Changed selinux_packages for CentOS 8

[tvartom]

The selinux_package libsemanage-python is replaced by python3-libsemanage in CentOS 8.
I had to tweak the including of OS specific variables to handle different versions. Possibly, it is the same for RHEL 8, but I have no chance to test it, and it is a bit strange to make an include which mixes ansible_os_family with the version of the distribution.

[tvartom]

A simpler solution would be to just edit vars/os_RedHat.yml
With:
samba_selinux_packages:
- "{{ 'python3-libsemanage' if ansible_distribution_major_version|int >= 8 else 'libsemanage-python' }}"
if someone can confirm that RHEL 8 also need the same change.
(Above code is not tested)

[ericzolf]

I've suggested a very similar approach in the issue #54 but also only tested on CentOS 8, though I don't see why there should be a difference with RHEL 8.

[ericzolf]

And I realise that it is just a different approach to previous PR #46

[yodatak]

Needed for Fedora 32 server too

[aairey]

I think it would be better to detect the python version on the target and use that to determine which python package should be installed.

For example:

- name: Install SELinux python package
  package:
    name: "{{ samba_python2_selinux_packages }}"
    state: present
  when: ansible_selinux is defined and ansible_selinux.status == 'enabled' and ansible_python.version.major < 3
  tags: samba

- name: Install SELinux python3 package
  package:
    name: "{{ samba_selinux_packages }}"
    state: present
  when: ansible_selinux is defined and ansible_selinux.status == 'enabled' and ansible_python.version.major == 3
  tags: samba

where

samba_selinux_packages:
  - python3-libsemanage

samba_python2_selinux_packages:
  - libsemanage-python

@bertvv do you need some help in maintaining this role?
It seems a lot of PRs are open with valid fixes but nothing is getting merged ...

[ericzolf]

@aairey basing the decision on the python version could be a good idea, but I don't think it works under ArchLinux and your code could be made simpler:

- name: Install SELinux python3 package
  package:
    name: "{{ samba_selinux_packages[ansible_python.version.major] }}"
    state: present
  when: ansible_selinux is defined and ansible_selinux.status == 'enabled'
  tags: samba

where the variable is a dictionary of lists:

# RedHat
samba_selinux_packages:
  2:
  - libsemanage-python
  3:
  - python3-libsemanage
#ArchLinux
samba_selinux_packages
  2: [ ]
  3: [ ]

Once Python 4 is out, you only add a new key to the dictionary.

[aairey]

... but I don't think it works under ArchLinux ...

Did you run gather_facts for the target node before reaching this point?
Because that is required to get the ansible facts populated.

[ericzolf]

Nothing to do with facts, I didn't try as I don't have ArchLinux, but I couldn't find an ArchLinux package containing the name libsemanage even though it uses Python 3. And, generally, I'm trying to avoid successive when statements as it means useless "skip" messages and doesn't scale well with the number of cases.

[aairey]

@ericzolf it wasn't clear why "it did not work" on ArchLinux from your message.
I suspected it was complaining about the ansible_python variable not being set as this role does not issue a gather_facts.

Anyways, I think you need selinux-python from the AUR on ArchLinux (and selinux-python2 for Python2).
https://wiki.archlinux.org/index.php/SELinux