Closed dankxylese closed 1 year ago
I was just about to raise this bug myself, thanks. Even though we are not building any new servers with rhel7 we like to keep the code similar for all OSes and keep a copy of a server for GoldedImage means just in case an odd need arises.
We are still using 7.9 for the next half a year. Came across this when testing with updated tools, such as ansible in this case. Would be great to get a new release so we can use the latest ansible, as 7.9 is still supported until summer 2024
hi @dankxylese
Thank you for taking the time to raise the issue and providing such a clear solution. I have now added this to a new PR which i hope will be approved this week into devel. This can then be mrged to the main and a new release made.
Many thanks once again
uk-bolly
Describe the Issue The warn parameter for shell and command modules was deprecated in Ansible 2.11 and removed in Ansible 2.14, and so is throwing up errors when trying to run CIS for RHEL7, on the latest ansible version.
Expected Behavior CIS hardening runs without errors.
Actual Behavior Ansible fails and ends prematurely:
amazon-ebs.this: TASK [rhel7_cis : 1.2.2 | AUDIT | Ensure package manager repositories are configured] *** amazon-ebs.this: fatal: [default]: FAILED! => {"changed": false, "msg": "Unsupported parameters for (ansible.legacy.command) module: warn. Supported parameters include: _raw_params, _uses_shell, argv, chdir, creates, executable, removes, stdin, stdin_add_newline, strip_empty_ends."}
Control(s) Affected https://github.com/ansible-lockdown/RHEL7-CIS/blob/be787735006586749da9203df935220beb9efeed/tasks/section_1/cis_1.2.x.yml#L24
https://github.com/ansible-lockdown/RHEL7-CIS/blob/be787735006586749da9203df935220beb9efeed/tasks/section_6/cis_6.2.x.yml#L9
https://github.com/ansible-lockdown/RHEL7-CIS/blob/be787735006586749da9203df935220beb9efeed/tasks/section_1/cis_1.1.x.yml#L337
https://github.com/ansible-lockdown/RHEL7-CIS/blob/be787735006586749da9203df935220beb9efeed/tasks/check_prereqs.yml#L22
Multiple instances in the following: https://github.com/ansible-lockdown/RHEL7-CIS/blob/be787735006586749da9203df935220beb9efeed/handlers/main.yml#L29
Environment:
Possible Solution Remove "warn" argument in all places it is used, like it was done with RHEL8 CIS at the start of 2023 (issue)