OpenStack-Ansible

Instructions for setting variables in security role are incorrect

Bug #1577944 reported by Major Hayden
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack-Ansible
Fix Released
High
Major Hayden
OpenStack-Ansible newton-1
Liberty
Fix Released
High
Major Hayden
OpenStack-Ansible 13.1.2
Mitaka
Fix Committed
High
Major Hayden
OpenStack-Ansible 12.0.13

Bug Description

The security role has variables in dictionary format for handling certain things, like auditd rules. The docs show examples like this:

auditd_rules['failed_access']: yes

But they don't work properly. The only way to make it work is to copy the entire YAML dictionary into user_variables.yml and adjust it there.

Thanks to Jacob Wagner for reporting this one!

Major Hayden (rackerhacker)
Changed in openstack-ansible:
status: New → Confirmed
importance: Undecided → High
assignee: nobody → Major Hayden (rackerhacker)
Jesse Pretorius (jesse-pretorius)
Changed in openstack-ansible:
milestone: none → newton-1
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible-security (master)

Fix proposed to branch: master
Review: https://review.openstack.org/312506

Changed in openstack-ansible:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible-security (master)

Reviewed: https://review.openstack.org/312506
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-security/commit/?id=f5061fd0222cd068934726231244c2dca82d9d43
Submitter: Jenkins
Branch: master

commit f5061fd0222cd068934726231244c2dca82d9d43
Author: Major Hayden <email address hidden>
Date: Thu May 5 08:32:32 2016 -0500

    Switch from dict to individual variables

    The dictionary-based variables didn't work properly and this patch
    changes them to individual variables. If users followed the existing
    documentation, their environments will be unaffected by this change
    (they are still broken).

    The new variables follow the pattern `security_VARIABLENAME` which
    will soon become the standard for the role to avoid variable name
    collisions with other playbooks and roles.

    Release notes are included with this patch.

    Closes-bug: 1577944

    Change-Id: I455f66a0b4f423e2cf0e753b129367427f29479f

Changed in openstack-ansible:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible-security (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/312977

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible-security (liberty)

Fix proposed to branch: liberty
Review: https://review.openstack.org/312980

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on openstack-ansible-security (stable/mitaka)

Change abandoned by Major Hayden (<email address hidden>) on branch: stable/mitaka
Review: https://review.openstack.org/312977
Reason: Going to try to make this a clean backport.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on openstack-ansible-security (liberty)

Change abandoned by Major Hayden (<email address hidden>) on branch: liberty
Review: https://review.openstack.org/312980
Reason: Going to try to make this a clean backport.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible-security (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/313614

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible-security (liberty)

Fix proposed to branch: liberty
Review: https://review.openstack.org/313652

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible-security (stable/mitaka)

Reviewed: https://review.openstack.org/313614
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-security/commit/?id=e2b39907d6123d9055c5389bf325ec6e6d8d89d2
Submitter: Jenkins
Branch: stable/mitaka

commit e2b39907d6123d9055c5389bf325ec6e6d8d89d2
Author: Major Hayden <email address hidden>
Date: Thu May 5 08:32:32 2016 -0500

    Switch from dict to individual variables

    The dictionary-based variables didn't work properly and this patch
    changes them to individual variables. If users followed the existing
    documentation, their environments will be unaffected by this change
    (they are still broken).

    The new variables follow the pattern `security_VARIABLENAME` which
    will soon become the standard for the role to avoid variable name
    collisions with other playbooks and roles.

    Release notes are included with this patch.

    Closes-bug: 1577944

    Change-Id: I455f66a0b4f423e2cf0e753b129367427f29479f
    (cherry picked from commit f5061fd0222cd068934726231244c2dca82d9d43)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible-security (liberty)

Reviewed: https://review.openstack.org/313652
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-security/commit/?id=b5cdff790779797e6e71428aca35ce2ac7e8a48f
Submitter: Jenkins
Branch: liberty

commit b5cdff790779797e6e71428aca35ce2ac7e8a48f
Author: Major Hayden <email address hidden>
Date: Thu May 5 08:32:32 2016 -0500

    Switch from dict to individual variables

    The dictionary-based variables didn't work properly and this patch
    changes them to individual variables. If users followed the existing
    documentation, their environments will be unaffected by this change
    (they are still broken).

    The new variables follow the pattern `security_VARIABLENAME` which
    will soon become the standard for the role to avoid variable name
    collisions with other playbooks and roles.

    Release notes are included with this patch.

    Closes-bug: 1577944

    Change-Id: I455f66a0b4f423e2cf0e753b129367427f29479f
    (cherry picked from commit f5061fd0222cd068934726231244c2dca82d9d43)

Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/openstack-ansible-security 12.0.13

This issue was fixed in the openstack/openstack-ansible-security 12.0.13 release.

Revision history for this message
Davanum Srinivas (DIMS) (dims-v) wrote : Fix included in openstack/openstack-ansible-security 13.1.2

This issue was fixed in the openstack/openstack-ansible-security 13.1.2 release.

Revision history for this message
Thierry Carrez (ttx) wrote : Fix included in openstack/openstack-ansible-security 14.0.0.0b1

This issue was fixed in the openstack/openstack-ansible-security 14.0.0.0b1 development milestone.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.