather than just in permissive mode) --- roles/nvidia-dgx/tasks/configure-raid.yml | 4 +++- roles/slurm/tasks/controller.yml | 8 ++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/roles/nvidia-dgx/tasks/configure-raid.yml b/roles/nvidia-dgx/tasks/configure-raid.yml index 44c3e9b23..e0e091414 100644 --- a/roles/nvidia-dgx/tasks/configure-raid.yml +++ b/roles/nvidia-dgx/tasks/configure-raid.yml @@ -14,5 +14,7 @@ - name: Restore SELinux label on RAID array command: restorecon /raid - when: ansible_os_family == 'RedHat' + when: + - ansible_os_family == 'RedHat' + - (ansible_selinux is defined) and (ansible_selinux.status != "disabled") notify: restart cachefilesd diff --git a/roles/slurm/tasks/controller.yml b/roles/slurm/tasks/controller.yml index cdb2da46d..2cfbfe5a7 100644 --- a/roles/slurm/tasks/controller.yml +++ b/roles/slurm/tasks/controller.yml @@ -39,11 +39,15 @@ target: '/lib64(/.*)?' setype: mysqld_db_t state: present - when: ansible_os_family == "RedHat" + when: + - ansible_os_family == "RedHat" + - (ansible_selinux is defined) and (ansible_selinux.status != "disabled") - name: Apply new SELinux file context to filesystem command: restorecon -irv /lib64 - when: ansible_os_family == "RedHat" + when: + - ansible_os_family == "RedHat" + - (ansible_selinux is defined) and (ansible_selinux.status != "disabled") - name: start mariadb systemd: