Remove old /etc/profile config block

When the openstack-ansible-security role became ansible-hardening, a new config block was added to `/etc/profile` without removing the original one with the openstack-ansible-security markers. This causes errors on the command prompt since `TMOUT` is defined twice. This patch removes the old config block using blockinfile. Closes-Bug: 1736702 Change-Id: I2768182f5dde3368028a1a25af69db6ac7a75d9b
2017-12-12 11:03:42 -06:00 · 2017-12-12 11:03:42 -06:00 · c8a59a1c9a
parent a0810a9ca1
commit c8a59a1c9a
1 changed files with 17 additions and 0 deletions
--- a/tasks/rhel7stig/misc.yml
+++ b/tasks/rhel7stig/misc.yml
@ -207,9 +207,26 @@
    - misc
    - V-72213

+# NOTE(mhayden): This role changed names and this task ensures that the old
+# configuration block is properly removed. Without this task, /etc/profile
+# will have two config blocks that set the same variable and this leads to
+# errors on the command prompt. See LP bug 1736702.
+# TODO(mhayden): Remove this task when the Rocky release is in development.
+- name: Remove old config block for V-72223 from openstack-ansible-security
+  blockinfile:
+    dest: /etc/profile
+    state: absent
+    insertbefore: EOF
+    marker: "# {mark} MANAGED BY OPENSTACK-ANSIBLE-SECURITY"
+  tags:
+    - medium
+    - misc
+    - V-72223
+
 - name: V-72223 - Set 10 minute timeout on communication sessions
  blockinfile:
    dest: /etc/profile
+    state: present
    insertbefore: EOF
    marker: "# {mark} MANAGED BY ANSIBLE-HARDENING"
    block: |