Closed jovial closed 8 months ago
Equivalent to: https://github.com/ansible-lockdown/RHEL9-CIS/pull/54
hi @jovial
Thank you for taking the time to raise this PR and helping to improve ansible-lockdown. It does really help us to improve with feedback. While the change works we do require it to be GPG signed in order to be merged, if you could add a gpg signature to your commits that would be brilliant.
Thank you
uk-bolly
hi @jovial
Thank you again for you time, I have incorporated your changes into the community_work_fix branch with credits given as i need to try and get these fixes added as quickly as possible.
many thanks
uk-bolly
hi @jovial
Thanks again for taking the time to raise this PR. As mentioned we have managed to incorporate this into many other changes. With credit being given. If the PR was GPG signed as well as signed-off this would have been accepted earlier.
many thanks once again
uk-bolly
Sorry, missed you comments. Thanks @uk-bolly - very much appreciated :)
Overall Review of Changes:
By default, Ansible injects a variable for every fact, prefixed with ansible_. This can result in a large number of variables for each host, which at scale can incur a performance penalty. Ansible provides a configuration option [0] that can be set to False to prevent this injection of facts. In this case, facts should be referenced via ansible_facts..
This change updates all references to Ansible facts from using individual fact variables to using the items in the ansible_facts dictionary. This allows users to disable fact variable injection in their Ansible configuration, which may provide some performance improvement.
[0] https://docs.ansible.com/ansible/latest/reference_appendices/config.html#inject-facts-as-vars
Issue Fixes: No issue, but let me know if you want me to create one.
Enhancements:
How has this been tested?: Ran the role against a host.