Use pipefail for shell module
It's not safe to run pipes without pipefail, but for some cases we expect it to fail and working this around. In such case we ignore rule Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-tests/+/784751 Change-Id: I79a630ebe8ff54bc9f4600e1f3c0fda653cc4b71
This commit is contained in:
parent
a502ad3ed9
commit
a82570f1a5
@ -28,7 +28,7 @@
|
||||
- not check_mode | bool
|
||||
|
||||
- name: V-71855 - Get files with invalid checksums (apt)
|
||||
shell: "grep -v OK$ {{ temp_dir }}/debsums.txt | awk '{ print $1 }'"
|
||||
shell: "grep -v OK$ {{ temp_dir }}/debsums.txt | awk '{ print $1 }'" # noqa risky-shell-pipe
|
||||
register: invalid_checksum_files
|
||||
changed_when: False
|
||||
when:
|
||||
|
@ -106,7 +106,7 @@
|
||||
# those lines that have a '#' as the first character or '#' as the first
|
||||
# character following a space (or series of spaces).
|
||||
- name: Check for 'nopasswd' in sudoers files
|
||||
shell: 'grep -ir nopasswd /etc/sudoers /etc/sudoers.d/ | egrep -v "^([[:space:]]*)?(#|$)" || echo "not found"'
|
||||
shell: 'grep -ir nopasswd /etc/sudoers /etc/sudoers.d/ | egrep -v "^([[:space:]]*)?(#|$)" || echo "not found"' # noqa risky-shell-pipe
|
||||
register: sudoers_nopasswd_check
|
||||
changed_when: False
|
||||
when:
|
||||
|
@ -14,7 +14,7 @@
|
||||
# limitations under the License.
|
||||
|
||||
- name: V-71849 - Get packages with incorrect file permissions or ownership
|
||||
shell: "grep '^.M' {{ temp_dir }}/rpmverify.txt | awk '{ print $NF }'"
|
||||
shell: "grep '^.M' {{ temp_dir }}/rpmverify.txt | awk '{ print $NF }'" # noqa risky-shell-pipe
|
||||
args:
|
||||
warn: no
|
||||
register: rpmverify_package_list
|
||||
@ -119,7 +119,7 @@
|
||||
- V-72021
|
||||
|
||||
- name: Find all world-writable directories
|
||||
shell: "find / -perm -002 -type d -exec ls -lLd {} \\; | tr -s ' ' | cut -d' ' -f 4,9 | grep -v ^root"
|
||||
shell: "find / -perm -002 -type d -exec ls -lLd {} \\; | tr -s ' ' | cut -d' ' -f 4,9 | grep -v ^root" # noqa risky-shell-pipe
|
||||
register: world_writable_dirs
|
||||
changed_when: False
|
||||
failed_when: False
|
||||
|
@ -203,7 +203,7 @@
|
||||
- V-72213
|
||||
|
||||
- name: Check if ClamAV update process is already running
|
||||
shell: "ps -ef | egrep [f]reshclam -q"
|
||||
shell: "set -o pipefail; ps -ef | egrep [f]reshclam -q"
|
||||
register: freshclam_proc
|
||||
changed_when: False
|
||||
failed_when: False
|
||||
@ -364,7 +364,7 @@
|
||||
- V-72281
|
||||
|
||||
- name: Check for interfaces in promiscuous mode
|
||||
shell: "ip link | grep -i promisc"
|
||||
shell: "set -o pipefail; ip link | grep -i promisc"
|
||||
register: promiscuous_interface_check
|
||||
changed_when: False
|
||||
failed_when: False
|
||||
@ -435,7 +435,7 @@
|
||||
- V-72305
|
||||
|
||||
- name: Check to see if snmpd config contains public/private
|
||||
shell: 'egrep "^[^#].*(public|private)" /etc/snmp/snmpd.conf'
|
||||
command: 'egrep "^[^#].*(public|private)" /etc/snmp/snmpd.conf'
|
||||
register: snmp_public_private_check
|
||||
changed_when: False
|
||||
failed_when: False
|
||||
|
@ -30,7 +30,7 @@
|
||||
- V-71855
|
||||
|
||||
- name: V-71855 - Get files with invalid checksums (rpm)
|
||||
shell: "grep '^..5' {{ temp_dir }}/rpmverify.txt | awk '{ print $NF }'"
|
||||
shell: "grep '^..5' {{ temp_dir }}/rpmverify.txt | awk '{ print $NF }'" # noqa risky-shell-pipe
|
||||
register: invalid_checksum_files
|
||||
changed_when: False
|
||||
when:
|
||||
|
@ -31,7 +31,7 @@
|
||||
- V-71855
|
||||
|
||||
- name: V-71855 - Get files with invalid checksums (rpm)
|
||||
shell: "grep '^..5' {{ temp_dir }}/rpmverify.txt | awk '{ print $NF }'"
|
||||
shell: "grep '^..5' {{ temp_dir }}/rpmverify.txt | awk '{ print $NF }'" # noqa risky-shell-pipe
|
||||
register: invalid_checksum_files
|
||||
changed_when: False
|
||||
when:
|
||||
|
Loading…
Reference in New Issue
Block a user