From a3d642e06f8020aaf01bae88d13f6ad1762e69ed Mon Sep 17 00:00:00 2001 From: Christopher Palmer-Richez Date: Wed, 31 Jul 2024 21:48:31 -0400 Subject: [PATCH 01/28] Add workflow_disaptch trigger. --- .github/workflows/lint.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index b765aec..04a7a5e 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -5,6 +5,8 @@ on: - main - release/v* + workflow_dispatch: + jobs: build: name: Ansible Lint From 712afd8701c068508eff3345d73044448c669168 Mon Sep 17 00:00:00 2001 From: Christopher Palmer-Richez Date: Wed, 31 Jul 2024 22:00:39 -0400 Subject: [PATCH 02/28] Download collections before running ansible-lint. --- .github/workflows/lint.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 04a7a5e..e4d2635 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -8,10 +8,12 @@ on: workflow_dispatch: jobs: - build: + lint: name: Ansible Lint runs-on: ubuntu-latest steps: + - name: Install collections + run: ansible-galaxy install community.crypto community.general - uses: actions/checkout@v4 - name: Run ansible-lint uses: ansible/ansible-lint@main From d9c72c0115e91d40b4b2ea934a79a28b440c4e65 Mon Sep 17 00:00:00 2001 From: Christopher Palmer-Richez Date: Wed, 31 Jul 2024 22:02:09 -0400 Subject: [PATCH 03/28] Fix incorrect ansible-galaxy command syntax. --- .github/workflows/lint.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index e4d2635..5911e1d 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Install collections - run: ansible-galaxy install community.crypto community.general + run: ansible-galaxy collection install community.crypto community.general - uses: actions/checkout@v4 - name: Run ansible-lint uses: ansible/ansible-lint@main From 86370141958cfe29ee5ffdac222a1e33d4aac446 Mon Sep 17 00:00:00 2001 From: Christopher Palmer-Richez Date: Wed, 31 Jul 2024 22:12:19 -0400 Subject: [PATCH 04/28] Don't install collections, add requirements.yml. --- .github/workflows/lint.yaml | 2 -- roles/requirements.yml | 2 ++ 2 files changed, 2 insertions(+), 2 deletions(-) create mode 100644 roles/requirements.yml diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 5911e1d..71253e1 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -12,8 +12,6 @@ jobs: name: Ansible Lint runs-on: ubuntu-latest steps: - - name: Install collections - run: ansible-galaxy collection install community.crypto community.general - uses: actions/checkout@v4 - name: Run ansible-lint uses: ansible/ansible-lint@main diff --git a/roles/requirements.yml b/roles/requirements.yml new file mode 100644 index 0000000..9133fa6 --- /dev/null +++ b/roles/requirements.yml @@ -0,0 +1,2 @@ +- name: community.general +- name: community.crypto From 26ffc69f814c5b3cd95b8f5e734e44eb6038d886 Mon Sep 17 00:00:00 2001 From: Christopher Palmer-Richez Date: Wed, 31 Jul 2024 22:14:38 -0400 Subject: [PATCH 05/28] Add collections section. --- roles/requirements.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/requirements.yml b/roles/requirements.yml index 9133fa6..55b9182 100644 --- a/roles/requirements.yml +++ b/roles/requirements.yml @@ -1,2 +1,3 @@ -- name: community.general -- name: community.crypto +collections: + - name: community.general + - name: community.crypto From 24da9dc56a5947db64c26563e5bf5546abf64a9c Mon Sep 17 00:00:00 2001 From: Christopher Palmer-Richez Date: Wed, 31 Jul 2024 22:23:48 -0400 Subject: [PATCH 06/28] Move requirements file to the meta dir in role. These recent commits are confusing I know, this is related to the "official" ansible-lint github action not being able to find collections that are supposed to be installed by default. I'm having a difficult time understanding where the requirements file will be read, but that is likely because I use a slightly unusual structure for role distribution? This commit uses reference from https://docs.ansible.com/ansible/latest/galaxy/user_guide.html#installing-roles-and-collections-from-the-same-requirements-yml-file --- roles/{ => uki_config/meta}/requirements.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/{ => uki_config/meta}/requirements.yml (100%) diff --git a/roles/requirements.yml b/roles/uki_config/meta/requirements.yml similarity index 100% rename from roles/requirements.yml rename to roles/uki_config/meta/requirements.yml From ee2d76b356fc2313ed37dff6ff097a195e4e440b Mon Sep 17 00:00:00 2001 From: Christopher Palmer-Richez Date: Wed, 31 Jul 2024 22:29:22 -0400 Subject: [PATCH 07/28] Try having requirements.yml in the root dir. Still don't get where I'm expected to put this. --- requirements.yml | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 requirements.yml diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 0000000..55b9182 --- /dev/null +++ b/requirements.yml @@ -0,0 +1,3 @@ +collections: + - name: community.general + - name: community.crypto From dbcc32f9d6c8d25070f775a98d1f35b40f2c5473 Mon Sep 17 00:00:00 2001 From: Christopher Palmer-Richez Date: Wed, 31 Jul 2024 22:32:23 -0400 Subject: [PATCH 08/28] Remove requirements.yml from root dir, this did nothing. --- requirements.yml | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 requirements.yml diff --git a/requirements.yml b/requirements.yml deleted file mode 100644 index 55b9182..0000000 --- a/requirements.yml +++ /dev/null @@ -1,3 +0,0 @@ -collections: - - name: community.general - - name: community.crypto From ff750dd6657eea75eaeb75149b905557790a5c94 Mon Sep 17 00:00:00 2001 From: Christopher Palmer-Richez Date: Wed, 31 Jul 2024 23:22:51 -0400 Subject: [PATCH 09/28] More troubleshooting on dependency install. This commit moves the requirements.yml file back to the root dir (yes, I know I tried this already), and moves the test playbook to the playbooks dir, which is a standard collection root dir. This is meant to see if the playbook.yaml file is being linted without resolving dependencies, whereas a role might not? Note that the docs at https://ansible.readthedocs.io/projects/lint/usage/#dependencies-and-requirements conflict with the docs referenced in previous commits. The ansible-lint docs don't suggest that the requirements.yml file will be detected in roles//meta/requirements.yml. --- playbooks/playbook.yaml | 4 ++++ roles/uki_config/meta/requirements.yml => requirements.yml | 0 2 files changed, 4 insertions(+) create mode 100644 playbooks/playbook.yaml rename roles/uki_config/meta/requirements.yml => requirements.yml (100%) diff --git a/playbooks/playbook.yaml b/playbooks/playbook.yaml new file mode 100644 index 0000000..fe8fac1 --- /dev/null +++ b/playbooks/playbook.yaml @@ -0,0 +1,4 @@ +- name: Test playbook + hosts: test + roles: + - role: uki_config diff --git a/roles/uki_config/meta/requirements.yml b/requirements.yml similarity index 100% rename from roles/uki_config/meta/requirements.yml rename to requirements.yml From e0e72c3d728d394b5b062578f1fc6d212cf545a1 Mon Sep 17 00:00:00 2001 From: Christopher Palmer-Richez Date: Wed, 31 Jul 2024 23:29:31 -0400 Subject: [PATCH 10/28] Add ansible-lint to disable offline mode. --- .ansible-lint | 1 + 1 file changed, 1 insertion(+) create mode 100644 .ansible-lint diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 0000000..9ddf10c --- /dev/null +++ b/.ansible-lint @@ -0,0 +1 @@ +offline: false From 4694e54b713f32856379678a1f7549ed7457f439 Mon Sep 17 00:00:00 2001 From: Christopher Palmer-Richez Date: Wed, 31 Jul 2024 23:47:54 -0400 Subject: [PATCH 11/28] Remove name: key from collections list. Also properly removes playbook.yaml from root as desired in previous commits. --- playbook.yaml | 4 ---- requirements.yml | 4 ++-- 2 files changed, 2 insertions(+), 6 deletions(-) delete mode 100644 playbook.yaml diff --git a/playbook.yaml b/playbook.yaml deleted file mode 100644 index fe8fac1..0000000 --- a/playbook.yaml +++ /dev/null @@ -1,4 +0,0 @@ -- name: Test playbook - hosts: test - roles: - - role: uki_config diff --git a/requirements.yml b/requirements.yml index 55b9182..2822085 100644 --- a/requirements.yml +++ b/requirements.yml @@ -1,3 +1,3 @@ collections: - - name: community.general - - name: community.crypto + - community.general + - community.crypto From aa37f06487fbad71c427f43b40f9872bc58951f5 Mon Sep 17 00:00:00 2001 From: Christopher Palmer-Richez Date: Wed, 31 Jul 2024 23:50:58 -0400 Subject: [PATCH 12/28] Downgrade ansible-lint action to 6.11. --- .github/workflows/lint.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 71253e1..fe21d2d 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -14,4 +14,4 @@ jobs: steps: - uses: actions/checkout@v4 - name: Run ansible-lint - uses: ansible/ansible-lint@main + uses: ansible/ansible-lint@6.11 From e439d1191839db34e6ea62bba0bd7c5e14385ccc Mon Sep 17 00:00:00 2001 From: Christopher Palmer-Richez Date: Thu, 1 Aug 2024 11:03:41 -0400 Subject: [PATCH 13/28] Use a command instead of the action. --- .github/workflows/lint.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index fe21d2d..0690673 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -14,4 +14,4 @@ jobs: steps: - uses: actions/checkout@v4 - name: Run ansible-lint - uses: ansible/ansible-lint@6.11 + run: ansible-lint From e185f52b23de606dd4aaca55ba8f05c14c63a5e2 Mon Sep 17 00:00:00 2001 From: Christopher Palmer-Richez Date: Thu, 1 Aug 2024 11:06:39 -0400 Subject: [PATCH 14/28] Use ansible-test instead of ansible-lint. Not sure what is actually in the runner image. --- .github/workflows/lint.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 0690673..262a20d 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -14,4 +14,4 @@ jobs: steps: - uses: actions/checkout@v4 - name: Run ansible-lint - run: ansible-lint + run: ansible-test From aa9f78906d63ae81bffc99dfe1f7e4db45fa787e Mon Sep 17 00:00:00 2001 From: Christopher Palmer-Richez Date: Thu, 1 Aug 2024 11:15:51 -0400 Subject: [PATCH 15/28] Rename to test, stop using ansible-lint. This commit switches to ansible-test instead of ansible-lint due to its availability in the main runner image without the use of the ansible-lint action. --- .github/workflows/lint.yaml | 17 ----------------- .github/workflows/test.yaml | 24 ++++++++++++++++++++++++ 2 files changed, 24 insertions(+), 17 deletions(-) delete mode 100644 .github/workflows/lint.yaml create mode 100644 .github/workflows/test.yaml diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml deleted file mode 100644 index 262a20d..0000000 --- a/.github/workflows/lint.yaml +++ /dev/null @@ -1,17 +0,0 @@ -name: ansible-lint -on: - pull_request: - branches: - - main - - release/v* - - workflow_dispatch: - -jobs: - lint: - name: Ansible Lint - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: Run ansible-lint - run: ansible-test diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml new file mode 100644 index 0000000..1e39527 --- /dev/null +++ b/.github/workflows/test.yaml @@ -0,0 +1,24 @@ +name: ansible-test +on: + pull_request: + branches: + - main + - release/v* + + workflow_dispatch: + +jobs: + lint: + name: Ansible Test + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Create collection dir structure + run: mkdir "$HOME/.ansible/collections/ansible_collections/tofugarden" + - name: Create collection directory + run: mkdir "$HOME/.ansible/collections/ansible_collections/tofugarden/secureboot" + - name: Copy repo contents to collection dir + run: cp -r * "$HOME/.ansible/collections/ansible_collections/tofuarden/secureboot/" + - name: Run ansible-test + run: ansible-test sanity + working_directory: "$HOME/.ansible/collections" From 3adf7e772a0ebaa124cb0ffc734ed6907620f5a5 Mon Sep 17 00:00:00 2001 From: Christopher Palmer-Richez Date: Thu, 1 Aug 2024 11:17:32 -0400 Subject: [PATCH 16/28] Replace working_directory with working-directory. This was a syntax error. --- .github/workflows/test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 1e39527..155f5d8 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -21,4 +21,4 @@ jobs: run: cp -r * "$HOME/.ansible/collections/ansible_collections/tofuarden/secureboot/" - name: Run ansible-test run: ansible-test sanity - working_directory: "$HOME/.ansible/collections" + working-directory: "$HOME/.ansible/collections" From b37a0602e01a5f214b65aecb96ca1eb177ab1e49 Mon Sep 17 00:00:00 2001 From: Christopher Palmer-Richez Date: Thu, 1 Aug 2024 11:19:01 -0400 Subject: [PATCH 17/28] Add -p flag and create whole dir structure at onece. Runner does not have subdirs that are standard with a regular ansible installation. --- .github/workflows/test.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 155f5d8..0cf2b87 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -13,10 +13,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - name: Create collection dir structure - run: mkdir "$HOME/.ansible/collections/ansible_collections/tofugarden" - name: Create collection directory - run: mkdir "$HOME/.ansible/collections/ansible_collections/tofugarden/secureboot" + run: mkdir -p "$HOME/.ansible/collections/ansible_collections/tofugarden/secureboot" - name: Copy repo contents to collection dir run: cp -r * "$HOME/.ansible/collections/ansible_collections/tofuarden/secureboot/" - name: Run ansible-test From ff964fb8c5e72583114a2a7c1cbdcb69dd835a9e Mon Sep 17 00:00:00 2001 From: Christopher Palmer-Richez Date: Thu, 1 Aug 2024 11:20:51 -0400 Subject: [PATCH 18/28] Fix typo. --- .github/workflows/test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 0cf2b87..3ceaca8 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -16,7 +16,7 @@ jobs: - name: Create collection directory run: mkdir -p "$HOME/.ansible/collections/ansible_collections/tofugarden/secureboot" - name: Copy repo contents to collection dir - run: cp -r * "$HOME/.ansible/collections/ansible_collections/tofuarden/secureboot/" + run: cp -r * "$HOME/.ansible/collections/ansible_collections/tofugarden/secureboot/" - name: Run ansible-test run: ansible-test sanity working-directory: "$HOME/.ansible/collections" From 3f5c74005b95b0c00f72f69b12be989faa4d74b0 Mon Sep 17 00:00:00 2001 From: Christopher Palmer-Richez Date: Thu, 1 Aug 2024 11:25:50 -0400 Subject: [PATCH 19/28] Remove variable from working_directory. Looks like it does not support shell variable substitution. Use a hard path for now, we will make this pretty later. --- .github/workflows/test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 3ceaca8..b0b78bd 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -19,4 +19,4 @@ jobs: run: cp -r * "$HOME/.ansible/collections/ansible_collections/tofugarden/secureboot/" - name: Run ansible-test run: ansible-test sanity - working-directory: "$HOME/.ansible/collections" + working-directory: "home/runner/.ansible/collections" From f054b3407d5259703919f5c181d5698d4a0dd8e7 Mon Sep 17 00:00:00 2001 From: Christopher Palmer-Richez Date: Thu, 1 Aug 2024 11:27:15 -0400 Subject: [PATCH 20/28] Add missing leading slash to working dir. --- .github/workflows/test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index b0b78bd..7d57a0a 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -19,4 +19,4 @@ jobs: run: cp -r * "$HOME/.ansible/collections/ansible_collections/tofugarden/secureboot/" - name: Run ansible-test run: ansible-test sanity - working-directory: "home/runner/.ansible/collections" + working-directory: "/home/runner/.ansible/collections" From deaab5d42a844e00b650890804d5142dd4b28025 Mon Sep 17 00:00:00 2001 From: Christopher Palmer-Richez Date: Thu, 1 Aug 2024 11:28:32 -0400 Subject: [PATCH 21/28] Move cd to the collection root. This is needed by ansible-test. --- .github/workflows/test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 7d57a0a..8136af8 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -19,4 +19,4 @@ jobs: run: cp -r * "$HOME/.ansible/collections/ansible_collections/tofugarden/secureboot/" - name: Run ansible-test run: ansible-test sanity - working-directory: "/home/runner/.ansible/collections" + working-directory: "/home/runner/.ansible/collections/ansible_collections/tofugarden/secureboot" From d84377950e2f8d0b660352bce241b27d62e72d97 Mon Sep 17 00:00:00 2001 From: Christopher Palmer-Richez Date: Thu, 1 Aug 2024 11:37:33 -0400 Subject: [PATCH 22/28] Add pip requirements, rename to lint, install lint. This commit reattempts to use ansible-lint from a shell, but installs it first. --- .github/workflows/{test.yaml => lint.yaml} | 18 ++++++++++++++---- requirements.txt | 1 + 2 files changed, 15 insertions(+), 4 deletions(-) rename .github/workflows/{test.yaml => lint.yaml} (67%) create mode 100644 requirements.txt diff --git a/.github/workflows/test.yaml b/.github/workflows/lint.yaml similarity index 67% rename from .github/workflows/test.yaml rename to .github/workflows/lint.yaml index 8136af8..a79934a 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/lint.yaml @@ -1,4 +1,4 @@ -name: ansible-test +name: ansible-lint on: pull_request: branches: @@ -9,14 +9,24 @@ on: jobs: lint: - name: Ansible Test + name: Ansible Lint runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + + - uses: actions/setup-python@v5 + with: + cache: pip + + - name: Install python dependencies + run: pip install -r requirements.txt + - name: Create collection directory run: mkdir -p "$HOME/.ansible/collections/ansible_collections/tofugarden/secureboot" + - name: Copy repo contents to collection dir run: cp -r * "$HOME/.ansible/collections/ansible_collections/tofugarden/secureboot/" - - name: Run ansible-test - run: ansible-test sanity + + - name: Run ansible-lint + run: ansible-lint working-directory: "/home/runner/.ansible/collections/ansible_collections/tofugarden/secureboot" diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..6dd128e --- /dev/null +++ b/requirements.txt @@ -0,0 +1 @@ +ansible-lint From 65406ee5807b9dd95b8efb093caa8bd70363c987 Mon Sep 17 00:00:00 2001 From: Christopher Palmer-Richez Date: Thu, 1 Aug 2024 11:40:13 -0400 Subject: [PATCH 23/28] Try running without the collection dir structure. --- .github/workflows/lint.yaml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index a79934a..0c2671b 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -21,12 +21,5 @@ jobs: - name: Install python dependencies run: pip install -r requirements.txt - - name: Create collection directory - run: mkdir -p "$HOME/.ansible/collections/ansible_collections/tofugarden/secureboot" - - - name: Copy repo contents to collection dir - run: cp -r * "$HOME/.ansible/collections/ansible_collections/tofugarden/secureboot/" - - name: Run ansible-lint run: ansible-lint - working-directory: "/home/runner/.ansible/collections/ansible_collections/tofugarden/secureboot" From 5f5ac78bfd14530c8ce8c54d4af6674d898ac74c Mon Sep 17 00:00:00 2001 From: Christopher Palmer-Richez Date: Thu, 1 Aug 2024 11:46:03 -0400 Subject: [PATCH 24/28] Add ansible to requirements.txt --- requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements.txt b/requirements.txt index 6dd128e..ea8a68f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1 +1,2 @@ +ansible ansible-lint From 0e4e33b5c8ad92971a209487c9c3b1be4bc5491f Mon Sep 17 00:00:00 2001 From: Christopher Palmer-Richez Date: Thu, 1 Aug 2024 11:49:15 -0400 Subject: [PATCH 25/28] Remove trailing spaces. --- roles/uki_config/meta/argument_specs.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/uki_config/meta/argument_specs.yaml b/roles/uki_config/meta/argument_specs.yaml index d680d57..107483a 100644 --- a/roles/uki_config/meta/argument_specs.yaml +++ b/roles/uki_config/meta/argument_specs.yaml @@ -28,7 +28,7 @@ argument_specs: type: path description: The path to the MOK x509 certificate. default: /etc/kernel/MOK.cer - + owner: type: str default: root From 46c2ba7a0ff561e37368b47832cbfa694bdd9ccb Mon Sep 17 00:00:00 2001 From: Christopher Palmer-Richez Date: Thu, 1 Aug 2024 11:51:08 -0400 Subject: [PATCH 26/28] Add permissions to backup files. --- roles/uki_config/tasks/main.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/roles/uki_config/tasks/main.yaml b/roles/uki_config/tasks/main.yaml index 469dbc7..3088ecd 100644 --- a/roles/uki_config/tasks/main.yaml +++ b/roles/uki_config/tasks/main.yaml @@ -317,6 +317,12 @@ ansible.builtin.copy: content: "{{ ukify_config_backup.content | b64decode }}" dest: "{{ ukify_conf_path }}" + owner: root + group: root + mode: 0644 + seuser: system_u + serole: object_r + setype: etc_t changed_when: false - name: Delete new ukify configuration file @@ -335,6 +341,12 @@ ansible.builtin.copy: content: "{{ dracut_config_backup.content | b64decode }}" dest: "{{ dracut_conf_path }}" + owner: root + group: root + mode: 0644 + seuser: system_u + serole: object_r + setype: etc_t changed_when: false - name: Delete new dracut configuration file @@ -342,6 +354,12 @@ ansible.builtin.file: path: "{{ dracut_conf_path }}" state: absent + owner: root + group: root + mode: 0644 + seuser: system_u + serole: object_r + setype: etc_t changed_when: false - name: Restore kernel-install config From bbb5c4ccef2c3f2f8b4753eccd43e9def5904aac Mon Sep 17 00:00:00 2001 From: Christopher Palmer-Richez Date: Thu, 1 Aug 2024 11:56:15 -0400 Subject: [PATCH 27/28] Quote octals. --- roles/uki_config/tasks/main.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/uki_config/tasks/main.yaml b/roles/uki_config/tasks/main.yaml index 3088ecd..5db5917 100644 --- a/roles/uki_config/tasks/main.yaml +++ b/roles/uki_config/tasks/main.yaml @@ -319,7 +319,7 @@ dest: "{{ ukify_conf_path }}" owner: root group: root - mode: 0644 + mode: "0644" seuser: system_u serole: object_r setype: etc_t @@ -343,7 +343,7 @@ dest: "{{ dracut_conf_path }}" owner: root group: root - mode: 0644 + mode: "0644" seuser: system_u serole: object_r setype: etc_t @@ -356,7 +356,7 @@ state: absent owner: root group: root - mode: 0644 + mode: "0644" seuser: system_u serole: object_r setype: etc_t From 4c56b0ed68287d747b4ed7328068191a82961e14 Mon Sep 17 00:00:00 2001 From: Christopher Palmer-Richez Date: Thu, 1 Aug 2024 11:58:04 -0400 Subject: [PATCH 28/28] Fix permissions being in delete task, not restore. --- roles/uki_config/tasks/main.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/uki_config/tasks/main.yaml b/roles/uki_config/tasks/main.yaml index 5db5917..b16801c 100644 --- a/roles/uki_config/tasks/main.yaml +++ b/roles/uki_config/tasks/main.yaml @@ -354,12 +354,6 @@ ansible.builtin.file: path: "{{ dracut_conf_path }}" state: absent - owner: root - group: root - mode: "0644" - seuser: system_u - serole: object_r - setype: etc_t changed_when: false - name: Restore kernel-install config @@ -369,6 +363,12 @@ ansible.builtin.copy: content: "{{ kernel_install_config_backup.content | b64decode }}" dest: "{{ install_conf_path }}" + owner: root + group: root + mode: "0644" + seuser: system_u + serole: object_r + setype: etc_t changed_when: false - name: Remove new kernel-install configuration file