Instructions for setting variables in security role are incorrect

Bug #1577944 reported by Major Hayden on 2016-05-03
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openstack-ansible
High
Major Hayden
Liberty
High
Major Hayden
Mitaka
High
Major Hayden

Bug Description

The security role has variables in dictionary format for handling certain things, like auditd rules. The docs show examples like this:

auditd_rules['failed_access']: yes

But they don't work properly. The only way to make it work is to copy the entire YAML dictionary into user_variables.yml and adjust it there.

Thanks to Jacob Wagner for reporting this one!

Changed in openstack-ansible:
status: New → Confirmed
importance: Undecided → High
assignee: nobody → Major Hayden (rackerhacker)
Changed in openstack-ansible:
milestone: none → newton-1

Fix proposed to branch: master
Review: https://review.openstack.org/312506

Changed in openstack-ansible:
status: Confirmed → In Progress

Reviewed: https://review.openstack.org/312506
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-security/commit/?id=f5061fd0222cd068934726231244c2dca82d9d43
Submitter: Jenkins
Branch: master

commit f5061fd0222cd068934726231244c2dca82d9d43
Author: Major Hayden <email address hidden>
Date: Thu May 5 08:32:32 2016 -0500

    Switch from dict to individual variables

    The dictionary-based variables didn't work properly and this patch
    changes them to individual variables. If users followed the existing
    documentation, their environments will be unaffected by this change
    (they are still broken).

    The new variables follow the pattern `security_VARIABLENAME` which
    will soon become the standard for the role to avoid variable name
    collisions with other playbooks and roles.

    Release notes are included with this patch.

    Closes-bug: 1577944

    Change-Id: I455f66a0b4f423e2cf0e753b129367427f29479f

Changed in openstack-ansible:
status: In Progress → Fix Released

Change abandoned by Major Hayden (<email address hidden>) on branch: stable/mitaka
Review: https://review.openstack.org/312977
Reason: Going to try to make this a clean backport.

Change abandoned by Major Hayden (<email address hidden>) on branch: liberty
Review: https://review.openstack.org/312980
Reason: Going to try to make this a clean backport.

Reviewed: https://review.openstack.org/313614
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-security/commit/?id=e2b39907d6123d9055c5389bf325ec6e6d8d89d2
Submitter: Jenkins
Branch: stable/mitaka

commit e2b39907d6123d9055c5389bf325ec6e6d8d89d2
Author: Major Hayden <email address hidden>
Date: Thu May 5 08:32:32 2016 -0500

    Switch from dict to individual variables

    The dictionary-based variables didn't work properly and this patch
    changes them to individual variables. If users followed the existing
    documentation, their environments will be unaffected by this change
    (they are still broken).

    The new variables follow the pattern `security_VARIABLENAME` which
    will soon become the standard for the role to avoid variable name
    collisions with other playbooks and roles.

    Release notes are included with this patch.

    Closes-bug: 1577944

    Change-Id: I455f66a0b4f423e2cf0e753b129367427f29479f
    (cherry picked from commit f5061fd0222cd068934726231244c2dca82d9d43)

Reviewed: https://review.openstack.org/313652
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-security/commit/?id=b5cdff790779797e6e71428aca35ce2ac7e8a48f
Submitter: Jenkins
Branch: liberty

commit b5cdff790779797e6e71428aca35ce2ac7e8a48f
Author: Major Hayden <email address hidden>
Date: Thu May 5 08:32:32 2016 -0500

    Switch from dict to individual variables

    The dictionary-based variables didn't work properly and this patch
    changes them to individual variables. If users followed the existing
    documentation, their environments will be unaffected by this change
    (they are still broken).

    The new variables follow the pattern `security_VARIABLENAME` which
    will soon become the standard for the role to avoid variable name
    collisions with other playbooks and roles.

    Release notes are included with this patch.

    Closes-bug: 1577944

    Change-Id: I455f66a0b4f423e2cf0e753b129367427f29479f
    (cherry picked from commit f5061fd0222cd068934726231244c2dca82d9d43)

This issue was fixed in the openstack/openstack-ansible-security 12.0.13 release.

This issue was fixed in the openstack/openstack-ansible-security 13.1.2 release.

This issue was fixed in the openstack/openstack-ansible-security 14.0.0.0b1 development milestone.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers