Merge pull request #214 from ansible-lockdown/boot_part

Boot part variable
ansible-lockdown · Jul 18, 2023 · 5d0e614 · 5d0e614
2 parents 27c2a31 + 4f8b3aa
commit 5d0e614
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 13 deletions.
diff --git a/ansible.cfg b/ansible.cfg
@@ -7,7 +7,7 @@ nocows=1
 retry_files_save_path=/dev/null
 
 # Use the YAML callback plugin.
-stdout_callback = yaml
+# stdout_callback = yaml
 # Use the stdout_callback when running ad-hoc commands.
 bin_ansible_callbacks = True
 

diff --git a/tasks/fix-cat1.yml b/tasks/fix-cat1.yml
@@ -93,13 +93,13 @@
         with_items:
             - "{{ ansible_mounts | json_query(query) }}"
         vars:
-            query: "[?mount=='{{ rhel8stig_boot_part }}'] | [0]"
+            query: "[?mount=='{{ rhel8stig_boot_part.stdout }}'] | [0]"
             key: GRUB_CMDLINE_LINUX
             param: boot
             value: UUID={{ item.uuid }}
             insert: true
         when:
-            - rhel8stig_boot_part not in ['/', '']
+            - rhel8stig_boot_part.stdout not in ['/', '']
             - not ansible_check_mode or
               rhel_08_010020_default_grub_missing_audit is not changed
         notify: confirm grub2 user cfg
@@ -112,12 +112,12 @@
             - fips=1
             - boot=UUID={{ ansible_mounts | json_query(query) }}
         vars:
-            query: "[?mount=='{{ rhel8stig_boot_part }}'].uuid | [0]"
+            query: "[?mount=='{{ rhel8stig_boot_part.stdout }}'].uuid | [0]"
         register: rhel_08_010020_audit
         when:
             - not ansible_check_mode or
               rhel_08_010020_default_grub_missing_audit is not changed
-            - "rhel8stig_boot_part not in ['/', ''] or
+            - "rhel8stig_boot_part.stdout not in ['/', ''] or
               'boot=' not in item"
         changed_when:
             - ansible_check_mode

diff --git a/tasks/main.yml b/tasks/main.yml
@@ -175,9 +175,7 @@
       - change_requires_reboot
       - not rhel8stig_skip_reboot
   tags:
-      - CAT1
-      - CAT2
-      - CAT3
+      - always
 
 - name: Include post-remediation tasks
   ansible.builtin.import_tasks: post_remediation_audit.yml
@@ -200,6 +198,4 @@
       - change_requires_reboot
       - rhel8stig_skip_reboot
   tags:
-      - CAT1
-      - CAT2
-      - CAT3
+      - always
diff --git a/tasks/prelim.yml b/tasks/prelim.yml
@@ -3,10 +3,10 @@
 - name: "PRELIM | RHEL-08-010020"
   block:
       - name: "PRELIM | RHEL-08-010020 | Check if /boot or /boot/efi reside on separate partitions"
-        ansible.builtin.shell: df --ouAtput=target /boot | tail -n 1
+        ansible.builtin.shell: df --output=target /boot | tail -n 1
         changed_when: false
         check_mode: false
-        register: rhel_08_boot_part
+        register: rhel8stig_boot_part
 
       - name: "PRELIM | RHEL-08-010020 | crypto-policies-scripts package for FIPS"
         ansible.builtin.package: