From 09754df82fdc33d374877991bc73d0dfaf3c412d Mon Sep 17 00:00:00 2001
From: Mark Goddard <mark@stackhpc.com>
Date: Thu, 21 May 2020 12:28:05 +0100
Subject: [PATCH] Don't disable SELinux if it is not installed

Kayobe has a role to disable SELinux. Some systems do not have SELinux
installed (this can be reproduced by removing the selinux-policy package
and removing /etc/selinux/config). This causes the selinux
Ansible module to fail, since it can't write to /etc/selinux/config:

    Please install SELinux-policy package, if this package is not
    installed previously.

This change fixes the issue by only disabling SELinux if the config file
exists.

Change-Id: I25c7282c1e8dcdee3e7feddef9d66ca5beeb1bce
Story: 2007704
Task: 39820
---
 ansible/roles/disable-selinux/tasks/main.yml                | 6 ++++++
 .../fix-disable-selinux-not-installed-eff17c715efc1fdb.yaml | 6 ++++++
 2 files changed, 12 insertions(+)
 create mode 100644 releasenotes/notes/fix-disable-selinux-not-installed-eff17c715efc1fdb.yaml

diff --git a/ansible/roles/disable-selinux/tasks/main.yml b/ansible/roles/disable-selinux/tasks/main.yml
index dfa6a50c2..ca82edab5 100644
--- a/ansible/roles/disable-selinux/tasks/main.yml
+++ b/ansible/roles/disable-selinux/tasks/main.yml
@@ -5,11 +5,17 @@
     state: present
   become: True
 
+- name: Check if SELinux configuration file exists
+  stat:
+    path: /etc/selinux/config
+  register: stat_result
+
 - name: Ensure SELinux is disabled
   selinux:
     state: disabled
   register: selinux_result
   become: True
+  when: stat_result.stat.exists
 
 - block:
     - name: Set a fact to determine whether we are running locally
diff --git a/releasenotes/notes/fix-disable-selinux-not-installed-eff17c715efc1fdb.yaml b/releasenotes/notes/fix-disable-selinux-not-installed-eff17c715efc1fdb.yaml
new file mode 100644
index 000000000..32503a09a
--- /dev/null
+++ b/releasenotes/notes/fix-disable-selinux-not-installed-eff17c715efc1fdb.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Fixes an issue where disabling SELinux would fail on systems without
+    SELinux installed. See `story 2007704
+    <https://storyboard.openstack.org/#!/story/2007704>`__.