On Monday, November 14, 2016 at 2:07:05 PM UTC-8, [email protected] wrote:
>
>
> I wrote the below to ensure certain options are set in a server's
> /etc/fstab file for CIS compliance:
>
> - name: Describe file system options
> set_fact:
> filesystems:
> - fs: /tmp
> options:
> - nodev
> - nosuid
> - fs: /home
> options:
> - nodev
> - fs: /dev/shm
> options:
> - nodev
> - nosuid
> - noexec
>
> - name: CIS - Set options for file systems
> replace: dest=/etc/fstab
>
> regexp='(^[/\-\w]*\s+{{item.0.fs}}\s+\w+\s+(?!.*\b{{item.1}}\b))([\w,]+)(\s+[0-9]\s+[0-9])$'
> replace='\1\2,{{item.1}}\3'
> with_subelements:
> - "{{filesystems}}"
> - options
>
> My fstab file starts out like this:
>
> /dev/mapper/VolGroup00-root /
> xfs defaults 1 1
> UUID=55b51f79-af10-4590-88df-8aefeeedb3fc /boot xfs
> defaults 0 0
> /dev/mapper/VolGroup00-home /home
> xfs defaults 0 0
> /dev/mapper/VolGroup00-tmp /tmp
> xfs defaults 0 0
> /dev/mapper/VolGroup00-var /var
> xfs defaults 0 0
> UUID=c56d0641-b1ef-4ef5-ba3c-1dfb983e28ce swap swap
> defaults 0 0
>
> The expectation is that options listed under a given file system name will
> be added to the options for that file system. For example:
>
> /dev/mapper/VolGroup00-home /home
> xfs defaults,nodev 0 0
> /dev/mapper/VolGroup00-tmp /tmp
> xfs defaults,nodev,nosuid 0 0
>
> This worked perfectly on Ansible version 1.9.4, but when I ported it to
> Ansible 2.1.2, it broke. When I run it on 2.1.2, Ansible no longer detects
> that the options have already been applied and applies them again. Each
> time the playbook is run against the servers, another set of options is
> added to the already existing set:
>
> /dev/mapper/VolGroup00-home /home
> xfs defaults,nodev,nodev 0 0
> /dev/mapper/VolGroup00-tmp /tmp
> xfs defaults,nodev,nosuid,nodev,nosuid 0 0
>
> What changed between Ansible versions 2.1.2 and 1.9.4?
> The clients are a mix of OEL and RHEL versions 6 and 7. I get the same
> results regardless of the OS releases and versions.
>
> -Mark
>
>
It is very definitely related to version 2 of Ansible. I downgraded the
version of Ansible on my server to 1.9.4 and ran the playbook again. It
ran perfectly and no changes were made to the target system. I upgraded to
version 2.2.0 and tested again, and it added another set of options to the
fstab file even though the options were already present. So something
changed between Ansible versions 1.9 and 2.
-Mark
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/2356eaae-61c5-4dc4-93c9-3834d073247a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
