From 0ee833432eb5d2b4998002c495ff08a65a3b26c6 Mon Sep 17 00:00:00 2001
From: Dimitri Savineau <dsavinea@redhat.com>
Date: Thu, 18 Apr 2019 10:02:12 -0400
Subject: [PATCH] ceph-nfs: apply selinux fix anyway

Because ansible_distribution_version doesn't return minor version on
CentOS with ansible 2.8 we can apply the selinux anyway but only for
CentOS/RHEL 7.
Starting RHEL 8, there's a dedicated package for selinux called
nfs-ganesha-selinux [1].

Also replace the command module + semanage by the selinux_permissive
module.

[1] https://github.com/nfs-ganesha/nfs-ganesha/commit/a7911f

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
---
 roles/ceph-nfs/tasks/ganesha_selinux_fix.yml | 41 +++++++++++---------
 roles/ceph-nfs/tasks/main.yml                |  1 -
 2 files changed, 22 insertions(+), 20 deletions(-)

diff --git a/roles/ceph-nfs/tasks/ganesha_selinux_fix.yml b/roles/ceph-nfs/tasks/ganesha_selinux_fix.yml
index b07b7c06e..2d568af0a 100644
--- a/roles/ceph-nfs/tasks/ganesha_selinux_fix.yml
+++ b/roles/ceph-nfs/tasks/ganesha_selinux_fix.yml
@@ -6,25 +6,28 @@
   failed_when: false
   check_mode: no
 
-- name: install policycoreutils-python to get semanage
-  package:
-    name: policycoreutils-python
-    state: present
-  register: result
-  until: result is succeeded
+- name: if selinux is not disable
   when: selinuxstatus.stdout != 'Disabled'
+  block:
+    - name: install policycoreutils-python
+      package:
+        name: policycoreutils-python
+        state: present
+      register: result
+      until: result is succeeded
+      when: ansible_distribution_major_version == '7'
 
-- name: test if ganesha_t is already permissive
-  shell: |
-    semanage permissive -l | grep -soq ganesha_t
-  changed_when: false
-  failed_when: false
-  register: ganesha_t_permissive
+    - name: add ganesha_t to permissive domain
+      selinux_permissive:
+        name: ganesha_t
+        permissive: true
+      failed_when: false
+      when: ansible_distribution_major_version == '7'
 
-- name: run semanage permissive -a ganesha_t
-  command: semanage permissive -a ganesha_t
-  changed_when: false
-  failed_when: false
-  when:
-    - selinuxstatus.stdout != 'Disabled'
-    - ganesha_t_permissive.rc != 0
+    - name: install nfs-ganesha-selinux on RHEL 8
+      package:
+        name: nfs-ganesha-selinux
+        state: present
+      register: result
+      until: result is succeeded
+      when: ansible_distribution_major_version == '8'
diff --git a/roles/ceph-nfs/tasks/main.yml b/roles/ceph-nfs/tasks/main.yml
index 7c3821ec8..e1c71978f 100644
--- a/roles/ceph-nfs/tasks/main.yml
+++ b/roles/ceph-nfs/tasks/main.yml
@@ -24,7 +24,6 @@
   when:
     - not containerized_deployment
     - ansible_os_family == 'RedHat'
-    - ansible_distribution_version >= '7.4'
 
 - name: include start_nfs.yml
   import_tasks: start_nfs.yml
-- 
2.39.5