Fix Apparmor libvirt profile removal

The apparmor_parser actually doesn't remove the file or doesn't create the symlink in '/etc/apparmor.d/disable' itself so the next run of the baremetal role will fail with the error "Unable to remove "libvirtd". Even more after reboot, the profile is still active. We need to disable the profile completly ourselves. This change fixes the idempotents of the baremetal role. Closes-Bug: #1960302 Change-Id: I162e417387393e806886b1c9ea8053b89778b4d1 Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>

Fix Apparmor libvirt profile removal
75f55d13 · Maksim Malchuk · 9449bcfb · 75f55d13 · 75f55d13
Commit 75f55d13 authored 3 years ago by Maksim Malchuk
--- a/ansible/roles/baremetal/tasks/post-install.yml
+++ b/ansible/roles/baremetal/tasks/post-install.yml
@@ -201,7 +201,11 @@
  when: ansible_facts.distribution == "Ubuntu"

 - name: Remove apparmor profile for libvirt
-  command: apparmor_parser -R /etc/apparmor.d/usr.sbin.libvirtd
+  shell: |
+    apparmor_parser -v -R /etc/apparmor.d/usr.sbin.libvirtd && \
+    ln -vsf /etc/apparmor.d/usr.sbin.libvirtd /etc/apparmor.d/disable
+  args:
+    executable: /bin/bash
  become: True
  when:
    - ansible_facts.distribution == "Ubuntu"

--- a/releasenotes/notes/fix-apparmor-libvirt-profile-removal-01db6ca6dd66879f.yaml
+++ b/releasenotes/notes/fix-apparmor-libvirt-profile-removal-01db6ca6dd66879f.yaml
+---
+fixes:
+  - |
+    Fixes the baremetal role to avoid an error "Unable to remove "libvirtd".
+    Now the symlink /etc/apparmor.d/disable/usr.sbin.libvirtd is created by
+    the role.
+    `LP#1960302 <https://bugs.launchpad.net/kolla-ansible/+bug/1960302>`__