ikke-t
commented
4 years ago Thanks for quick feedback and fix. I committed it in. After long time I sat down last night and pulled in change requests, and this came in from one of them.
Closed kymcharlesworth-srg closed 4 years ago
ikke-t
commented
4 years ago Thanks for quick feedback and fix. I committed it in. After long time I sat down last night and pulled in change requests, and this came in from one of them.
Logic in two lines in check_subid.yml appears to be failing: _when: not uid_line_found.matched and container_run_asuser != 'root' _when: not gid_line_found.matched and container_run_asgroup != 'root'
Change the order around to fix: _when: container_run_as_user != 'root' and not uid_linefound.matched _when: container_run_as_group != 'root' and not gid_linefound.matched
The Register Variables _uid_linefound and _gid_linefound do not have a 'matched' attribute if these tasks are skipped (container_run_as_user = 'root'). This causes a fatal error when Ansible tries to test the 'matched' attribute (left-hand side of the and) when checking the /etc/subuid and /etc/subgid files.
Group fatal is below: fatal: [localhost]: FAILED! => {"msg": "The conditional check 'not gid_line_found.matched and container_run_as_group != 'root'' failed. The error was: error while evaluating conditional (not gid_line_found.matched and container_run_as_group != 'root'): 'dict object' has no attribute 'matched'\n\nThe error appears to be in '/home/ec2-user/.ansible/roles/podman_container_systemd/tasks/check_subid.yml': line 26, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: ensure group is in subgid file, if it was missing\n ^ here\n"}
This issue started happening this morning after many weeks of working fine but the issue has been confirmed against two independent systems.