Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Minor ansible changes that fix failing rules after remediations #6034

Merged
merged 1 commit into from Sep 2, 2020
Merged

Minor ansible changes that fix failing rules after remediations #6034

merged 1 commit into from Sep 2, 2020

Conversation

carlosmmatos
Copy link
Contributor

Description:

Fix issues found in #5937

Rationale:

Smartcard changes needed to be re-evaluated. Even though it's not best practice to use the command module, in this instance it makes better sense, because we want to ensure the 2 configurations end up in the proper section. This is something that the opensc-tool does for us, and probably why we use it as our bash remediation. I couldn't find a good regex'y way of ensuring we put these configs in the app default section. So in this case, I say let the tool do its job.

The SSSD and network changes were minor fixes.

@mildas
Copy link
Contributor

mildas commented Sep 1, 2020

Changes identified:
Rule sssd_enable_smartcards:
 Ansible remediation changed.
Rule configure_opensc_card_drivers:
 Ansible remediation changed.
Rule force_opensc_card_drivers:
 Ansible remediation changed.
Rule network_nmcli_permissions:
 Ansible remediation changed.

Recommended tests to execute:
 build_product rhcos4
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-rhcos4-ds.xml network_nmcli_permissions
 build_product ol8
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-ol8-ds.xml sssd_enable_smartcards
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-ol8-ds.xml configure_opensc_card_drivers
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-ol8-ds.xml force_opensc_card_drivers

@openshift-ci-robot
Copy link
Collaborator

@carlosmmatos: The following tests failed, say /retest to rerun all failed tests:

Test name Commit Details Rerun command
ci/prow/e2e-aws-rhcos4-moderate f8c14bb link /test e2e-aws-rhcos4-moderate
ci/prow/e2e-aws-rhcos4-e8 f8c14bb link /test e2e-aws-rhcos4-e8

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

jan-cerny
jan-cerny approved these changes Sep 2, 2020
View reviewed changes
linux_os/guide/services/sssd/sssd_enable_smartcards/ansible/shared.yml
@@ -30,6 +30,6 @@
dest: /etc/sssd/sssd.conf
section: pam
option: pam_cert_auth
value: true
value: 'true'
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!

@jan-cerny jan-cerny added this to the 0.1.53 milestone Sep 2, 2020
@jan-cerny jan-cerny self-assigned this Sep 2, 2020
@jan-cerny jan-cerny merged commit 6488293 into ComplianceAsCode:master Sep 2, 2020
@yuumasato yuumasato added the bugfix Fixes to reported bugs. label Sep 6, 2020
vojtapolasek pushed a commit that referenced this pull request Sep 11, 2020
@jan-cerny @vojtapolasek
Merge pull request #6034 from carlosmmatos/fix_5937
fc56231 
Minor ansible changes that fix failing rules after remediations

(cherry picked from commit 6488293)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jan-cerny jan-cerny jan-cerny approved these changes

@redhatrises redhatrises Awaiting requested review from redhatrises

Assignees

@jan-cerny jan-cerny

Labels
bugfix Fixes to reported bugs.
Projects
None yet
Milestone
0.1.53
Development

Successfully merging this pull request may close these issues.

Some rules are failing after applying Ansible remediation
5 participants
@carlosmmatos @mildas @openshift-ci-robot @jan-cerny @yuumasato