Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add cjis to compliance demo #134

Merged
merged 2 commits into from
Mar 3, 2024

Conversation

l3acon
Copy link
Collaborator

@l3acon l3acon commented Feb 20, 2024

This should be fairly simple, though I had some issues during testing. On RHEL7 I encountered jobs that failed without any error messages. I would normally chalk it up to the random gremlins but it happened more than once. Maybe @jce-redhat or someone has seen something similar?

Anyway, this at least worked once on rhel7 and rhel8.

Copy link
Collaborator

@jce-redhat jce-redhat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added a couple of ideas for you to try, lemme know if you want help testing

@@ -0,0 +1,22 @@
---
# The CJIS role seems to assume these packages are installed and the
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@l3acon i haven't tested this yet, but i took a look at the CJIS role and i believe you won't need to install and enable firewalld and NetworkManager if the following variables get set:

service_firewalld_enabled: false
firewalld_sshd_port_enabled: false

these can be added to the LINUX / Multi-profile Compliance job template as long as the other CaC roles don't use variables of the same name.

Comment on lines 13 to 17
- name: Include prerequisites for cjis profile
ansible.builtin.include_tasks:
file: cjis-prerequisites.yml
when: compliance_profile == 'cjis'

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if you add "cjis" to the survey spec for the "LINUX / Multi-profile compliance" job template definition, you shouldn't need to add this separate task for calling the CJIS role.

@jce-redhat jce-redhat merged commit 3468d1c into ansible:main Mar 3, 2024
1 check passed
@l3acon
Copy link
Collaborator Author

l3acon commented Mar 3, 2024

Yay thanks @jce-redhat

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants