a64c833a71
The current behavior of the hardening role is to install the epel-release package on all deployments. This patch changes the logic to only install the EPEL repository if the deployer has asked for ClamAV to be installed. The patch also provides an option to disable the installation of EPEL entirely using a variable. Closes-Bug: 1702167 Change-Id: I9c5e6048f95636faf2a6d71ac9217ba69ca41296
17 lines
707 B
YAML
17 lines
707 B
YAML
---
|
|
upgrade:
|
|
- |
|
|
The EPEL repository is only installed and configured when the deployer sets
|
|
``security_enable_virus_scanner`` to ``yes``. This allows the ClamAV
|
|
packages to be installed. If ``security_enable_virus_scanner`` is set to
|
|
``no`` (the default), the EPEL repository will not be added.
|
|
|
|
See
|
|
`Bug 1702167 <https://bugs.launchpad.net/openstack-ansible/+bug/1702167>`_
|
|
for more details.
|
|
- |
|
|
Deployers now have the option to prevent the EPEL repository from being
|
|
installed by the role. Setting ``security_epel_install_repository`` to
|
|
``no`` prevents EPEL from being installed. This setting may prevent certain
|
|
packages from installing, such as ClamAV.
|