Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

os-hardening: yum gpg-check fails if gpg-check already set #556

Closed
ghost opened this issue Aug 3, 2022 · 3 comments
Closed

os-hardening: yum gpg-check fails if gpg-check already set #556

ghost opened this issue Aug 3, 2022 · 3 comments

Comments

@ghost
Copy link

ghost commented Aug 3, 2022

Describe the bug
I get a failure when trying to set gpg-check to yum.conf

Expected behavior
Task exits cleanly

Actual behavior

    amazon-ebs.greenlight: TASK [dev-sec.os-hardening : activate gpg-check for config files] **************
    amazon-ebs.greenlight: failed: [default] (item=/etc/yum.conf) => {"ansible_loop_var": "item", "changed": false, "failed_when_result": true, "item": "/etc/yum.conf", "msg": "", "rc": 0}
    amazon-ebs.greenlight: ok: [default] => (item=/etc/dnf/dnf.conf)
    amazon-ebs.greenlight: ok: [default] => (item=/etc/yum/pluginconf.d/rhnplugin.conf)

Example Playbook


OS / Environment

Amazon Linux 2. Current image (08/03/2022)

Ansible Version

  config file = None
  configured module search path = ['/Users/frank.branham/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/Cellar/ansible/6.1.0/libexec/lib/python3.10/site-packages/ansible
  ansible collection location = /Users/frank.branham/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.10.5 (main, Jun 23 2022, 17:15:25) [Clang 13.1.6 (clang-1316.0.21.2.5)]
  jinja version = 3.1.2
  libyaml = True

Role Version

Additional context
Add any other context about the problem here.

@schurzi
Copy link
Contributor

schurzi commented Aug 8, 2022

Hi @frankbranham, thank you for the bug report.

Wich version of our collection are you using?

@ghost
Copy link
Author

ghost commented Aug 10, 2022

We are unpinned for our builds, so taking the latest. (7.15.1). I've tried 7.15.0 as well.

I've tried since messing with gpg-check with packer and debug, and I cannot at all figure out why that task keeps failing for yum.conf.

@schurzi
Copy link
Contributor

schurzi commented Aug 10, 2022

This is very puzzling. We hat a matching bug, that was resolved in 7.15.0 (#549).
Can you run Ansible in debug mode and double check that you are not using an old version by accident?

@ghost ghost closed this as completed Aug 11, 2022
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant