From d6047e6f41b793a54389a94d19ac740293b1bed6 Mon Sep 17 00:00:00 2001
From: entlein <einentlein@gmail.com>
Date: Thu, 30 Jun 2022 17:22:33 +0200
Subject: [PATCH] what a giant mess

---
 roles/rke2/handlers/main.yml     |  7 +++++++
 roles/rke2/tasks/fix_selinux.yml | 24 ++++++++++++------------
 2 files changed, 19 insertions(+), 12 deletions(-)

diff --git a/roles/rke2/handlers/main.yml b/roles/rke2/handlers/main.yml
index 75b35a8..5389b9e 100644
--- a/roles/rke2/handlers/main.yml
+++ b/roles/rke2/handlers/main.yml
@@ -14,6 +14,13 @@
     enabled: yes
     state: restarted
     daemon_reload: yes
+  notify:
+     - enable SELinux
+
+- name: enable SELinux
+  selinux:
+    policy: targeted
+    state: enforcing
 
 - name: reload rke2
   ansible.builtin.systemd:
diff --git a/roles/rke2/tasks/fix_selinux.yml b/roles/rke2/tasks/fix_selinux.yml
index bc73ce7..af34d12 100644
--- a/roles/rke2/tasks/fix_selinux.yml
+++ b/roles/rke2/tasks/fix_selinux.yml
@@ -3,14 +3,14 @@
     timeout: 45
   delegate_to: localhost
 
-- name: kill the openstack ccm pods to make sure they boot in permissive mode
-  shell: "/var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml rollout restart -n kube-system ds openstack-cloud-controller-manager "
-  register: openstack_ccm_ready
-  until: openstack_ccm_ready.stdout
-  retries: 2
-  delay: 30
-  when: ( 'master' in group_names )
-  ignore_errors: True
+#- name: kill the openstack ccm pods to make sure they boot in permissive mode
+#  shell: "/var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml rollout restart -n kube-system ds openstack-cloud-controller-manager "
+#  register: openstack_ccm_ready
+#  until: openstack_ccm_ready.stdout
+#  retries: 2
+#  delay: 30
+#  when: ( 'master' in group_names )
+#  ignore_errors: True
 
 - name: Sleep for another 30 seconds so that the OS-CCM has had time to boot up
   ansible.builtin.wait_for:
@@ -40,7 +40,7 @@
 #   ignore_errors: True
 
 
-- name: Enable SELinux
-  selinux:
-    policy: targeted
-    state: enforcing
\ No newline at end of file
+# - name: Enable SELinux
+#   selinux:
+#     policy: targeted
+#     state: enforcing
\ No newline at end of file
-- 
GitLab