openshift/openshift-ansible
1
0
Fork 0
mirror of https://github.com/openshift/openshift-ansible.git synced 2026-02-05 06:46:04 +01:00
Code Issues Releases Activity

OCPBUGS-30802: ipsec: Update the ipsec tasks to ensure that they are idempotent

Browse Source 
** check the number of entries with semanage. If one exists, do not re-run or it could cause install/upgrade failures.
This commit is contained in:
Brent Barbachem
2024-03-27 12:32:40 -04:00
parent 2ef36bec17
commit 6f79fba3c9
1 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
roles/openshift_node/tasks/ipsec.yml
View File

@@ -15,14 +15,27 @@
path: /var/lib/ipsec/nss
state: directory
- name: check if ipsec dir is empty
find:
paths: /var/lib/ipsec/nss
file_type: any
hidden: true
register: findFiles
- name: determine if selinux context is set
shell: semanage fcontext -l ipsec_key_file_t | grep "/var/lib/ipsec/nss" | wc -l
register: numContextEntries
- name: set nss selinux context
command: semanage fcontext -a -t ipsec_key_file_t /var/lib/ipsec/nss
shell: semanage fcontext -a -t ipsec_key_file_t /var/lib/ipsec/nss
when: numContextEntries.stdout | int < 1
- name: restore nss selinux context so it will be active
command: restorecon -r /var/lib/ipsec/nss
- name: initialize nss db
command: ipsec initnss --nssdir /var/lib/ipsec/nss
when: findFiles.matched == 0
- name: make sure proper selinux label on nss db
command: chcon -R -t ipsec_key_file_t /var/lib/ipsec/nss