container standards

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2025-12-27 07:23:07 +00:00 · 2022-01-18 10:11:44 +00:00 · 2022-01-18 10:11:44 +00:00 · 8fa067f61c
commit 8fa067f61c
parent 876ac290d5
5 changed files with 8 additions and 13 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -2,7 +2,7 @@
 # defaults file for rhel9-cis

 rhel9cis_skip_for_travis: false
-rhel9cis_system_is_container: false
+system_is_container: false
 # rhel9cis is left off the front of this var for consistency in testing pipeline
 # system_is_ec2 toggle will disable tasks that fail on Amazon EC2 instances. Set true to skip and false to run tasks
 system_is_ec2: false
--- a/local.yml
+++ b/local.yml
@ -3,10 +3,7 @@
 - hosts: localhost
  connection: local
  become: true
-  vars:
-      is_container: false

  roles:
  - role: "{{ playbook_dir }}"
-    rhel9cis_system_is_container: "{{ is_container | default(false) }}"
-    rhel9cis_skip_for_travis: false
+
--- a/site.yml
+++ b/site.yml
@ -1,11 +1,7 @@
 ---
 - hosts: all
  become: true
-  vars:
-      is_container: false

  roles:

      - role: "{{ playbook_dir }}"
-        rhel9cis_system_is_container: "{{ is_container | default(false) }}"
-        rhel9cis_skip_for_travis: false
--- a/tasks/section_2/cis_2.2.1.x.yml
+++ b/tasks/section_2/cis_2.2.1.x.yml
@ -6,7 +6,7 @@
      state: present
  when:
      - rhel9cis_rule_2_2_1_1
-      - not rhel9cis_system_is_container
+      - not system_is_container
  tags:
      - level1-server
      - level1-workstation
@ -34,7 +34,7 @@
  when:
      - rhel9cis_time_synchronization == "chrony"
      - rhel9cis_rule_2_2_1_2
-      - not rhel9cis_system_is_container
+      - not system_is_container
  tags:
      - level1-server
      - level1-workstation
--- a/tasks/section_6/cis_6.2.x.yml
+++ b/tasks/section_6/cis_6.2.x.yml
@ -177,7 +177,8 @@
            recursive: true
            etype: "{{ item.1.etype }}"
            permissions: "{{ item.1.mode }}"
-        when: not rhel9cis_system_is_container
+        when: 
+            - not system_is_container
        with_nested:
            - "{{ (ansible_check_mode | ternary(rhel_09_6_2_7_patch_audit, rhel_09_6_2_7_patch)).results |
              rejectattr('skipped', 'defined') | map(attribute='item') | map('first') | list }}"
@ -541,7 +542,8 @@
            recursive: true
            etype: "{{ item.1.etype }}"
            permissions: "{{ item.1.mode }}"
-        when: not rhel9cis_system_is_container
+        when: 
+            - not system_is_container
        with_nested:
            - "{{ (ansible_check_mode | ternary(rhel_09_6_2_20_patch_audit, rhel_09_6_2_20_patch)).results |
              rejectattr('skipped', 'defined') | map(attribute='item') | map('first') | list }}"