Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

collection: Ensure compatibility with Ansible 2.16.1 #556

Closed
berndfinger opened this issue Dec 20, 2023 · 6 comments
Closed

collection: Ensure compatibility with Ansible 2.16.1 #556

berndfinger opened this issue Dec 20, 2023 · 6 comments
Assignees
@berndfinger

Comments

@berndfinger
Copy link
Member

No description provided.

@berndfinger berndfinger self-assigned this Dec 20, 2023
@berndfinger berndfinger mentioned this issue Dec 20, 2023
Closed
@berndfinger berndfinger changed the title collection: Verify compatibility with Ansible 2.16 collection: Verify compatibility with Ansible 2.16.1 Dec 20, 2023
@berndfinger
Copy link
Member Author

See also:

@berndfinger berndfinger changed the title collection: Verify compatibility with Ansible 2.16.1 collection: Ensure compatibility with Ansible 2.16.1 Dec 20, 2023
berndfinger added a commit to berndfinger/community.sap_install that referenced this issue Dec 20, 2023
@berndfinger
sap_hana_preconfigure: Add support for Ansible 2.16.1
8e25a13 
Solves issue sap-linuxlab#556 for this role.

Signed-off-by: Bernd Finger <[email protected]>
berndfinger added a commit to berndfinger/community.sap_install that referenced this issue Dec 21, 2023
@berndfinger
sap_hana_install: Support Ansible 2.16.1
9244ec6 
Solves issue sap-linuxlab#556 for this role.

Signed-off-by: Bernd Finger <[email protected]>
@berndfinger berndfinger mentioned this issue Dec 21, 2023
Merged
@berndfinger
Copy link
Member Author

According to GHSA-7j69-qfc3-2fq9, the versions of ansible-core in which CVE 2023-5764 is fixed are:

For roles not running in assert mode, at least the following tasks are affected (grep -rn "that:" | awk '$1!~/assert-/&&/{{/{print}' - This command however will not catch multiline that: statements):

This was referenced Dec 21, 2023
Merged
Merged
berndfinger added a commit to berndfinger/community.sap_install that referenced this issue Dec 21, 2023
@berndfinger
various roles: Fix issue sap-linuxlab#556 for non-assert runs
3eef78a 
This commit is only for showing how to fix issue sap-linuxlab#556 for the roles
- sap*preconfigure in non-assert (=default) mode
- sap_hana_install.

Signed-off-by: Bernd Finger <[email protected]>
@berndfinger
Copy link
Member Author

According to GHSA-7j69-qfc3-2fq9, the versions of ansible-core in which CVE 2023-5764 is fixed are:

  • 2.16.1
  • 2.15.8
  • 2.14.12.

With these versions of ansible-core, the roles will fail in assertion tasks which need (but do not have) the fix for issue collection: Ensure compatibility with Ansible 2.16.1 #556.

For roles not running in assert mode, at least the following tasks are affected (grep -rn "that:" | awk '$1!~/assert-/&&/{{/{print}' - This command however will not catch multiline that: statements):

I have put the fix for these 4 items in berndfinger@3eef78a .

berndfinger added a commit to berndfinger/community.sap_install that referenced this issue Dec 22, 2023
@berndfinger
various roles: Fix issue sap-linuxlab#556 for non-assert runs
738efaa 
This commit makes the roles compatible with the following versions of
`ansible-core`:
- 2.16.1
- 2.15.8
- 2.14.12
when running in normal (=non-assert) mode.

The preconfigure roles also support an extended check mode, called
assert mode, in which the roles do not change anything but verify
if all settings are correct. This commit will not cover the assert
mode. So several tasks of the preconfigure roles in assert mode will
fail. By using the `_assert_ignore_errors` role parameters in assert mode,
the roles will not fail but the affected tasks will not be executed so
those settings will not be validated.

Relates to issues sap-linuxlab#555 and sap-linuxlab#556.

Signed-off-by: Bernd Finger <[email protected]>
@berndfinger berndfinger mentioned this issue Dec 22, 2023
Merged
berndfinger added a commit that referenced this issue Dec 22, 2023
@berndfinger
Merge pull request #562 from berndfinger/issue556-fixes-for-default-m…
addfda4 
…ode-into-main-branch

various roles: Fix issue #556 for non-assert runs
@audiolomb
Copy link

Thank you!!! 🥇

Merry Christmas!

@berndfinger
Copy link
Member Author

Related PR for role sap_hypervisor_node_preconfigure: #586

@berndfinger
Copy link
Member Author

Looks like we have finished our work on this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@berndfinger berndfinger

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@audiolomb @berndfinger