Remove chrony package if containerized chrony is enabled

This patch is removing chrony package from docker host when containerized chrony is enabled. It is also fixing issue with chrony container running under Ubuntu docker host as noted below. + exec /usr/sbin/chronyd -d -f /etc/chrony/chrony.conf 2020-06-08T08:19:09Z chronyd version 3.4 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +SECHASH +IPV6 -DEBUG) 2020-06-08T08:19:09Z Fatal error : Could not open configuration file /etc/chrony/chrony.conf : Permission denied Added also removal apparmor profile for ubuntu when containerized chrony is enabled, as chrony's package is not removing apparmor profile, and therefore containerized chrony is not working. Change-Id: Icf3bbae38b9f5630b69d5c8cf6a8bee11786a836 Closes-Bug: #1882513

Remove chrony package if containerized chrony is enabled
3d747b72 · Michal Arbet · 03b6aaf3 · 3d747b72 · 3d747b72 · 3d747b72
Commit 3d747b72 authored 4 years ago by Michal Arbet
--- a/ansible/roles/baremetal/defaults/main.yml
+++ b/ansible/roles/baremetal/defaults/main.yml
@@ -60,11 +60,13 @@ ubuntu_pkg_removals:
 - lxc
 - libvirt-bin
 - open-iscsi
+ - "{% if enable_chrony | bool %}chrony{% endif %}"

 redhat_pkg_removals:
 - libvirt
 - libvirt-daemon
 - iscsi-initiator-utils
+ - "{% if enable_chrony | bool %}chrony{% endif %}"

 # Path to a virtualenv in which to install python packages. If None, a
 # virtualenv will not be used.

--- a/ansible/roles/baremetal/tasks/post-install.yml
+++ b/ansible/roles/baremetal/tasks/post-install.yml
@@ -146,6 +146,22 @@
    - ansible_distribution == "Ubuntu"
    - apparmor_libvirtd_profile.stat.exists

+- name: Get stat of chronyd apparmor profile
+  stat:
+    path: /etc/apparmor.d/usr.sbin.chronyd
+  register: apparmor_chronyd_profile
+  when:
+    - ansible_os_family == "Debian"
+    - enable_chrony | bool
+
+- name: Remove apparmor profile for chrony
+  command: apparmor_parser -R /etc/apparmor.d/usr.sbin.chronyd
+  become: True
+  when:
+    - ansible_os_family == "Debian"
+    - enable_chrony | bool
+    - apparmor_chronyd_profile.stat.exists
+
 - name: Create docker group
  group:
    name: docker

--- a/releasenotes/notes/bug-1882513-chrony-permission-denied-917b3bffc5cdb38d.yaml
+++ b/releasenotes/notes/bug-1882513-chrony-permission-denied-917b3bffc5cdb38d.yaml
+---
+fixes:
+  - |
+    Removing chrony package and AppArmor profile from docker host if
+    containerized chrony is enabled.
+    `LP#1882513 <https://bugs.launchpad.net/kolla-ansible/+bug/1882513>`__