Use standard check for systemd

This patch brings the security role in-line with other OSA roles in the method they use to check for systemd. Change-Id: Id84d0c606a0323e4357d227d50e29dea1af2949d
2016-06-14 07:44:48 -05:00 · 2016-06-14 07:44:48 -05:00 · ba256815a3
commit ba256815a3
parent 83ec9ae775
1 changed files with 17 additions and 8 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -24,23 +24,32 @@
    tags:
      - always

-  - name: Check if we're in check/audit mode
-    command: /bin/true
-    register: noop_result
+  # NOTE(major): This task differs from other OSA roles because it has
+  # "always_run" set. This is required for check/audit mode to operate
+  # properly.
+  - name: Check init system
+    command: cat /proc/1/comm
+    register: _pid1_name
+    always_run: True
    tags:
      - always

-  - name: Check to see if systemd is in use
-    command: systemctl status
-    register: systemd_check
-    failed_when: False
+  - name: Set the name of pid1
+    set_fact:
+      pid1_name: "{{ _pid1_name.stdout }}"
+    tags:
+      - always
+
+  - name: Check for check/audit mode
+    command: /bin/true
+    register: noop_result
    tags:
      - always

  - name: Set facts
    set_fact:
      check_mode: "{{ noop_result | skipped }}"
-      systemd_running: "{{ systemd_check | success }}"
+      systemd_running: "{{ pid1_name == 'systemd' }}"
      linux_security_module: "{{ (ansible_os_family == 'Debian') | ternary('apparmor','selinux') }}"
    tags:
      - always