Need to set pipefail when using shell in ansible

[brett060102]

Upstream ansible lint tests require pipefail when using shell
in ansible.

Description:

• fix ansible-lint pipefail check failures
• Added set pipefail where possible
• Added #noqa 306 in cases were grep was used

Rationale:

• no ansible link failures

[openshift-ci-robot]

Hi @brett060102. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openscap-ci]

Changes identified:
Rules:
 no_host_based_files
 no_user_host_based_files
 gui_login_dod_acknowledgement
 accounts_passwords_pam_tally2
 pam_disable_automatic_configuration
 set_password_hashing_min_rounds_logindefs
 smartcard_pam_enabled
 accounts_no_uid_except_zero
 audit_rules_privileged_commands
 dir_perms_world_writable_sticky_bits
 file_permissions_var_log_messages
 dconf_db_up_to_date
 aide_verify_acls
 aide_verify_ext_attributes
 ensure_gpgcheck_never_disabled

Show details

Rule no_host_based_files:
 Ansible remediation changed.
Rule no_user_host_based_files:
 Ansible remediation changed.
Rule gui_login_dod_acknowledgement:
 Ansible remediation changed.
Rule accounts_passwords_pam_tally2:
 Ansible remediation changed.
Rule pam_disable_automatic_configuration:
 Ansible remediation changed.
Rule set_password_hashing_min_rounds_logindefs:
 Ansible remediation changed.
Rule smartcard_pam_enabled:
 Ansible remediation changed.
Rule accounts_no_uid_except_zero:
 Ansible remediation changed.
Rule audit_rules_privileged_commands:
 Ansible remediation changed.
Rule dir_perms_world_writable_sticky_bits:
 Ansible remediation changed.
Rule file_permissions_var_log_messages:
 Ansible remediation changed.
Rule dconf_db_up_to_date:
 Ansible remediation changed.
Rule aide_verify_acls:
 Ansible remediation changed.
Rule aide_verify_ext_attributes:
 Ansible remediation changed.
Rule ensure_gpgcheck_never_disabled:
 Ansible remediation changed.

Recommended tests to execute:
 build_product rhel8
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-rhel8-ds.xml no_host_based_files
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-rhel8-ds.xml no_user_host_based_files
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-rhel8-ds.xml accounts_no_uid_except_zero
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-rhel8-ds.xml audit_rules_privileged_commands
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-rhel8-ds.xml dir_perms_world_writable_sticky_bits
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-rhel8-ds.xml dconf_db_up_to_date
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-rhel8-ds.xml aide_verify_acls
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-rhel8-ds.xml aide_verify_ext_attributes
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-rhel8-ds.xml ensure_gpgcheck_never_disabled
 build_product sle12
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-sle12-ds.xml gui_login_dod_acknowledgement
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-sle12-ds.xml accounts_passwords_pam_tally2
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-sle12-ds.xml pam_disable_automatic_configuration
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-sle12-ds.xml set_password_hashing_min_rounds_logindefs
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-sle12-ds.xml smartcard_pam_enabled
 tests/test_suite.py rule --libvirt qemu:///system test-suite-vm --remediate-using ansible --datastream build/ssg-sle12-ds.xml file_permissions_var_log_messages

[ggbecker]

There is still one more issue here: https://github.com/ComplianceAsCode/content/blob/master/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/gui_login_dod_acknowledgement/ansible/shared.yml#L33

[E601] Don't compare to literal True/False

[vojtapolasek]

Thank you for the fix, now all test pass. Merging.