bugfix: use full paths for /usr/sbin/named-checkconf and /usr/sbin/rn…

…dc in command and validate, and run ansible cron jobs in a login shell with bash -lc to avoid future PATH surprises
techservicesillinois · Jul 31, 2017 · bdb3287 · bdb3287
1 parent e99f8fa
commit bdb3287
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 5 deletions.
diff --git a/modules/rdns-forwarder/roles/rdns-forwarder/handlers/main.yml b/modules/rdns-forwarder/roles/rdns-forwarder/handlers/main.yml
@@ -7,7 +7,7 @@
   notify: _reboot_system
 
 - name: rndc reconfig
-  command: rndc reconfig
+  command: /usr/sbin/rndc reconfig
   when: reboot_flag is undefined
 
 - name: restart named

diff --git a/modules/rdns-forwarder/roles/rdns-forwarder/tasks/main.yml b/modules/rdns-forwarder/roles/rdns-forwarder/tasks/main.yml
@@ -23,7 +23,7 @@
     dest: /etc/named.conf
     src: etc/named.conf.j2
     force: yes
-    validate: named-checkconf %s
+    validate: /usr/sbin/named-checkconf %s
   notify: rndc reconfig
 
 - name: named OPTIONS
@@ -74,14 +74,16 @@
 - name: "cron task: update zone list"
   cron:
     name: update zone list
-    job: "ansible-playbook {{ ansible_pull_directory }}/modules/rdns-forwarder/local.yml --tags=zones > /dev/null"
+    # use an explicit login shell to avoid PATH surprises
+    job: "bash -lc 'ansible-playbook {{ ansible_pull_directory }}/modules/rdns-forwarder/local.yml --tags=zones' > /dev/null"
     minute: "{{ zone_update.minute }}"
 
 # perform a full ansible-pull update (including upstream playbook changes) once per month
 - name: "cron task: ansible-pull"
   cron:
     name: ansible-pull
-    job: "ansible-pull --url={{ ansible_pull_url }} --checkout={{ ansible_pull_checkout }} --directory={{ ansible_pull_directory }} modules/rdns-forwarder/local.yml > /dev/null"
+    # use an explicit login shell to avoid PATH surprises
+    job: "bash -lc 'ansible-pull --url={{ ansible_pull_url }} --checkout={{ ansible_pull_checkout }} --directory={{ ansible_pull_directory }} modules/rdns-forwarder/local.yml' > /dev/null"
     day: "{{ full_update.day }}"
     hour: "{{ full_update.hour }}"
     minute: "{{ full_update.minute }}"

diff --git a/modules/rdns-forwarder/roles/rdns-forwarder/tasks/zones.yml b/modules/rdns-forwarder/roles/rdns-forwarder/tasks/zones.yml
@@ -15,5 +15,5 @@
     dest: /var/named/zones.conf
     src: var/named/zones.conf.j2
     force: yes
-    validate: named-checkconf %s
+    validate: /usr/sbin/named-checkconf %s
   notify: rndc reconfig