On Tue, 29 Sep 2015 08:27:01 -0600 Tim Flink <[email protected]> wrote:
> Long story short, when the batcave upgrade happened on Friday we found > out that rbac_playbook doesn't work on el7 due to an issue with > nss-altfiles. > > I figured out how to sidestep the issue by changing the approach that > rbac_playbook takes. It used to get all the groups for the user > running the script and check for an intersection between those groups > and the required groups for the playbook being run. > > The new version looks at the groups required for the playbook being > run, gathers all the users in those groups and verifies that the user > running rbac_playbook is in that list before proceeding. > > I've included the changes below for security review before updating > anything on batcave01 Thanks for the reviews. Code has been pushed to git, I've built a new ansible_utils package and put that in the el7 infrastructure repo. Tim
pgpXjgefbeofA.pgp
Description: OpenPGP digital signature
_______________________________________________ infrastructure mailing list [email protected] http://lists.fedoraproject.org/postorius/[email protected]
