ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-27 15:33:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Added updates from #115

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2024-02-20 10:39:54 +00:00
parent f6e26ffb98
commit 911f22491e
No known key found for this signature in database
GPG key ID: 1DE02A772D0908F9
5 changed files with 6 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.github/workflows/devel_pipeline_validation.yml vendored
View file

@ -125,6 +125,7 @@
env: env:
ANSIBLE_HOST_KEY_CHECKING: "false" ANSIBLE_HOST_KEY_CHECKING: "false"
ANSIBLE_DEPRECATION_WARNINGS: "false" ANSIBLE_DEPRECATION_WARNINGS: "false"
ANSIBLE_INJECT_FACT_VARS: "false"
# Remove test system - User secrets to keep if necessary # Remove test system - User secrets to keep if necessary

1
.github/workflows/main_pipeline_validation.yml vendored
View file

@ -114,6 +114,7 @@
env: env:
ANSIBLE_HOST_KEY_CHECKING: "false" ANSIBLE_HOST_KEY_CHECKING: "false"
ANSIBLE_DEPRECATION_WARNINGS: "false" ANSIBLE_DEPRECATION_WARNINGS: "false"
ANSIBLE_INJECT_FACT_VARS: "false"
# Remove test system - User secrets to keep if necessary # Remove test system - User secrets to keep if necessary

4
tasks/main.yml
View file

@ -3,7 +3,7 @@
- name: Check OS version and family - name: Check OS version and family
ansible.builtin.assert: ansible.builtin.assert:
that: (ansible_facts.distribution != 'CentOS' and ansible_os_family == 'RedHat' or ansible_os_family == "Rocky") and ansible_facts.distribution_major_version is version_compare('9', '==') that: (ansible_facts.distribution != 'CentOS' and ansible_facts.os_family == 'RedHat' or ansible_facts.os_family == "Rocky") and ansible_facts.distribution_major_version is version_compare('9', '==')
fail_msg: "This role can only be run against Supported OSs. {{ ansible_facts.distribution }} {{ ansible_facts.distribution_major_version }} is not supported." fail_msg: "This role can only be run against Supported OSs. {{ ansible_facts.distribution }} {{ ansible_facts.distribution_major_version }} is not supported."
success_msg: "This role is running against a supported OS {{ ansible_facts.distribution }} {{ ansible_facts.distribution_major_version }}" success_msg: "This role is running against a supported OS {{ ansible_facts.distribution }} {{ ansible_facts.distribution_major_version }}"
when: when:
@ -83,7 +83,7 @@
- system_is_container - system_is_container
when: when:
- ansible_connection == 'docker' or - ansible_connection == 'docker' or
ansible_virtualization_type in ["docker", "lxc", "openvz", "podman", "container"] ansible_facts.ansible_virtualization_type in ["docker", "lxc", "openvz", "podman", "container"]
tags: tags:
- container_discovery - container_discovery
- always - always

2
tasks/prelim.yml
View file

@ -97,7 +97,7 @@
- name: "PRELIM | Section 1.1 | Create list of mount points" - name: "PRELIM | Section 1.1 | Create list of mount points"
ansible.builtin.set_fact: ansible.builtin.set_fact:
mount_names: "{{ ansible_mounts | map(attribute='mount') | list }}" mount_names: "{{ ansible_facts.mounts | map(attribute='mount') | list }}"
tags: tags:
- level1-server - level1-server
- level1-workstation - level1-workstation

2
vars/main.yml
View file

@ -16,4 +16,4 @@ rhel9cis_allowed_crypto_policies_modules:
warn_control_list: "" warn_control_list: ""
warn_count: 0 warn_count: 0
gpg_key_package: "{{ ansible_distribution | lower }}-gpg-keys" gpg_key_package: "{{ ansible_facts.distribution | lower }}-gpg-keys"