--- - name: Install NFS storage plugin dependencies package: name=nfs-utils state=present when: not openshift_is_atomic | bool register: result until: result is succeeded - name: Check for existence of nfs sebooleans command: getsebool {{ item }} register: nfs_getsebool_status when: - ansible_selinux - ansible_selinux.status == "enabled" failed_when: false changed_when: false with_items: - virt_use_nfs - virt_sandbox_use_nfs - name: Set seboolean to allow nfs storage plugin access from containers seboolean: name: "{{ item.item }}" state: yes persistent: yes when: - ansible_selinux - ansible_selinux.status == "enabled" - item.rc == 0 # We need to detect whether or not the boolean is an alias, since `seboolean` # will error if it is an alias. We do this by inspecting stdout for the boolean name, # since getsebool prints the resolved name. (At some point Ansible's seboolean module # should learn to deal with aliases) - item.item in item.stdout # Boolean does not have an alias. - ansible_python_version is version_compare('3', '<') with_items: "{{ nfs_getsebool_status.results }}" # Workaround for https://github.com/openshift/openshift-ansible/issues/4438 # Use command module rather than seboolean module to set NFS booleans. # TODO: Remove this task and the ansible_python_version comparison in # the previous task when the problem has been addressed in current # ansible release. - name: Set seboolean to allow nfs storage plugin access from containers (python 3) command: > setsebool -P {{ item.item }} on when: - ansible_selinux - ansible_selinux.status == "enabled" - item.rc == 0 # We need to detect whether or not the boolean is an alias, since `seboolean` # will error if it is an alias. We do this by inspecting stdout for the boolean name, # since getsebool prints the resolved name. (At some point Ansible's seboolean module # should learn to deal with aliases) - item.item in item.stdout # Boolean does not have an alias. - ('--> off' in item.stdout) # Boolean is currently off. - ansible_python_version is version_compare('3', '>=') with_items: "{{ nfs_getsebool_status.results }}"