
Quack, ansible-lint added new checks in 4.3.0 and especially one to detect when you create a file and forget to set permissions. Of course most of the time that's not a big deal but sometimes it can deploy bad permissions or even create security problems. One way to make a deployment is to do it manually and when you found the proper things to do you write the rules, right? One problem is that you might forget a few steps but since it's already manually done it deploys nicely until things change for another reason or you need to redeploy elsewhere or another instance. Another problem are these permissions which mean it's deployed but the service cannot access its files because too restrictive permissions or on the contrary it's too open. So it's better to recycle the VM or test in a container first. Currently we use the packaged version of ansible-lint so you did not see any problem _yet_. I have fixed the rules in all roles and also in the infra repo: https://gerrit.ovirt.org/c/111158/ I'm not pointing at people to blame them, and I am myself responsible for many of these mistakes (look at the history in the community-cage-infra-ansible repo or the roles), but I wanted to make sure we think about these problems and try to do better in the future. And btw I also added a YAMLlint check. Most of the time it's not a big deal but sometimes bad indenting causes bugs, especially inside blocks, or make things hardly readable, so I fixed these problems too. Regards. \_o<
participants (1)
-
Marc Dequènes (Duck)