search

Oefenweb / ansible-fail2ban

Ansible role to set up fail2ban in Debian-like systems
MIT License
117 stars 55 forks source link

Invalid check against debian 9 #56

Closed MarcFinetRtone closed 5 years ago

MarcFinetRtone commented 5 years ago

On my debian stretch, the ansible_distribution_version is 9, not 9.0 nor 9.x. Moreover the version() filter returns False leading to set "ssh" instead of expected "sshd".

On my local machine (debian 9):

ansible localhost -m setup | grep distribution
        "ansible_distribution": "Debian", 
        "ansible_distribution_file_parsed": true, 
        "ansible_distribution_file_path": "/etc/os-release", 
        "ansible_distribution_file_variety": "Debian", 
        "ansible_distribution_major_version": "9", 
        "ansible_distribution_release": "stretch", 
        "ansible_distribution_version": "9",

On my remote machine:

ansible remote -m setup -i hosts | grep distribution
 [WARNING]: Platform linux on host remote is using the discovered Python interpreter at /usr/bin/python, but future installation of another Python interpreter could change this. See
https://docs.ansible.com/ansible/2.8/reference_appendices/interpreter_discovery.html for more information.
        "ansible_distribution": "Debian", 
        "ansible_distribution_file_parsed": true, 
        "ansible_distribution_file_path": "/etc/os-release", 
        "ansible_distribution_file_variety": "Debian", 
        "ansible_distribution_major_version": "9", 
        "ansible_distribution_release": "stretch", 
        "ansible_distribution_version": "9",

The role I wrote to see version() in action:

- name: test1
  debug:
    msg: "{{ '9.1 is >= 9' if '9.1' is version('9', '>=') else '9.1 not >= 9' }}"
  tags: vars

- name: test2
  debug:
    msg: "{{ '9 is >= 9' if '9' is version('9', '>=') else '9 not >= 9' }}"
  tags: vars

- name: test3
  debug:
    msg: "{{ '9.0 is >= 9' if '9.0' is version('9', '>=') else '9.0 not >= 9' }}"
  tags: vars

- name: test4
  debug:
    msg: "{{ '9 is >= 9.0' if '9' is version('9.0', '>=') else '9 not >= 9.0' }}"
  tags: vars

Output:

TASK [repro : test1] ***************************************************************************************************************************************************************************************************************************************
ok: [remote] => {
    "msg": "9.1 is >= 9"
}

TASK [repro : test2] ***************************************************************************************************************************************************************************************************************************************
ok: [remote] => {
    "msg": "9 is >= 9"
}

TASK [repro : test3] ***************************************************************************************************************************************************************************************************************************************
ok: [remote] => {
    "msg": "9.0 is >= 9"
}

TASK [repro : test4] ***************************************************************************************************************************************************************************************************************************************
ok: [remote] => {
    "msg": "9 not >= 9.0"
}

Ansible version: 2.8.0:

ansible --version
ansible 2.8.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/marc/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.13 (default, Sep 26 2018, 18:42:22) [GCC 6.3.0 20170516]
tersmitten commented 5 years ago

Do you think this is a bug in version or in this role?

MarcFinetRtone commented 5 years ago

Do you think this is a bug in version or in this role?

I've no idea. The documentation for version() is very small (https://docs.ansible.com/ansible/latest/user_guide/playbooks_tests.html). In fact, I'm surprised the existing code does not work. It's either:

I tried to google() for the same problem and didn't find anything conclusive. Other references:

santiagomr commented 5 years ago

On my debian stretch, the ansible_distribution_version is 9, not 9.0 nor 9.x. Moreover the version() filter returns False leading to set "ssh" instead of expected "sshd".

I have the same problem. The role worked perfectly until a few days ago on Debian 9.X (I have been using it for more than a month).

I have not updated the role or Debian on which the role is executed, but recently I updated Ansible from version 2.7 to 2.8.

I suspect that this error is related to Ansible 2.8

santiagomr commented 5 years ago

Correct, this is an error in Ansible 2.8.

The bugfix is coming

tersmitten commented 5 years ago

Fixed in #57