openstack
/
openstack-ansible-openstack_hosts
Code Issues Proposed changes

Use pam_env for su commands on Centos-9 

See https://access.redhat.com/errata/RHBA-2022:4082

Change-Id: Ibe4ab810ba48c9735af187d39fc34a7451c12d8a
This commit is contained in:
Jonathan Rosser 2022-05-23 16:12:12 +01:00
parent ff61081089
commit cf358f169d
1 changed files with 15 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
tasks/main.yml
View File

@ -52,13 +52,21 @@
tags: tags:
- openstack_hosts-config - openstack_hosts-config
- name: Ensure environement is applied during sudo # NOTE(jrosser) Remove this task when https://access.redhat.com/errata/RHBA-2022:4082
lineinfile: # has a fix merged to Centos-9 as well as RHEL.
path: /etc/pam.d/sudo - name: Ensure environement is applied during su
line: "session required pam_env.so readenv=1 user_readenv=0" community.general.pamd:
regexp: 'session\s+required\s+pam_env\.so' name: su
insertbefore: '^@include' type: auth
when: ansible_facts['distribution'] | lower == 'debian' control: sufficient
module_path: pam_rootok.so
new_type: auth
new_control: required
new_module_path: pam_env.so
state: before
when:
- ansible_facts['distribution'] == 'CentOS'
- ansible_facts['distribution_version'] == '9'
- name: Create systemd global directory - name: Create systemd global directory
file: file: