On Wed, 30 Sep 2015 12:07:07 -0600 Tim Flink <tflink@xxxxxxxxxx> wrote: > On Tue, 29 Sep 2015 08:27:01 -0600 > Tim Flink <tflink@xxxxxxxxxx> wrote: > > > Long story short, when the batcave upgrade happened on Friday we > > found out that rbac_playbook doesn't work on el7 due to an issue > > with nss-altfiles. > > > > I figured out how to sidestep the issue by changing the approach > > that rbac_playbook takes. It used to get all the groups for the user > > running the script and check for an intersection between those > > groups and the required groups for the playbook being run. > > > > The new version looks at the groups required for the playbook being > > run, gathers all the users in those groups and verifies that the > > user running rbac_playbook is in that list before proceeding. > > > > I've included the changes below for security review before updating > > anything on batcave01 > > Thanks for the reviews. Code has been pushed to git, I've built a new > ansible_utils package and put that in the el7 infrastructure repo. I've updated it on batcave. Testing welcome to make sure we are all working. kevin
Attachment:
pgpS0Q77sy25d.pgp
Description: OpenPGP digital signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/postorius/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
