lineinfile module with python3 on remote host with selinux enabled

Archives Ansible Project
1

(Cross posted from AWX group, since it’s more of an Ansible question)

I’m dealing with selinux (which I am new to), that I can’t disable in a shared env.
Remote is running python 3.5 and it’s mostly fine with the exception of these file editing modules.
They run into an issue with the libselinux-python module, which I’ve installed but the python3 version seems to have some changes.
Is this still pending support for running under python3 on the remote, or what am I missing here to get my modules working with a python3 remote and selinux?

Task:
- name: Update dockerd options and restart
lineinfile:
path: /etc/sysconfig/docker
regexp: '^OPTIONS=.*?'
insertafter: '^OPTIONS='
line: "--selinux-enabled --log-driver=journald --signature-verification=false -G dockerroot"

Output:

{
"_ansible_parsed": false,
"_ansible_no_log": false,
"module_stderr": "Shared connection to bobshost closed.\r\n",
"changed": false,
"module_stdout": "Traceback (most recent call last):\r\n File \"/home/bob/.ansible/tmp/ansible-tmp-1552573804.16-6957933190533/AnsiballZ_lineinfile.py\",
line 113, in <module>\r\n _ansiballz_main()\r\n File \"/home/bob/.ansible/tmp/ansible-tmp-1552573804.16-6957933190533/AnsiballZ_lineinfile.py\",
line 105, in _ansiballz_main\r\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\r\n File \"/home/bob/.ansible/tmp/ansible-tmp-1552573804.16-6957933190533/AnsiballZ_lineinfile.py\",
line 48, in invoke_module\r\n imp.load_module('__main__', mod, module, MOD_DESC)\r\n File \"/usr/local/lib/python3.5/imp.py\",
line 234, in load_module\r\n return load_source(name, filename, file)\r\n File \"/usr/local/lib/python3.5/imp.py\",
line 170, in load_source\r\n module = _exec(spec, sys.modules[name])\r\n File \"<frozen importlib._bootstrap>\",
line 626, in _exec\r\n File \"<frozen importlib._bootstrap_external>\",
line 662, in exec_module\r\n File \"<frozen importlib._bootstrap>\",
line 222, in _call_with_frames_removed\r\n File \"/tmp/ansible_lineinfile_payload_u1z_8ygt/__main__.py\",
line 524, in <module>\r\n File \"/tmp/ansible_lineinfile_payload_u1z_8ygt/__main__.py\",
line 515, in main\r\n File \"/tmp/ansible_lineinfile_payload_u1z_8ygt/__main__.py\",
line 388, in present\r\n File \"/tmp/ansible_lineinfile_payload_u1z_8ygt/__main__.py\",
line 220, in write_changes\r\n File \"/tmp/ansible_lineinfile_payload_u1z_8ygt/ansible_lineinfile_payload.zip/ansible/module_utils/basic.py\",
line 2521, in atomic_move\r\n File \"/tmp/ansible_lineinfile_payload_u1z_8ygt/ansible_lineinfile_payload.zip/ansible/module_utils/basic.py\",
line 1038, in selinux_enabled\r\nAttributeError: module 'selinux' has no attribute 'is_selinux_enabled'\r\n",
"rc": 1,
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error"
}

2

How did you install libselinux-python for python3? It is not available on pypi in any useful manner. The selinux python package on pypi is empty.

Typically speaking, you have to use the python version that your OS defaults to, in order to use the python selinux bindings.

We have been discussing how we might be able to support something like this for RHEL7, and I have a proof of concept way of building a libselinux-python wheel file that can be installed (https://github.com/sivel/libselinux-python-wheels), depending on SCL, but that is far from being a recommendation at this point.

3

That explains it. Didn’t realize the pypi package was empty (or think to check, oops). TYVM.
I have a python setup in a git repo I ship around between servers since we have a lot of custom and compiled stuff already, so I’m fairly well positioned to give your POC a try and will give any relevant feedback over there.

Thanks!