Fix issues from new CentOS 7 release
This patch fixes the gate blocker for CentOS 7 in the Newton branch. The grep for `rpmverify` needed an update to exclude `/var` and `/etc`. Files in both directories are updated in the security role. Also, the `yum-cron` packaging bug affects the Newton branch as well. The workaround from master (I80b66a6d9e7c8ad97761a1f890ec6a3d2db88659) is backported to Newton. Change-Id: I9b0f77eceb32d18a0d07f53ff1dbac2117b29da4
This commit is contained in:
parent
4251bc5666
commit
2d07959b75
|
@ -100,7 +100,7 @@
|
|||
- V-38637
|
||||
|
||||
- name: Check audit package contents for alterations with rpm (for V-38637)
|
||||
shell: "rpmverify audit audit-libs | grep -v '\\.conf$' | wc -l"
|
||||
shell: "rpmverify audit audit-libs | egrep -v '/(etc|var)' | wc -l"
|
||||
register: v38637_result
|
||||
changed_when: False
|
||||
when: ansible_pkg_mgr == 'yum'
|
||||
|
|
|
@ -64,5 +64,9 @@
|
|||
roles:
|
||||
- role: "openstack-ansible-security"
|
||||
vars:
|
||||
security_unattended_upgrades_enabled: true
|
||||
security_unattended_upgrades_notifications: true
|
||||
# NOTE(mhayden): yum-cron has a bug upon update due to a RPM conflict in
|
||||
# the yum-cron.conf file. This test should be re-enabled when the
|
||||
# OpenStack CI images are updated.
|
||||
# See https://bugzilla.redhat.com/show_bug.cgi?id=1293513
|
||||
security_unattended_upgrades_enabled: "{{ (ansible_os_family | lower == 'debian') | ternary(true, false) }}"
|
||||
security_unattended_upgrades_notifications: "{{ (ansible_os_family | lower == 'debian') | ternary(true, false) }}"
|
||||
|
|
Loading…
Reference in New Issue