From 04a2a02ff4022ac91c0f4cf6294e1652d3f4feeb Mon Sep 17 00:00:00 2001 From: rchikov Date: Mon, 4 Mar 2024 13:45:00 +0100 Subject: [PATCH 1/3] Changes in template service_disabled - ansible part --- shared/templates/service_disabled/ansible.template | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/shared/templates/service_disabled/ansible.template b/shared/templates/service_disabled/ansible.template index 36a954804f3..d6e0681747b 100644 --- a/shared/templates/service_disabled/ansible.template +++ b/shared/templates/service_disabled/ansible.template @@ -11,9 +11,10 @@ - name: Disable service {{{ SERVICENAME }}} systemd: name: "{{{ DAEMONNAME }}}.service" - enabled: "no" + enabled: false state: "stopped" - masked: "yes" + masked: true + when: ansible_facts.services["{{{ DAEMONNAME }}}.service"] is defined rescue: - name: "Intentionally ignored previous 'Disable service {{{ SERVICENAME }}}' failure, service was already disabled" meta: noop @@ -28,9 +29,9 @@ - name: Disable socket {{{ SERVICENAME }}} systemd: name: "{{{ DAEMONNAME }}}.socket" - enabled: "no" + enabled: false state: "stopped" - masked: "yes" + masked: true when: 'socket_file_exists.stdout_lines is search("{{{ DAEMONNAME }}}.socket",multiline=True)' {{%- else %}} JINJA TEMPLATE ERROR: Unknown init system '{{{ init_system }}}' From d3dd3efdf8e4fa95fa05c2b7c1197cd247ed2237 Mon Sep 17 00:00:00 2001 From: rchikov Date: Wed, 6 Mar 2024 13:14:07 +0100 Subject: [PATCH 2/3] Updates in ansible part from service_dsabled template --- .../service_disabled/ansible.template | 38 ++++++++++--------- 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/shared/templates/service_disabled/ansible.template b/shared/templates/service_disabled/ansible.template index d6e0681747b..979df4c5ab4 100644 --- a/shared/templates/service_disabled/ansible.template +++ b/shared/templates/service_disabled/ansible.template @@ -3,35 +3,37 @@ # strategy = disable # complexity = low # disruption = low + {{%- if init_system == "systemd" %}} -- name: Block Disable service {{{ SERVICENAME }}} - block: - - name: Disable service {{{ SERVICENAME }}} - block: - - name: Disable service {{{ SERVICENAME }}} - systemd: - name: "{{{ DAEMONNAME }}}.service" - enabled: false - state: "stopped" - masked: true - when: ansible_facts.services["{{{ DAEMONNAME }}}.service"] is defined - rescue: - - name: "Intentionally ignored previous 'Disable service {{{ SERVICENAME }}}' failure, service was already disabled" - meta: noop + +- name: "{{{ rule_title }}} - Collect systemd Services Present in the System" + command: systemctl -q list-unit-files --type service + register: service_exists + changed_when: false + failed_when: service_exists.rc not in [0, 1] + check_mode: false + +- name: '{{{ rule_title }}} - Ensure "{{{ DAEMONNAME }}}.service" is Masked' + ansible.builtin.systemd: + name: "{{{ DAEMONNAME }}}.service" + state: "stopped" + enabled: false + masked: true + when: 'service_exists.stdout_lines is search("{{{ SERVICENAME }}}.service",multiline=True)' - name: "Unit Socket Exists - {{{ DAEMONNAME }}}.socket" command: systemctl -q list-unit-files {{{ DAEMONNAME }}}.socket register: socket_file_exists - changed_when: False + changed_when: false failed_when: socket_file_exists.rc not in [0, 1] - check_mode: False + check_mode: false - name: Disable socket {{{ SERVICENAME }}} systemd: name: "{{{ DAEMONNAME }}}.socket" - enabled: false + enabled: "no" state: "stopped" - masked: true + masked: "yes" when: 'socket_file_exists.stdout_lines is search("{{{ DAEMONNAME }}}.socket",multiline=True)' {{%- else %}} JINJA TEMPLATE ERROR: Unknown init system '{{{ init_system }}}' From f00e0ae75a42ec8c540617a0f1b0ff9762d220bc Mon Sep 17 00:00:00 2001 From: rchikov Date: Wed, 6 Mar 2024 15:32:18 +0100 Subject: [PATCH 3/3] Small changes in the ansible part of the template service_disabled --- shared/templates/service_disabled/ansible.template | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/shared/templates/service_disabled/ansible.template b/shared/templates/service_disabled/ansible.template index 979df4c5ab4..9edf1b40408 100644 --- a/shared/templates/service_disabled/ansible.template +++ b/shared/templates/service_disabled/ansible.template @@ -7,7 +7,7 @@ {{%- if init_system == "systemd" %}} - name: "{{{ rule_title }}} - Collect systemd Services Present in the System" - command: systemctl -q list-unit-files --type service + ansible.builtin.command: systemctl -q list-unit-files --type service register: service_exists changed_when: false failed_when: service_exists.rc not in [0, 1] @@ -22,14 +22,14 @@ when: 'service_exists.stdout_lines is search("{{{ SERVICENAME }}}.service",multiline=True)' - name: "Unit Socket Exists - {{{ DAEMONNAME }}}.socket" - command: systemctl -q list-unit-files {{{ DAEMONNAME }}}.socket + ansible.builtin.command: systemctl -q list-unit-files {{{ DAEMONNAME }}}.socket register: socket_file_exists changed_when: false failed_when: socket_file_exists.rc not in [0, 1] check_mode: false - name: Disable socket {{{ SERVICENAME }}} - systemd: + ansible.builtin.systemd: name: "{{{ DAEMONNAME }}}.socket" enabled: "no" state: "stopped"