Remove sysctl cookbook dependency and use new native sysctl resource #228
Conversation
|
@josqu4red thanks for this PR! We had already a discussion about this topic and decided to keep sysctl as we wanted to keep Chef 13 support for a while. If I take a look to the support RFC, it looks like we can drop the Chef 13 support as 6 months are more or less over. @chris-rock what do you think? |
metadata.rb
Outdated
| @@ -22,9 +22,9 @@ | |||
| license 'Apache-2.0' | |||
| description 'Installs and configures operating system hardening' | |||
| long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) | |||
| version '3.1.0' | |||
| version '4.0.0' | |||
There was a problem hiding this comment.
can you please remove the version bump, it will be done by us during the release. Thanks!
|
I like the simplicity, on the other hand a lot of users still use Chef 13. Making it part of the next major release sounds right to me. Therefore Chef 13 user could use the older version of the cookbook. |
|
@chris-rock then lets prepare this and keep it open for a while. |
|
Hi maintainers, thanks for the feedback - and the fine cookbook. Version bump removed as requested. |
|
On the native On a system with lets say IPv6 disabled, the IPv6 sysctls will trigger a chef run failure where they previously didn't. |
|
@bdwyertech |
|
No. The inbuilt sysctl param defaults to true. You're looking at the wrong
source, sysctl is part of chef core now and it overrides that.
Just try running with chef 14.7.17 or 15 and you'll see.
On Wed, Dec 5, 2018, 8:29 AM Jo² ***@***.***> wrote:
@bdwyertech <https://github.com/bdwyertech> ignore_error attribute is set
to false (default
<https://github.com/sous-chefs/sysctl/blob/master/resources/param.rb#L21>)
in the current implementation
<https://github.com/dev-sec/chef-os-hardening/blob/master/recipes/sysctl.rb#L133>,
so I don't believe behavior will change here.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#228 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AC1eWcvqClYdesxnOEUuDmtJHkHClFLfks5u18opgaJpZM4XXolz>
.
--
Sent from my rotary phone... Please forgive typos!
|
|
I would like to merge this in the next days and create a new major release, @josqu4red can you please rebase it on the latest master and add a sign-off to make the DCO checker happy? |
Signed-off-by: Jonathan Amiez <[email protected]>
|
@artem-sidorenko here you go |
|
@josqu4red many thanks! There are some changed needed in the unit/spec tests, would you like to fix them? If not, I would like to do that in this PR and place my commit on top of yours, what do you think? |
|
@artem-sidorenko sorry, I didn't check the tests as my change is so small. Feel free to add commits if you want to move on quickly with this. |
Signed-off-by: Artem Sidorenko <[email protected]>
|
This should have ignore_error set to true to accommodate things that may not exist (e.g. IPv6) I see theres an attrib to flag ipv6 support not but I believe theres another one or two that sometimes do not exist.... Will try again with latest and see if that still holds true. |
Sysctl cookbook is deprecated and resource has been integrated to Chef as of 14.0.