Splits STIG yum add/removes

In order to prevent RPM database corruption on the target hosts, this change splits the STIG yum add/remove tasks into two separate plays. Change-Id: I68751339d5b4cbfb61b8e3cf4ffbfeb47ea5fd76 Closes-Bug: #1851954
2019-11-09 11:33:07 -08:00 · 2019-11-09 11:33:07 -08:00 · 8db1a33cbf
parent 696a556aec
commit 8db1a33cbf
1 changed files with 23 additions and 2 deletions
--- a/tasks/rhel7stig/packages.yml
+++ b/tasks/rhel7stig/packages.yml
@ -13,12 +13,33 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

- name: Add or remove packages based on STIG requirements
+- name: Add packages based on STIG requirements
  package:
    name: "{{ stig_packages_rhel7 | selectattr('enabled') | selectattr('state', 'equalto', item) | sum(attribute='packages', start=[]) }}"
    state: "{{ item }}"
  with_items:
-    - "{{ stig_packages_rhel7 | selectattr('enabled') | map(attribute='state') | unique | list }}"
+    - "{{ stig_packages_rhel7 | selectattr('enabled') | selectattr('state', 'equalto', 'present') | map(attribute='state') | unique | list }}"
+  tags:
+    - cat1
+    - auth
+    - packages
+    - services
+    - V-71897
+    - V-71967
+    - V-71969
+    - V-72067
+    - V-72077
+    - V-72213
+    - V-72233
+    - V-72301
+    - V-72307
+
+- name: Remove packages based on STIG requirements
+  package:
+    name: "{{ stig_packages_rhel7 | selectattr('enabled') | selectattr('state', 'equalto', item) | sum(attribute='packages', start=[]) }}"
+    state: "{{ item }}"
+  with_items:
+    - "{{ stig_packages_rhel7 | selectattr('enabled') | selectattr('state', 'equalto', 'absent') | map(attribute='state') | unique | list }}"
  tags:
    - cat1
    - auth