I run an Alma 8/9 estate and use Ansible to deploy various config changes, and I’ve run into an unusual problem on one of my client boxes. Alma 8 by standard comes with python 3.6, which works quite happily with my AWX server for pushing out playbooks, but because of an application requirement I installed python 3.8 and flipped it to be the default version used by the box using the “alternatives –config python3” command.

When I came to next deploy an Ansible playbook to the box the connection failed with the following error:

"msg": "Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!"

The server has python3-libselinux installed by default, but there doesn’t seem to be an equivalent python38-libselinux package. After a bit of research I installed the “selinux” python module via pip. This resolved the connectivity issue, but looks to cause a knock on problem in that files modified by the playbook lose their correct SELinux context and instead receive default ones:

[alex@dcbutlnprdnb01 zabbix]# ls -lZ
total 124
-rw-r--r--. 1 root root unconfined_u:object_r:user_home_t:s0   385 Dec 21 10:49 zabbix_agentd.conf

Correct SELinux contexts prior to running the playbook, for reference, are:

[alex@dcautlprdnb01 zabbix]# ls -lZ zabbix_agentd.conf
-rw-r--r--. 1 root root system_u:object_r:etc_t:s0 17135 Nov 24 14:18 zabbix_agentd.conf

Ideally the fix needs to be client end, perhaps installing an alternative python module I’ve not found so far, so that I’m not repeating code to compensate for the problem every time I write a playbook. I can set custom variables against the host in AWX, if it’s not possible to apply a fix on the client server.

Can anybody suggest the best way to resolve this issue?

Thanks!