Prepare vagrant centos/7 box for role testing
This will fix the follwing issues when using the centos/7 box for role testing: * TASK [../../../openstack-ansible-security : V-38476 ... fatal: [centos7]: FAILED! => {"changed": false, "failed": true, "msg": "Missing CentOS 7 GPG keys"} The required gpg-pubkey packages are created after the import of the provided signing keys in /etc/pki/rpm-gpg. * TASK [../../../openstack-ansible-security : V-38574 ... fatal: [centos7]: FAILED! => {"changed": false, "failed": true, "msg": "Must use SHA512 for password hashing (via PAM)"} sha512 instead of md5 has to be used in /etc/pam.d/password-auth * TASK [../../../openstack-ansible-security : Check password hashing algorithm used in login.defs (for V-38576)] *** fatal: [centos7]: FAILED! => {"changed": true, "cmd": "grep '^ENCRYPT_METHOD.*SHA512' /etc/login.defs", ... sha512 instead of md5 has to be used in /etc/login.defs Change-Id: Ia40119dbf933b8102001cfe914312b17632bcf65 Co-authored-by: David Rabel <rabel@b1-systems.de>
This commit is contained in:
parent
83e3c206e8
commit
dd52e48925
|
@ -15,6 +15,9 @@ Vagrant.configure("2") do |config|
|
||||||
ansible.skip_tags = ['V-38496']
|
ansible.skip_tags = ['V-38496']
|
||||||
# we need to run as sudo for a lot of the checks ansible-security runs
|
# we need to run as sudo for a lot of the checks ansible-security runs
|
||||||
ansible.raw_arguments = ['-s']
|
ansible.raw_arguments = ['-s']
|
||||||
|
ansible.groups = {
|
||||||
|
"ubuntu" => ["ubuntu1404"]
|
||||||
|
}
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -30,6 +33,9 @@ Vagrant.configure("2") do |config|
|
||||||
ansible.skip_tags = ['V-38496']
|
ansible.skip_tags = ['V-38496']
|
||||||
# we need to run as sudo for a lot of the checks ansible-security runs
|
# we need to run as sudo for a lot of the checks ansible-security runs
|
||||||
ansible.raw_arguments = ['-s']
|
ansible.raw_arguments = ['-s']
|
||||||
|
ansible.groups = {
|
||||||
|
"ubuntu" => ["ubuntu1604"]
|
||||||
|
}
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -45,6 +51,9 @@ Vagrant.configure("2") do |config|
|
||||||
ansible.skip_tags = ['V-38496']
|
ansible.skip_tags = ['V-38496']
|
||||||
# we need to run as sudo for a lot of the checks ansible-security runs
|
# we need to run as sudo for a lot of the checks ansible-security runs
|
||||||
ansible.raw_arguments = ['-s']
|
ansible.raw_arguments = ['-s']
|
||||||
|
ansible.groups = {
|
||||||
|
"centos" => ["centos7"]
|
||||||
|
}
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -13,6 +13,15 @@
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: Prepare centos/7 box for role testing
|
||||||
|
hosts: centos
|
||||||
|
tasks:
|
||||||
|
- name: Import all archive signing keys from /etc/pki/rpm-gpg
|
||||||
|
shell: rpm --import /etc/pki/rpm-gpg/*
|
||||||
|
|
||||||
|
- name: Use sha512 instead of md5 as password hashing algorithm
|
||||||
|
shell: authconfig --passalgo=sha512 --update
|
||||||
|
|
||||||
- name: Playbook for role testing
|
- name: Playbook for role testing
|
||||||
hosts: all
|
hosts: all
|
||||||
roles:
|
roles:
|
||||||
|
|
Loading…
Reference in New Issue