Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dynamically set rhel9stig_gui variable #24

Closed
wants to merge 14 commits into from
Closed

Dynamically set rhel9stig_gui variable #24

wants to merge 14 commits into from

Conversation

PrymalInstynct
Copy link
Contributor

Overall Review of Changes:
I believe this role would be improved by dynamically determining if the target system to be locked down has Gnome Desktop installed or not. This makes management of the inventory easier and based on my analysis there is not a justification to set this variable statically.

This could be accomplished in a number of ways, I chose to stat the gnome-version.xml file that is installed when the Gnome Desktop packages are installed.

Issue Fixes:
N/A

Enhancements:
Quality of life improvement

How has this been tested?:
Built a fresh Rocky 9 VM with Gnome Desktop installed and executed the entire role.

@PrymalInstynct
Copy link
Contributor Author

PrymalInstynct commented Aug 26, 2024
edited
Loading

I am struggling to figure out why this PR is failing when run against a target without a GUI. For some reason RHEL-09-271010 and RHEL-09-271090 are returning a changed state instead of a skipping which causes the Update_dconf handler to run that the fails because the dconf command does not exist.

From what I can tell the when clauses of those 2 tasks are exactly the same as the when clauses on all of the other tasks in RHEL-09-27xxxx.yml.

@uk-bolly
Copy link
Member

hi @PrymalInstynct

That is indeed, strange, i feel debug investigation taking place. I will look at this and get back to you.

kindest

uk-bolly

@uk-bolly
Copy link
Member

RHEL-09-271010

hi @PrymalInstynct

Taking a quick look through this today. The defaults/main.yml is not getting a value you expect for your stat to set the value to true.

Current settings gives the following debug

  • When file not present
    "msg": "Value of rhel9stig_gui is False"

  • When file is present
    "msg": "Value of rhel9stig_gui is {'changed': False, 'stat': {'exists': True, [..redacted..] 'failed': False}" }

I have suggest change your PR slightly.

rhel9stig_gui: "{{ rhel_09_gnome_present.stat.exists | default(false) }}"

Seems to be what you are looking for and also skips the two controls in question.

You would also need to GPG sign all your commits in order to pass as well.

Hope that makes sense.

kindest

uk-bolly

PrymalInstynct and others added 11 commits September 16, 2024 11:19
@PrymalInstynct
Updated based on PR recommendation
f2bf4c2 
Signed-off-by: PrymalInstynct <[email protected]>
@PrymalInstynct
Merge branch 'ansible-lockdown:devel' into has_gui
99f99aa
@pre-commit-ci @PrymalInstynct
[pre-commit.ci] pre-commit autoupdate
e6c0d6c 
updates:
- [github.com/ansible-community/ansible-lint: v24.6.1 → v24.7.0](ansible/ansible-lint@v24.6.1...v24.7.0)
@PrymalInstynct
Dynamically set rhel9stig_gui variable
ed431be 
Signed-off-by: PrymalInstynct <[email protected]>
@PrymalInstynct
Fixed Linting issue
5999993 
Signed-off-by: PrymalInstynct <[email protected]>
@PrymalInstynct
Set default value of variable to false.
8e78f7d 
Signed-off-by: PrymalInstynct <[email protected]>
@PrymalInstynct
Updated based on PR recommendation
c1d514e 
Signed-off-by: PrymalInstynct <[email protected]>
@uk-bolly @PrymalInstynct
reverted back ansible version
15ad582 
Signed-off-by: Mark Bolwell <[email protected]>
@uk-bolly @PrymalInstynct
removed handler conditional
be64b02 
Signed-off-by: Mark Bolwell <[email protected]>
@jhomen368 @PrymalInstynct
fix(rhel_09_252035): fix templating and resolv.conf template syntax
713e007 
Signed-off-by: jhomen368 <[email protected]>
@PrymalInstynct
Merge branch 'has_gui' of github.com:PrymalInstynct/RHEL9-STIG-MPG in…
3e0c93a 
…to has_gui
@PrymalInstynct
Copy link
Contributor Author

Fubar'd the rebase to GPG sign the commits in the PR so I am closing this one and creating a new one.

@PrymalInstynct PrymalInstynct deleted the has_gui branch September 16, 2024 21:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@PrymalInstynct @uk-bolly @jhomen368