From bc4c7edbadc894261289fa9f9f8f8832e3aa06ea Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Fri, 23 Dec 2022 06:58:18 -0600 Subject: [PATCH] r/base: Clear facts after installing python-selinux If the Python bindings for SELinux policy management are not installed when Ansible gathers host facts, no SELinux-related facts will be set. Thus, any tasks that are conditional based on these facts will not run. Typically, such tasks are required for SELinux-enabled hosts, but must not be performed for non-SELinux hosts. If they are not run when they should, the deployment may fail or applications may experience issues at runtime. To avoid these potential issues, the *base* role now forces Ansible to gather facts again if it installed the Python SELinux bindings. Note: one might suggest using `meta: clear_facts` instead of `setup` and letting Ansible decide if and when to gather facts again. Unfortunately, this for some reason doesn't work; the `clear_facts` meta task just causes Ansible to crash with a "shared connection to {host} closed." --- roles/base/handlers/main.yml | 2 ++ roles/base/tasks/main.yml | 2 ++ 2 files changed, 4 insertions(+) create mode 100644 roles/base/handlers/main.yml diff --git a/roles/base/handlers/main.yml b/roles/base/handlers/main.yml new file mode 100644 index 0000000..f603197 --- /dev/null +++ b/roles/base/handlers/main.yml @@ -0,0 +1,2 @@ +- name: gather facts + setup: diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index 5df1ad1..a7efad4 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -10,6 +10,8 @@ package: name: '{{ selinux_python_libs }}' state: present + notify: + - gather facts tags: - install