Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Centos 7.1 fails at [Change various sysctl-settings on rhel-hosts...] #74

Closed
ghost opened this issue Feb 27, 2016 · 1 comment · Fixed by #91
Closed

Centos 7.1 fails at [Change various sysctl-settings on rhel-hosts...] #74

ghost opened this issue Feb 27, 2016 · 1 comment · Fixed by #91
Labels

Comments

@ghost
Copy link

ghost commented Feb 27, 2016

TASK [ansible-os-hardening : Change various sysctl-settings on rhel-hosts, look at the sysctl-vars file for documentation] ***
task path: /home/felis/ansible/roles/ansible-os-hardening/tasks/sysctl.yml:28
[DEPRECATION WARNING]: Using bare variables is deprecated. Update your playbooks so that the environment value uses the full variable syntax ('{{sysctl_rhel_config}}'). This feature will be 
removed in a future release. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
failed: [localhost] => (item={'value': 1, 'key': u'kernel.exec-shield'}) => {"failed": true, "item": {"key": "kernel.exec-shield", "value": 1}, "msg": "setting kernel.exec-shield failed: sysctl: cannot stat /proc/sys/kernel/exec-shield: No such file or directory\n"}

Some searching suggests that RHEL 7 has disallowed modification to exec-shield and is enabled by default.

@conorsch
Copy link
Contributor

The solution here is proper use of the ignoreerrors parameter on the sysctl tasks. Looks like the sysctl_set parameter, which validates key/value pairs prior to writing, overrides the ignoreerrors parameter. We can conservatively fix the ignoreerrors handling only on the RHEL-specific sysctl options.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants