Dependency problem in linux/system/selinux.sls

[wasfree]

Hi,

right now this formula will install general required packages that defined in map.jinja system.pkgs linux/system/repo.sls. So if any other system module requires this packages we need to include system.repo and add require_in. But this will cause that we enabled more modules than we expect. In my case i see always refresh_db even if system.repo is not defined in pillars. There are 2 potential solutions for this issue.

1. add another if clause after linux_repo_prereq_pkgs to linux/system/repo.sls like {%- if system.repo|length > 0 %}, so include will only see linux_repo_prereq_pkgs.

2. change pillar structure for selinux in system like this (Unfortunately this is not backward compatible if value was changed) :

current:

'RedHat': {
'selinux': 'permissive'
},

new:

'RedHat': {
'selinux':
  pkgs: ['policycoreutils', 'policycoreutils-python'],
  mode: 'permissive',
},

I would prefer solution 2. this will only effect RedHat os family, because linux/system/selinux.sls is only written for this group at the moment.

include:
- linux.system.repo

{%- if grains.os_family == 'RedHat' %}
  {%- set mode = system.selinux %}

{{ mode }}:
  selinux.mode:
    - require:
      - pkg: linux_repo_prereq_pkgs

{%- endif %}

I will add an merge request to fix this dependency issue