correct clevis askpass unit conditional #81
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
richm
reviewed
Sep 30, 2022
| when: ansible_distribution != "RedHat" or | ||
| (not ansible_distribution_version is version("8.2", "==") and | ||
| not ansible_distribution_version is version("8.3", "==")) | ||
| when: ansible_facts.services['clevis-luks-askpass.service'] is defined |
There was a problem hiding this comment.
@sergio-correia is this service created when you install the clevis RPM packages? If so, then this looks correct.
There was a problem hiding this comment.
According to dnf the service is provided by clevis-systemd.
[root@mt-test01 ~]# dnf whatprovides "/usr/*/clevis-luks-askpass*"
Updating Subscription Management repositories.
Last metadata expiration check: 0:09:53 ago on Fri 30 Sep 2022 08:16:08 PM UTC.
clevis-systemd-11-2.el8.x86_64 : systemd integration for clevis
Repo : rhel-8-for-x86_64-appstream-rpms
Matched from:
Filename : /usr/lib/systemd/system/clevis-luks-askpass.path
Filename : /usr/lib/systemd/system/clevis-luks-askpass.service
Filename : /usr/libexec/clevis-luks-askpass
clevis-systemd-11-9.el8.x86_64 : systemd integration for clevis
Repo : rhel-8-for-x86_64-appstream-rpms
Matched from:
Filename : /usr/lib/systemd/system/[email protected]
Filename : /usr/lib/systemd/system/[email protected]
Filename : /usr/libexec/clevis-luks-askpass
...
clevis-systemd-15-8.el8.x86_64 : systemd integration for clevis
Repo : rhel-8-for-x86_64-appstream-rpms
Matched from:
Filename : /usr/lib/systemd/system/clevis-luks-askpass.path
Filename : /usr/lib/systemd/system/clevis-luks-askpass.service
Filename : /usr/libexec/clevis-luks-askpass
There was a problem hiding this comment.
@sergio-correia is this service created when you install the
clevisRPM packages? If so, then this looks correct.
Yeah, it's installed by the clevis-systemd package. And I agree it looks correct.
|
[citest] |
sergio-correia
approved these changes
Oct 3, 2022
richm
added a commit
to richm/linux-system-roles-nbde_client
that referenced
this pull request
Nov 1, 2022
[1.2.7] - 2022-11-01 -------------------- ### New Features - none ### Bug Fixes - correct clevis askpass unit conditional (linux-system-roles#81) - Add default clevis luks askpass unit (linux-system-roles#79) skip clevis askpass systemd unit for RHEL 8.2 and 8.3 - use no_log: true where secrets might be revealed ### Other Changes - fix test tmp files (linux-system-roles#80) tests - use generated temp directory for all controller files If you run multiple tests in parallel, some of the tests could overwrite or remove files in use by other tests on the controller. Use a temp directory for controller files. - test support for CentOS Stream 9 Signed-off-by: Rich Megginson <[email protected]>
richm
added a commit
that referenced
this pull request
Nov 1, 2022
[1.2.7] - 2022-11-01 -------------------- ### New Features - none ### Bug Fixes - correct clevis askpass unit conditional (#81) - Add default clevis luks askpass unit (#79) skip clevis askpass systemd unit for RHEL 8.2 and 8.3 - use no_log: true where secrets might be revealed ### Other Changes - fix test tmp files (#80) tests - use generated temp directory for all controller files If you run multiple tests in parallel, some of the tests could overwrite or remove files in use by other tests on the controller. Use a temp directory for controller files. - test support for CentOS Stream 9 Signed-off-by: Rich Megginson <[email protected]> Signed-off-by: Rich Megginson <[email protected]>
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
A bug was introduced in PR Add default clevis luks askpass unit #79 which silently fails to configure the clevis askpass unit correctly on RHEL 8.2 and 8.3 with certain versions of the
clevis-systemdpackage installed. This PR fixes it by changing the conditional such that if theclevis-luks-askpass.pathservice exists, it is enabled. If it doesn't exist, then a version ofclevis-systemdthat uses templated units is installed, and the unit will be enabled bydracut. Tests have been successful with templated, and staticclevis-luks-askpass.pathunits.