-
Notifications
You must be signed in to change notification settings - Fork 694
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix in service_autofs_disabled - ansible #10521
Fix in service_autofs_disabled - ansible #10521
Conversation
Hi @rumch-se. Thanks for your PR. I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Code Climate has analyzed commit b67213d and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 52.4% (0.0% change). View more on Code Climate. |
/ok-to-test |
@@ -19,7 +19,7 @@ | |||
meta: noop | |||
|
|||
- name: "Unit Socket Exists - {{{ DAEMONNAME }}}.socket" | |||
command: systemctl list-unit-files {{{ DAEMONNAME }}}.socket | |||
command: systemctl -q list-unit-files {{{ DAEMONNAME }}}.socket | grep "{{{ DAEMONNAME }}}.socket" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is not necessary to use grep
here. The systemctl
command will only show the line if it exists. The return code will be 0
if the socket unit is present or 1
otherwise.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hello @marcusburghardt ,
On ubuntu and suse I have
When we don't have a socket:
u001@rchost:~$ systemctl list-unit-files time-sync.socket
UNIT FILE STATE VENDOR PRESET
0 unit files listed.
When we have a socket
u001@rchost:~$ systemctl list-unit-files libvirtd.socket
UNIT FILE STATE VENDOR PRESET
libvirtd.socket enabled enabled
1 unit files listed.
Whit grep in the first case we have
u001@rchost:$ systemctl -q list-unit-files time-sync.socket | grep time-sync.socket$
u001@rchost:
Whit grep in the second case case we have
u001@rchost:~$ systemctl -q list-unit-files libvirtd.socket | grep libvirtd.socket
libvirtd.socket enabled enabled
The rule as exists on SUSE does not work.
Have a nice day
Rumen
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see, but grep is still not necessary. See this example:
$ systemctl -q list-unit-files sshd.socket ; echo $?
sshd.socket disabled disabled
0
$ systemctl -q list-unit-files absent.socket ; echo $?
1
You can simplify the command and the conditional which uses its return code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hello @marcusburghardt
It does not work as expected. I have attached a screen shot taken from my console - Ubuntu 20.04. I think that the command systemctl was changed and after its change we have an additional message "UNIT FILE STATE VENDOR PRESET". Please try on another OS.
Have a nice day
Rumen
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, this change in the systemctl return codes for Ubuntu is new for me.
Even that, since you are using the search
for the conditional below, it is still not necessary to use grep
here because the output of systemctl
command will also include the unit name if it is present.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hello @marcusburghardt
This way of working is not only for Ubuntu, but for SUSE as well (Note: SLE 15 SP 2 - works as before, but SLE 15 SP4 works in the new way). Only via grep I was able to get an empty string when socket does not exist or the name of the socket with its status when the socket exists. You can see that the usage of echo does not remove this "parasite row" - "UNIT FILE...." i.e I did not have a "plain vanilla" return code. May you check how this works on RedHat - different versions - old ones and a new one?
I can add if / else condition which check the product and to use the proposed syntax with grep for Ubuntu and SUSE.
Have a nice day
Rumen
@@ -19,7 +19,7 @@ | |||
meta: noop | |||
|
|||
- name: "Unit Socket Exists - {{{ DAEMONNAME }}}.socket" | |||
command: systemctl list-unit-files {{{ DAEMONNAME }}}.socket | |||
command: systemctl -q list-unit-files {{{ DAEMONNAME }}}.socket | grep "{{{ DAEMONNAME }}}.socket" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
command: systemctl -q list-unit-files {{{ DAEMONNAME }}}.socket | grep "{{{ DAEMONNAME }}}.socket" | |
command: systemctl -q list-unit-files {{{ DAEMONNAME }}}.socket" |
This will save the output to the register
@@ -31,7 +31,7 @@ | |||
enabled: "no" | |||
state: "stopped" | |||
masked: "yes" | |||
when: '"{{{ DAEMONNAME }}}.socket" in socket_file_exists.stdout_lines[1]' | |||
when: 'socket_file_exists.stdout_lines is search("{{{ DAEMONNAME }}}.socket")' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
when: 'socket_file_exists.stdout_lines is search("{{{ DAEMONNAME }}}.socket")' | |
when: 'socket_file_exists.stdout_lines is search("{{{ DAEMONNAME }}}.socket", multiline=True)' |
Here you are already using the search
filter for searching for {{{ DAEMONNAME }}}.socket
in the output of the previous command. It is good. You only need to make sure the search is considering multi-lines output.
Hello @marcusburghardt |
Description:
Rationale:
I.
The rule uses template service_disabled. There are 2 issues with the current version of this template. 1/The command systemctl in the code block Unit Socket Exists - (i.e. systemctl list-unit-files {{{ DAEMONNAME }}}.socket ) returns more than 1 row - example: UNIT FILE STATE VENDOR PRESET followed by the result. 2/ The code block Disable socket {{{ SERVICENAME }}} raises error when the socket_file_exists.stdout_lines is empty
II.
The template is used by other rules