--- - name: Install GlusterFS storage plugin dependencies package: name=glusterfs-fuse state=present when: not openshift_is_atomic | bool register: result until: result is succeeded - name: Check for existence of fusefs sebooleans command: getsebool {{ item }} register: fusefs_getsebool_status when: - ansible_selinux - ansible_selinux.status == "enabled" failed_when: false changed_when: false with_items: - virt_use_fusefs - virt_sandbox_use_fusefs - name: Set seboolean to allow gluster storage plugin access from containers seboolean: name: "{{ item.item }}" state: yes persistent: yes when: - ansible_selinux - ansible_selinux.status == "enabled" - item.rc == 0 # We need to detect whether or not the boolean is an alias, since `seboolean` # will error if it is an alias. We do this by inspecting stdout for the boolean name, # since getsebool prints the resolved name. (At some point Ansible's seboolean module # should learn to deal with aliases) - item.item in item.stdout # Boolean does not have an alias. - ansible_python_version is version_compare('3', '<') with_items: "{{ fusefs_getsebool_status.results }}" # Workaround for https://github.com/openshift/openshift-ansible/issues/4438 # Use command module rather than seboolean module to set GlusterFS booleans. # TODO: Remove this task and the ansible_python_version comparison in # the previous task when the problem has been addressed in current # ansible release. - name: Set seboolean to allow gluster storage plugin access from containers (python 3) command: > setsebool -P {{ item.item }} on when: - ansible_selinux - ansible_selinux.status == "enabled" - item.rc == 0 # We need to detect whether or not the boolean is an alias, since `seboolean` # will error if it is an alias. We do this by inspecting stdout for the boolean name, # since getsebool prints the resolved name. (At some point Ansible's seboolean module # should learn to deal with aliases) - item.item in item.stdout # Boolean does not have an alias. - ('--> off' in item.stdout) # Boolean is currently off. - ansible_python_version is version_compare('3', '>=') with_items: "{{ fusefs_getsebool_status.results }}"