Skip to content

Make Ansible in GRUB rules idempotent#13957

Merged
Mab879 merged 1 commit into
ComplianceAsCode:masterfrom
jan-cerny:grub2_bootloader_argument
Oct 2, 2025
Merged

Make Ansible in GRUB rules idempotent#13957
Mab879 merged 1 commit into
ComplianceAsCode:masterfrom
jan-cerny:grub2_bootloader_argument

Conversation

@jan-cerny
Copy link
Copy Markdown
Collaborator

@jan-cerny jan-cerny commented Sep 30, 2025

This commit changes the Ansible remediation in the grub2_bootloader_argument template to become idempotent.

Resolves: https://issues.redhat.com/browse/OPENSCAP-6256

Review Hints:

  • ./build_product --playbook-per-rule rhel9
  • manually replace hosts by hosts: all in build/rhel9/playbooks/all/grub2_nousb_argument.yml
  • run ansible-playbook -u root -i YOUR_IP, build/rhel9/playbooks/all/grub2_nousb_argument.yml at least twice and compare the output of the first run with the second run and so on, verify that the second and next runs don't change anything and that the output contains only "ok" or "skipping"
  • apart from that, run automatus Tss with --remediate-using ansible

@jan-cerny jan-cerny added this to the 0.1.79 milestone Sep 30, 2025
@jan-cerny jan-cerny added the Ansible Ansible remediation update. label Sep 30, 2025
@Mab879 Mab879 self-assigned this Sep 30, 2025
@ggbecker
Copy link
Copy Markdown
Member

ggbecker commented Oct 1, 2025

Please rebase on top of the latest main branch as #13961 got merged and fixed the problem with the testing farm tests.

@jan-cerny
Make Ansible in GRUB rules idempotent
4658b62 
This commit changes the Ansible remediation in the
grub2_bootloader_argument template to become idempotent.

Resolves: https://issues.redhat.com/browse/OPENSCAP-6256
@jan-cerny jan-cerny force-pushed the grub2_bootloader_argument branch from f2036ad to 4658b62 Compare October 1, 2025 11:34
@jan-cerny
Copy link
Copy Markdown
Collaborator Author

jan-cerny commented Oct 1, 2025

I have rebased this PR on the top of the latest upstream master branch.

@openshift-ci
Copy link
Copy Markdown

openshift-ci Bot commented Oct 1, 2025

@jan-cerny: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aws-openshift-node-compliance 4658b62 link true /test e2e-aws-openshift-node-compliance
ci/prow/e2e-aws-openshift-platform-compliance 4658b62 link true /test e2e-aws-openshift-platform-compliance

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@Mab879 Mab879 merged commit cccef24 into ComplianceAsCode:master Oct 2, 2025
134 of 138 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Mab879 Mab879 Mab879 approved these changes

Assignees

@Mab879 Mab879

Labels

Ansible Ansible remediation update.

Projects

None yet

Milestone

0.1.79

Development

Successfully merging this pull request may close these issues.

3 participants

@jan-cerny @ggbecker @Mab879