Skip to content

Only run dconf when there is an actual change in previous tasks for dconf gnome ansible remediations #13933

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 30, 2025
Merged

Only run dconf when there is an actual change in previous tasks for dconf gnome ansible remediations #13933

merged 1 commit into from
Sep 30, 2025

Conversation

ggbecker
Copy link
Member

Description:

  • Only run dconf when there is an actual change in previous tasks for dconf gnome ansible remediations

@ggbecker ggbecker added this to the 0.1.79 milestone Sep 25, 2025
@ggbecker ggbecker added the Ansible Ansible remediation update. label Sep 25, 2025
@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Used by openshift-ci bot. label Sep 25, 2025
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Sep 25, 2025

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@jan-cerny jan-cerny self-assigned this Sep 26, 2025
jan-cerny
jan-cerny reviewed Sep 26, 2025
View reviewed changes
...tem/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml Outdated

- name: Dconf Update
ansible.builtin.command: dconf update
when: result_ini.changed or result_lineinfile.changed
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that a more idiomatic way is to use something is changed instead of something.changed. Ansible uses the is form across the documentation, eg. https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_conditionals.html#conditions-based-on-registered-variables

...tem/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml Outdated
line: '/org/gnome/login-screen/banner-message-enable'
create: yes
register: result_lineinfile
changed_when: result_lineinfile.changed
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My opinion is that the changed_when line is superfluous in this task and can be harmlessly removed.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have confirmed that it can be removed.

...tem/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml
value: "true"
create: yes
no_extra_spaces: yes
register: result_ini
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have tried to run a per-rule playbook for this rule against a RHEL 9 VM and I confirm that it's idempotent successfully.

@jan-cerny
Copy link
Collaborator

@ggbecker you might have old head, try to rebase the PR on the top of the latest masster barch

@ggbecker
Copy link
Member Author

/packit retest-failed

@ggbecker ggbecker force-pushed the ansible-idempotency branch 2 times, most recently from a684723 to 273d0de Compare September 29, 2025 13:31
@ggbecker ggbecker marked this pull request as ready for review September 29, 2025 13:31
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Used by openshift-ci bot. label Sep 29, 2025
@ggbecker
Copy link
Member Author

@jan-cerny I have rebased and applied your suggestions.

@jan-cerny
Copy link
Collaborator

jan-cerny commented Sep 30, 2025
edited
Loading

@ggbecker please rebase on the latest upstream master branch, the error should now be fixed in master

jan-cerny
jan-cerny approved these changes Sep 30, 2025
View reviewed changes
Copy link
Collaborator

@jan-cerny jan-cerny left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have run a per-rule playbook for rule dconf_gnome_banner-enabled against a RHEL 9 VM and I confirm that it's idempotent successfully. Then, I run automatus TSs locally and they passed.

@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Sep 30, 2025

@ggbecker: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aws-openshift-platform-compliance 23b8179 link true /test e2e-aws-openshift-platform-compliance
ci/prow/e2e-aws-openshift-node-compliance 23b8179 link true /test e2e-aws-openshift-node-compliance

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@jan-cerny
Copy link
Collaborator

/retest

@jan-cerny jan-cerny merged commit ff266de into ComplianceAsCode:master Sep 30, 2025
130 of 138 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jan-cerny jan-cerny jan-cerny approved these changes

Assignees

@jan-cerny jan-cerny

Labels
Ansible Ansible remediation update.
Projects
None yet
Milestone
0.1.79
Development

Successfully merging this pull request may close these issues.
2 participants
@ggbecker @jan-cerny