use sysctl 1.0 #210
use sysctl 1.0 #210
Conversation
dhohengassner
force-pushed
the
master
branch
3 times, most recently
from
bca29e7 to
293c181
Compare
most of the code was already written by symondsandson https://github.com/symondsandson/chef-os-hardening.git remove the sysctl attributes file - values are now set in the recipe remove the lazy evaluation from symondsandson adapt test cases to test usage of sysctl_param resource
|
@artem-sidorenko @chris-rock Thanks for your great work! |
|
Looks great @dhohengassner I'm waiting on this one before applying this to our systems so feedback from @chris-rock or other maintainers would be much appreciated! |
|
This is huge @dhohengassner Thank you. Once question that I have. Can you still override the the attributes? |
|
Thanks for the fast response @chris-rock Good point! At the moment we can set the flags to enable/disable features as before. I think it would be good to use the same attributes the old sysctl cookbook used to set the values. |
|
Nice, thank you @dhohengassner That sounds like the perfect approach. |
|
@dhohengassner I‘m currently on the parental leave, I hope @chris-rock can review here |
This should be done to ensure downward compatibility and keep flexibility. See discussion on: dev-sec#210
|
@chris-rock I reverted my resource calls and copied now parts of the old sysctl recipe into this cookbook. Please review these changes. Thank you! |
|
This is an important fix for Chef 14 compatibility and it would be great to get this merged in as soon as possible. |
| # include sysctl recipe and set /etc/sysctl.d/99-chef-attributes.conf | ||
| include_recipe 'sysctl::apply' | ||
| if node.attribute?('sysctl') && node['sysctl'].attribute?('params') | ||
| coerce_attributes(node['sysctl']['params']).each do |x| |
this means to remove the recipe used until now and use the ressource from sysctl
most of the code was already written by symondsandson
https://github.com/symondsandson/chef-os-hardening.git