Fix Apparmor libvirt profile removal

The apparmor_parser actually doesn't remove the file or doesn't create
the symlink in '/etc/apparmor.d/disable' itself so the next run of the
baremetal role will fail with the error "Unable to remove "libvirtd".
Even more after reboot, the profile is still active. We need to
disable the profile completly ourselves. This change fixes the
idempotents of the baremetal role.

Closes-Bug: #1960302
Change-Id: I162e417387393e806886b1c9ea8053b89778b4d1
Signed-off-by: Maksim Malchuk <[email protected]>
(cherry picked from commit 75f55d1)

Author: mmalchuk

ansible/roles/baremetal/tasks/post-install.yml

@@ -201,7 +201,11 @@
   when: ansible_facts.distribution == "Ubuntu"
 
 - name: Remove apparmor profile for libvirt
-  command: apparmor_parser -R /etc/apparmor.d/usr.sbin.libvirtd
+  shell: |
+    apparmor_parser -v -R /etc/apparmor.d/usr.sbin.libvirtd && \
+    ln -vsf /etc/apparmor.d/usr.sbin.libvirtd /etc/apparmor.d/disable
+  args:
+    executable: /bin/bash
   become: True
   when:
     - ansible_facts.distribution == "Ubuntu"

releasenotes/notes/fix-apparmor-libvirt-profile-removal-01db6ca6dd66879f.yaml

@@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    Fixes the baremetal role to avoid an error "Unable to remove "libvirtd".
+    Now the symlink /etc/apparmor.d/disable/usr.sbin.libvirtd is created by
+    the role.
+    `LP#1960302 <https://bugs.launchpad.net/kolla-ansible/+bug/1960302>`__