[Ansible] Solution for "(libselinux-python) aren't installed!" for CentOS 6 Playbook
table of contents
Hello everyone.
I'm Naka, a member of the System Solutions Department, and I have a sudden craving for tsukemen and pasta.
When trying to update or change a manually managed CentOS 6 environment using Ansible, it is easy to encounter the error (libselinux-python) aren't installed! "
This error is likely to be fixed manually
However, it a hassle to have to manually handle all the machines before you can manage them all with Ansible, even though there are so many of them .
So I thought, " It would be easy if I could solve that problem with Ansible," and wrote a Playbook.
This time, we will introduce and explain the "Playbook for resolving '(libselinux-python) aren't installed!' for CentOS 6."
Introduction
- We do not recommend using it on CentOS 6.
a temporary solution for CentOS 6 due to unavoidable reasons . - This is a version that is no longer supported.
is also a temporary solution is not intended to be recommended.
Basic causes
(libselinux-python) isn't installed!
When using modules that change, such as file operations,
- not completely disabled
- And (※1) libselinux-python package is not installed (※2)
This is the error that occurs when
*1. If SELinux is disabled, this error will not occur.
*2. Ansible runs on Python, so this is required for Python to operate SELinux.
* For Python 3, the required libselinux is "python3-libselinux," but this does not appear to be generally available for CentOS 6.
Manual Solution
# sudo yum install libselinux-python
This problem will basically be resolved if you install "libselinux-python" on the target side
* For Python 3, use "python3-libselinux"
However, CentOS 6 is EOL, a high possibility that yum will not be usable if the repository remains at the default setting .
In that case you will need to do a local install using wget & rpm from an available repository
Therefore, manual response across multiple environments is quite difficult
Q. Why change it in a playbook?
A. This is not only because you want to work with Ansible but it's a hassle to do the manual work beforehand, but also because it's easy to think,
"If manual work is necessary, then I might as well do it all manually," so it's to prevent this from becoming counterproductive.Therefore, our stance is, "We would like to actively move towards Ansible as much as possible for things that can be done stably with Ansible."
Q. Will it not be compatible with CentOS 7?
A. I think it would be smarter to handle version differences by separating the Playbooks and making judgments/branching at the include/import stage
I was wondering whether to make it compatible, but it already includes a branch for when "yum" cannot be used, which makes it a bit complicated
The repository directory hierarchy names may change depending on the OS version, which will further increase the number of branches
We decided not to include version branching within a single Playbook because we felt it would reduce readability and maintainability
Execution environment
■ Linux environment
OS: AlmaLinux release 8.5 (WSL2 environment)
Shell: Bash
Docker: 26.1.0, build 9714adc■ Ansible environment (Docker container in WSL2)
OS: AlmaLinux release 8.9
Ansible: Ansible-core 2.12.10■ Windows environment
OS: Windows 11 Pro (version: 23H2)
Language setting: Changed to Japanese■ CentOS 6 environment (Vagrant + VirtualBox)
OS: CentOS 6.9 (bento / centos-6.9)
Vagrant: 2.4.1
VirtualBox: 7.0.18 r162988 (Qt5.15.2)
IP: 192.168.33.15
Ansible 2.12 environment construction procedure
we will use compatible version (2.12)
In the previous article, we explained how to build Ansible 2.12, so please refer to this
[Ansible 2.12] Build an Ansible execution environment for CentOS 6 using Docker in WSL2
Playbook
This is intended as a preventative measure, so that when you run a playbook in a CentOS 6 environment, "if you include/import it first, you can run it without errors "
*Of course, it is also possible to resolve the issue by using this Playbook after the error has occurred
libselinux-python_wget.yml
This Playbook is loaded using import_tasks in main.yml.
(The author prefers to separate Playbooks for each role to improve reusability, readability, and maintainability.)
--- ## Variable default # wget_repo | default ("http://ftp.iij.ad.jp/pub/linux/centos-vault") - name: Check SELinux ansible.builtin.command: cmd: getenforce register: SELinux_result - ansible.builtin.debug: var: SELinux_result.stdout - name: Check libeselinux-python ansible.builtin.shell: cmd: rpm -aq | grep libselinux-python register: rpm_result ignore_errors: yes - ansible.builtin.debug: var: rpm_result.stdout # If SELinux is disabled, Ansible can be run without any additions, so it will not be executed. # Also, if libselinux-python is already installed, it will not be executed. - name: yum install libselinux-python ansible.builtin.yum: name: libselinux-python state: present register: yum_libselinux_result ignore_errors: yes when: not ( SELinux_result.stdout is search("disabled") ) and not ( rpm_result.stdout is search("libselinux-python*")) # If installation with yum fails, install with wget - name: Setup libselinux-python when: yum_libselinux_result is failed and not ( rpm_result.stdout is search("libselinux-python*")) block: # Since the package name changes depending on the version, store the HTML of the package list in a variable -name: Get OS_version Packages ansible.builtin.uri: url: "{{ wget_repo | default('http://ftp.iij.ad.jp/pub/linux/centos-vault') }}/{{ ansible_distribution_version }}/os/x86_64/Packages/" method: GET return_content: yes register: packages_content # Get the rpm name of "libselinux-python" from HTML - name: Extract rpm_name ansible.builtin.set_fact: rpm_name: "{{ packages_content.content | regex_search('libselinux-python-(.*?)\\.x86_64\\.rpm') }}" - ansible.builtin.debug: var: rpm_name # Download with the obtained rpm name - name: Download libselinux-python ansible.builtin.get_url: url: "{{ wget_repo | default('http://ftp.iij.ad.jp/pub/linux/centos-vault') }}/{{ ansible_distribution_version }}/os/x86_64/Packages/{{ rpm_name }}" dest: "/tmp/{{ rpm_name }}" # Install with rpm for situations where yum cannot be used - name: Install libselinux-python ansible.builtin.command: rpm -ivh /tmp/"{{ rpm_name }}"
I've written most of my intentions in the comments, but I'll explain them below
# wget_repo: | default ("http://ftp.iij.ad.jp/pub/linux/centos-vault")
If you cannot use yum, get libselinux-python directly from the repository:
The repository to be used is specified using a variable, but if no variable is specified, a comment is added at the beginning to clearly state that the repository used is from IIJ
- name:Check SELinux
- name:Check libeselinux-python
In an environment where SELinux is disabled, it is not necessary because it will run without "libselinux-python".
First, check the status and then enter it into the variable for judgment.
Also, considering that yum cannot be used on CentOS 6 , we check whether the package has been installed using rpm from the Shell module.
This is also saved in a variable for the purpose of judgment.
- name: yum install libselinux-python
Run this command the SELinux status not "disabled" and "libselinux-python" is not installed
Try installing it using the yum module, and if it says Installed or Already Installed, then it's OK
If "yum" cannot be used and fails, continue with "ignore_errors: yes" , but store the fact that the task failed in a variable for judgment, and attempt to retrieve directly from the repository in subsequent tasks.
- name:Setup libselinux-python
when:yum_libselinux_result is failed
block:
when installation with "yum" fails (when condition).
retrieves packages directly from the repository and installs them with rpm .
First, use the "ansible_distribution_version" from ansible_facts to get the official package name of "libselinux-python" from the directory hierarchy of the repository that matches the minor version of the OS and save it as a variable
Then use that variable to download it using the get_uri module and install it locally using rpm via the command module
Example
Inventory file for verification environment
The default setting for CentOS 6 (bento/centos-6.9) was password authentication, but since environments using password authentication ( not recommended ) may exist, we tested it in this state this time.
-- all: vars: ansible_user: vagrant hosts: targetnode: ansible_host: 192.168.33.15 ansible_ssh_pass: vagrant
main.yml
Instead of writing tasks in main.yml, I use import_tasks to load Playbooks.
(The author prefers to separate Playbooks for different roles to improve reusability, readability, and maintainability.)
- name: libselinux-python hosts: targetnode< become: yes vars: wget_repo: "http://ftp.iij.ad.jp/pub/linux/centos-vault" tasks - name: Include libeselinux-python(wget) ansible.builtin.import_tasks: libselinux-python_wget.yml
Playbook execution
In this article, we will run it from a container with an older Ansible version
[root@author's container environment work]# ansible-playbook -i hosts main.yml
lastly
Although it takes time and effort, I tried to standardize the tasks into Ansible.
I can reuse them many times after that, and it was a good learning experience for me as I got used to Ansible.
There is a high probability that "yum" cannot be used in a CentOS 6 environment, and the hurdle to introducing Ansible tends to be high, so
I hope that this article will give those who read it some motivation to try out Ansible or provide them with some useful knowledge/information.
Thank you for reading this far!
Reference materials
ansible.builtin.yum module – Manages packages with the yum package manager
https://docs.ansible.com/ansible/9/collections/ansible/builtin/yum_module.html
4
Loading...4 
The person who wrote this article
About the author
