Dependency problem in linux/system/selinux.sls #182
Description
Hi,
right now this formula will install general required packages that defined in map.jinja system.pkgs linux/system/repo.sls. So if any other system module requires this packages we need to include system.repo and add require_in. But this will cause that we enabled more modules than we expect. In my case i see always refresh_db even if system.repo is not defined in pillars. There are 2 potential solutions for this issue.
-
add another if clause after linux_repo_prereq_pkgs to linux/system/repo.sls like {%- if system.repo|length > 0 %}, so include will only see linux_repo_prereq_pkgs.
-
change pillar structure for selinux in system like this (Unfortunately this is not backward compatible if value was changed) :
current:
'RedHat': {
'selinux': 'permissive'
},
new:
'RedHat': {
'selinux':
pkgs: ['policycoreutils', 'policycoreutils-python'],
mode: 'permissive',
},
I would prefer solution 2. this will only effect RedHat os family, because linux/system/selinux.sls is only written for this group at the moment.
include:
- linux.system.repo
{%- if grains.os_family == 'RedHat' %}
{%- set mode = system.selinux %}
{{ mode }}:
selinux.mode:
- require:
- pkg: linux_repo_prereq_pkgs
{%- endif %}
I will add an merge request to fix this dependency issue