Project

General

Profile

Bug #617

dc-monitoring Ansible role: Group trusted-proc does not exist

Added by Pierre-Louis Bonicoli about 1 year ago. Updated about 1 year ago.

Status:
Resolved
Priority:
Normal
Category:
System :: Base
Start date:
2018-04-23
Due date:
% Done:

100%

Patch Available:
Confirmed:
No
Branch:
Entity:
DuckCorp
Security:
Help Needed:

Description

trusted-proc group is required but group creation isn't handled by Ansible:

ansible-playbook -l Toushirou -i hosts.yml -v --start-at-task "install security tools"  playbooks/common.yml
[...]
TASK [dc-monitoring : Give Rights on /proc to Zabbix User] ***************************************************************************************************
fatal: [Toushirou]: FAILED! => {"changed": false, "msg": "Group trusted-proc does not exist"}
```

History

#1 Updated by Marc Dequènes about 1 year ago

True, good catch.

It is more of a global parameter from a DC perspective. Thus I would suggest adding the rules in the `dc-base` role and making it an optional parameter of the `dc-monitoring` role (to make the role more generic and reusable in other places).

#2 Updated by Marc Dequènes about 1 year ago

  • Status changed from New to In Progress
  • Assignee set to Marc Dequènes

#3 Updated by Marc Dequènes about 1 year ago

  • Status changed from In Progress to Resolved
  • % Done changed from 0 to 100

The group is now created. The fstab entry is updated (now using the group name for more readability).

As suggested the special group is passed as role argument.

Also available in: Atom PDF