SLES15 use dropin configuration for issue banner #10605
Conversation
teacup-on-rockingchair
added
Ansible
|
Start a new ephemeral environment with changes proposed in this pull request: rhel8 (from CTF) Environment (using Fedora as testing environment) Fedora Testing Environment Oracle Linux 8 Environment |
openshift-ci
bot
added
the
do-not-merge/work-in-progress
|
This datastream diff is auto generated by the check Click here to see the full diffbash remediation for rule 'xccdf_org.ssgproject.content_rule_banner_etc_issue' differs.
--- xccdf_org.ssgproject.content_rule_banner_etc_issue
+++ xccdf_org.ssgproject.content_rule_banner_etc_issue
@@ -17,7 +17,6 @@
# 4 - Remove any leftover backslash. (From any parethesis in the banner, for example).
login_banner_text=$(echo "$login_banner_text" | sed 's/\\//g')
formatted=$(echo "$login_banner_text" | fold -sw 80)
-
cat <<EOF >/etc/issue
$formatted
EOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_banner_etc_issue' differs.
--- xccdf_org.ssgproject.content_rule_banner_etc_issue
+++ xccdf_org.ssgproject.content_rule_banner_etc_issue
@@ -4,7 +4,7 @@
tags:
- always
-- name: Modify the System Login Banner - ensure correct banner
+- name: Modify the System Login Banner - Ensure Correct Banner
copy:
dest: /etc/issue
content: '{{ login_banner_text | regex_replace("^\^(.*)\$$", "\1") | regex_replace("^\((.*\.)\|.*\)$", |
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
| @@ -5,7 +5,26 @@ | |||
| # disruption = medium | |||
| {{{ ansible_instantiate_variables("login_banner_text") }}} | |||
|
|
|||
| - name: "{{{ rule_title }}} - ensure correct banner" | |||
| {{% if product not in ['sle15'] %}} | |||
There was a problem hiding this comment.
You can remove some empty lines left by Jinja2 in the resulting file:
https://jinja.palletsprojects.com/en/3.0.x/templates/#whitespace-control
Also valid for other files in this PR.
There was a problem hiding this comment.
@teacup-on-rockingchair , do you have plans to work on this? This is actually only an aesthetic issue to avoid some extra empty lines in the resulting file.
There was a problem hiding this comment.
Sorry for some reason missed the message long time ago and the PR was displayed in the list as review required, so I thought you don't have time for it :)
Anyways modified those macros fromm {{% %}} to {{%- -%}}, but am a bit confused since I can see extra new lines , after build, on my local setup only in the bash files. Could it be because I am using ninja build or something else. I could not find anything in my environment that should cause the ssg build procedure to consider trimming default behaviour.
Indeed it turned out I stripped too much lines broke the shell remediation and also templates in the file_owner/groupowner rules, so 900f57a should fix that |
For sle15 platform make sure to use drop-in configuration for remediation of /etc/issue banner /etc/issue file is symlink in SLES15 and is managed by the issue-generator service, so additional logic added, to make sure issue-generator service is installed and running.
teacup-on-rockingchair
force-pushed
the
sle_etc_issue_dropin_remedy
branch
from
900f57a
to
d52e573
Compare
|
Code Climate has analyzed commit 7b82d62 and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 52.8% (0.0% change). View more on Code Climate. |
|
/packit test |
marcusburghardt
merged commit 2cf241a
into
ComplianceAsCode:master
Description:
Rationale: