> so if, for convenience, we do this:
> vars:
> a_mounts: "{{ hostvars[inventory_hostname].ansible_facts.mounts }}"
>
> That's completely acceptable and correct, and won't create any security
> issue, right?
Yes, that will work, but you don't need to use the hostvars dict. You can
simply use ansible_facts.mounts.
Using facts in no way creates security issues. The attack vector is a managed
node setting local facts, or a malicious playbook author setting a fact that
contains executable and malicious code. Ansible uses an UnsafeProxy class to
ensure text from untrusted sources is properly handled to defend against this.
> I think the last thing we want is to break TripleO + Ceph integration so we
> will maintain Ansible 2.5.x in TripleO Rocky and upgrade to 2.6.x in Stein
> when ceph-ansible 3.2 is used and working well.
This sounds like a good plan.
---
Respectfully,
Sam Doran
Senior Software Engineer
Ansible by Red Hat
[email protected] <mailto:[email protected]>
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [email protected]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
