SELinux not disabled by default, causes Prometheus install to fail

wtripp180901 commented 2 months ago

Produced using Rocky-9-GenericCloud-Base-9.4-20240523.0.x86_64.qcow2 using a custom (non .stackhpc) environment

TASK [cloudalchemy.prometheus : Install SELinux dependencies]

failed: [testcluster-control] (item=libselinux-python) => {
    "ansible_loop_var": "item",
    "attempts": 5,
    "changed": false,
    "failures": [
        "No package libselinux-python available."
    ],
    "item": "libselinux-python",
    "rc": 1,
    "results": []
}

MSG:

Failed to install some of the specified packages

failed: [testcluster-control] (item=policycoreutils-python) => {
    "ansible_loop_var": "item",
    "attempts": 5,
    "changed": false,
    "failures": [
        "No package policycoreutils-python available."
    ],
    "item": "policycoreutils-python",
    "rc": 1,
    "results": []
}

wtripp180901 commented 2 months ago

Fixed by adding selinux_state: disabled to group_vars, however default in environments/common/inventory/group_vars/all/selinux.yml sets

selinux_state: permissive
selinux_policy: targeted

any reason for this?

verdurin commented 3 weeks ago

Hmm, I saw this, even though I'm using one of the StackHPC images.

sjpb commented 3 weeks ago

selinux is not disabled by default, hence this occurs with any unmodified cookiecutter environment regardless of image. See https://github.com/stackhpc/ansible-slurm-appliance/blob/main/environments/common/inventory/group_vars/all/selinux.yml. We do disable it in CI: https://github.com/stackhpc/ansible-slurm-appliance/blob/main/environments/.stackhpc/inventory/group_vars/selinux/overrides.yml

wtripp180901 commented 2 weeks ago

Prometheus should work with selinux enabled once https://github.com/stackhpc/ansible-slurm-appliance/pull/449 merges

stackhpc / ansible-slurm-appliance

SELinux not disabled by default, causes Prometheus install to fail #432