How to copy rpm file from local to remote if selinux is enabled

Get Help
, , ,
1

Hi,

I am trying to create one ansible playbook that will copy the rpm file for libselinux-python-2.5-15.el7.x86_64.rpm on the remote machine and then install it so that the rest of the tasks which requires this library can be executed

- name: Copy SELinux library
  copy:
    src: /git/telegraf/libselinux-python-2.5-15.el7.x86_64.rpm
    dest: /tmp/
  tags: packages

- name: Install SELinux library
  yum:
    name: /tmp/libselinux-python-2.5-15.el7.x86_64.rpm
    state: present
    disable_gpg_check: yes
    disablerepo: local
  when: selinux_lib_installed.rc != 0
  tags: package

s

The issue is that selinux is enabled in permissive mode on the remote server.So I am getting this error on copying the rpm itself.

TASK [telegraf : Copy SELinux library] *****************************************

fatal: [ilgss0979]: FAILED! => {“changed”: false, “checksum”: “b19890139b8233801eca80a133b1ae78257d9aa4”, “failed_when_result”: true, “msg”: “Aborting, target uses selinux but python bindings (libselinux-python) aren’t installed!”}

So how can I fix this

2

Hey, Mohammed! It’s telling you that, in order to install that RPM (libselinux-python-2.5-15.el7.x86_64.rpm), a dependent RPM (libselinux-python) ALSO needs to be installed. Is there a reason that you can’t just do an installation of libselinux-python via ansible.builtin.yum? Is the system not connected to software repositories? Copying individual RPMs to the system seems like a terribly convoluted way of doing things. Is this system air-gapped or something?

1 Like
3

Hi @ThomasCameron512 ,

Thanks for the quick response.

Yes.The system is air-gapped.We don’t have internet connectivity to install packages via yum.

4

You can create repositories using the reposync functionality of yum. Have a look at https://www.redhat.com/sysadmin/how-mirror-repository for details. You can mirror the repos on one machine, then copy the repo to a thumb drive and attach to the air-gapped network if that doesn’t violate any security policies. I’ll leave that up to you. But you very well may want to mirror the RHEL 7 repos and make them available on your air-gapped network, it’ll make your life a lot easier.