Prepare vagrant centos/7 box for role testing
This will fix the follwing issues when using the centos/7 box for role testing: * TASK [../../../openstack-ansible-security : V-38476 ... fatal: [centos7]: FAILED! => {"changed": false, "failed": true, "msg": "Missing CentOS 7 GPG keys"} The required gpg-pubkey packages are created after the import of the provided signing keys in /etc/pki/rpm-gpg. * TASK [../../../openstack-ansible-security : V-38574 ... fatal: [centos7]: FAILED! => {"changed": false, "failed": true, "msg": "Must use SHA512 for password hashing (via PAM)"} sha512 instead of md5 has to be used in /etc/pam.d/password-auth * TASK [../../../openstack-ansible-security : Check password hashing algorithm used in login.defs (for V-38576)] *** fatal: [centos7]: FAILED! => {"changed": true, "cmd": "grep '^ENCRYPT_METHOD.*SHA512' /etc/login.defs", ... sha512 instead of md5 has to be used in /etc/login.defs Change-Id: Ia40119dbf933b8102001cfe914312b17632bcf65 Co-authored-by: David Rabel <rabel@b1-systems.de>
This commit is contained in:
parent
83e3c206e8
commit
dd52e48925
|
@ -15,6 +15,9 @@ Vagrant.configure("2") do |config|
|
|||
ansible.skip_tags = ['V-38496']
|
||||
# we need to run as sudo for a lot of the checks ansible-security runs
|
||||
ansible.raw_arguments = ['-s']
|
||||
ansible.groups = {
|
||||
"ubuntu" => ["ubuntu1404"]
|
||||
}
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -30,6 +33,9 @@ Vagrant.configure("2") do |config|
|
|||
ansible.skip_tags = ['V-38496']
|
||||
# we need to run as sudo for a lot of the checks ansible-security runs
|
||||
ansible.raw_arguments = ['-s']
|
||||
ansible.groups = {
|
||||
"ubuntu" => ["ubuntu1604"]
|
||||
}
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -45,6 +51,9 @@ Vagrant.configure("2") do |config|
|
|||
ansible.skip_tags = ['V-38496']
|
||||
# we need to run as sudo for a lot of the checks ansible-security runs
|
||||
ansible.raw_arguments = ['-s']
|
||||
ansible.groups = {
|
||||
"centos" => ["centos7"]
|
||||
}
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -13,6 +13,15 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Prepare centos/7 box for role testing
|
||||
hosts: centos
|
||||
tasks:
|
||||
- name: Import all archive signing keys from /etc/pki/rpm-gpg
|
||||
shell: rpm --import /etc/pki/rpm-gpg/*
|
||||
|
||||
- name: Use sha512 instead of md5 as password hashing algorithm
|
||||
shell: authconfig --passalgo=sha512 --update
|
||||
|
||||
- name: Playbook for role testing
|
||||
hosts: all
|
||||
roles:
|
||||
|
|
Loading…
Reference in New Issue