Project

General

Profile

Bug #617

dc-monitoring Ansible role: Group trusted-proc does not exist

Added by Pierre-Louis Bonicoli over 1 year ago. Updated over 1 year ago.

Status:
Resolved
Priority:
Normal
Category:
System :: Base
Start date:
2018-04-23
Due date:
% Done:

100%

Estimated time:
Patch Available:
Confirmed:
No
Branch:
Entity:
DuckCorp
Security:
Help Needed:

Description

trusted-proc group is required but group creation isn't handled by Ansible:

ansible-playbook -l Toushirou -i hosts.yml -v --start-at-task "install security tools"  playbooks/common.yml
[...]
TASK [dc-monitoring : Give Rights on /proc to Zabbix User] ***************************************************************************************************
fatal: [Toushirou]: FAILED! => {"changed": false, "msg": "Group trusted-proc does not exist"}
```

History

#1

Updated by Marc Dequènes over 1 year ago

True, good catch.

It is more of a global parameter from a DC perspective. Thus I would suggest adding the rules in the `dc-base` role and making it an optional parameter of the `dc-monitoring` role (to make the role more generic and reusable in other places).

#2

Updated by Marc Dequènes over 1 year ago

  • Status changed from New to In Progress
  • Assignee set to Marc Dequènes
#3

Updated by Marc Dequènes over 1 year ago

  • Status changed from In Progress to Resolved
  • % Done changed from 0 to 100

The group is now created. The fstab entry is updated (now using the group name for more readability).

As suggested the special group is passed as role argument.

Also available in: Atom PDF