Conditional for Ansible remediation on RHEL7

[marcusburghardt]

Description:

The Ansible remediation for the accounts_password_set_max_life_existing rule was recently updated to use the user module with the password_expire_max parameter. However, this parameter was introduced on Ansible 2.11 while RHEL7 uses Ansible 2.9. Therefore, the former remediation approach was kept for RHEL7 via a Jinja2 conditional.

Rationale:

• Fixes Ansible remediation for the RHEL 7 STIG profile fails #9431

[github-actions]

Start a new ephemeral environment with changes proposed in this pull request:

rhel8 (from CTF) Environment (using Fedora as testing environment)

Fedora Testing Environment

Oracle Linux 8 Environment

[openshift-ci]

@marcusburghardt: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-rhcos4-high	a395254	link	true	/test e2e-aws-rhcos4-high
ci/prow/e2e-aws-rhcos4-moderate	a395254	link	true	/test e2e-aws-rhcos4-moderate

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[Mab879]

Should 60 be replaced with var_accounts_maximum_age_login_defs?

[marcusburghardt]

It should. I will fix. Thanks.

[codeclimate]

Code Climate has analyzed commit d1fc78e and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 42.3% (0.0% change).

View more on Code Climate.