search

ansible-lockdown / UBUNTU22-CIS

Ansible role for Ubuntu22 CIS Baseline
https://ansible-lockdown.readthedocs.io/en/latest/
MIT License
181 stars 80 forks source link

if timesyncd is not installed 2.1.1.1 errors #150

Closed dderemiah closed 11 months ago

dderemiah commented 11 months ago

Overall Review of Changes: Make sure timesyncd is installed before manipulating the service

Issue Fixes: Fixes error when timesyncd is not installed

Enhancements: n/a

How has this been tested?: tested locally

uk-bolly commented 11 months ago

hi @dderemiah

Thank you for this PR. Looking through the task, the first step in the block is to install the correct time_sync_tool, so i am keen to see how this is getting to error. So when it gets to this part of the block it will be installed. This change would not be necessary in this instance as the package_facts would also have not been updated by this point they only run once the prereqs are met.

many thanks

uk-bolly

dderemiah commented 11 months ago

If the deb package systemd-timesyncd is not installed and you have selected for example "chrony" it will attempt to mask a service that doesn't exist and will fail. I added the check for the systemd-timesyncd to account for this condition which exists on some machines I am applying CIS controls to.