DAOSGCP-180 Merge develop to main (#88)

* DAOSGCP-178 Fixes for ansible changes in EPEL (#85) Recent changes require ansible to be installed with the ansible-core package. That package now uses Python 3.11. * DAOSGCP-189 Added security.md (#86) Add required security.md file * DAOSGCP-190 Ensure realpath is not used on non-existent dirs (#87) Fixed an issue that caused scripts to fail when running from a fresh clone of the repo. Signed-off-by: Mark Olson <115657904+mark-olson@users.noreply.github.com>
daos-stack · Jun 23, 2023 · cdc19c0 · cdc19c0
1 parent c52ab4e
commit cdc19c0
Show file tree

Hide file tree

Showing 6 changed files with 32 additions and 16 deletions.
diff --git a/images/ansible_playbooks/tune.yml b/images/ansible_playbooks/tune.yml
@@ -57,8 +57,6 @@
         - { limit_type: "-", limit_item: "rtprio", value: unlimited }
 
     - name: Disable SELinux service
-      vars:
-        ansible_python_interpreter: /usr/bin/python3
       ansible.posix.selinux:
         state: disabled
       register: disablingSE

diff --git a/images/daos.pkr.hcl b/images/daos.pkr.hcl
@@ -135,17 +135,27 @@ build {
     execute_command = "echo 'packer' | sudo -S env {{ .Vars }} {{ .Path }}"
     inline = [
       "dnf -y install epel-release",
-      "dnf -y install ansible"
+      "dnf -y install python3.11 python3.11-pip ansible-core",
+      "alternatives --set python3 /usr/bin/python3.11"
+    ]
+  }
+
+  provisioner "shell" {
+    inline = [
+      "ansible-galaxy collection install ansible.posix",
+      "ansible-galaxy collection install community.general"
     ]
   }
 
   provisioner "ansible-local" {
-    playbook_file = "./ansible_playbooks/tune.yml"
+    playbook_file   = "./ansible_playbooks/tune.yml"
+    extra_arguments = ["--user", "root"]
   }
 
   provisioner "ansible-local" {
     playbook_file = "./ansible_playbooks/daos.yml"
     extra_arguments = [
+      "--user", "root",
       "--extra-vars",
       "\"daos_version=${var.daos_version} daos_repo_base_url=${var.daos_repo_base_url} daos_packages_repo_file=${var.daos_packages_repo_file} daos_install_type=${var.daos_install_type}\""
     ]

diff --git a/security.md b/security.md
@@ -0,0 +1,6 @@
+# Security Policy
+Intel is committed to rapidly addressing security vulnerabilities affecting our customers and providing clear guidance on the solution, impact, severity and mitigation. 
+
+## Reporting a Vulnerability
+Please report any security vulnerabilities in this project [utilizing the guidelines here](https://www.intel.com/content/www/us/en/security-center/vulnerability-handling-guidelines.html).
+
diff --git a/terraform/examples/io500/bin/get_io500_result_data.sh b/terraform/examples/io500/bin/get_io500_result_data.sh
@@ -31,9 +31,10 @@ set -eo pipefail
 trap 'echo "Hit an unexpected and unchecked error. Exiting."' ERR
 
 SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd -P)
-LOCAL_RESULTS_DIR=$(realpath "${SCRIPT_DIR}/../results")
-TMP_DIR=$(realpath "${SCRIPT_DIR}/../.tmp")
-ACTIVE_CONFIG="${SCRIPT_DIR}/../config/active_config.sh"
+TF_DIR="$(realpath "${SCRIPT_DIR}/../")"
+LOCAL_RESULTS_DIR="${TF_DIR}/results"
+TMP_DIR="${TF_DIR}/.tmp"
+ACTIVE_CONFIG="${TF_DIR}/config/active_config.sh"
 
 # shellcheck disable=SC2034
 source "${SCRIPT_DIR}/_log.sh"
@@ -52,7 +53,7 @@ load_active_config() {
 }
 
 get_first_client_ip() {
-  FIRST_CLIENT_IP=$(grep ssh "${SCRIPT_DIR}/login.sh" | awk '{print $4}')
+  FIRST_CLIENT_IP="$(grep ssh "${SCRIPT_DIR}/login.sh" | awk '{print $4}')"
   log.debug "FIRST_CLIENT_IP=${FIRST_CLIENT_IP}"
 }
 

diff --git a/terraform/examples/io500/bin/start.sh b/terraform/examples/io500/bin/start.sh
@@ -28,13 +28,13 @@ trap 'echo "Hit an unexpected and unchecked error. Exiting."' ERR
 
 SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd -P)
 SCRIPT_FILENAME=$(basename "${BASH_SOURCE[0]}")
-TMP_DIR=$(realpath "${SCRIPT_DIR}/../.tmp")
+TF_DIR="$(realpath "${SCRIPT_DIR}/../")"
+IMAGES_DIR="${TF_DIR}/images"
+CLIENT_FILES_DIR="${TF_DIR}/client_files"
+TMP_DIR="${TF_DIR}/.tmp"
 SSH_CONFIG_FILE="${TMP_DIR}/ssh_config"
-TF_DIR=$(realpath "${SCRIPT_DIR}/../")
-IMAGES_DIR=$(realpath "${SCRIPT_DIR}/../images")
-CLIENT_FILES_DIR=$(realpath "${SCRIPT_DIR}/../client_files")
+CONFIG_DIR="${TF_DIR}/config"
 
-CONFIG_DIR=$(realpath "${SCRIPT_DIR}/../config")
 DEFAULT_CONFIG_FILE="GCP-1C-1S8d-rf0.sh"
 : "${CONFIG_FILE:="${DEFAULT_CONFIG_FILE}"}"
 

diff --git a/terraform/examples/io500/bin/stop.sh b/terraform/examples/io500/bin/stop.sh
@@ -17,10 +17,11 @@ set -eo pipefail
 trap 'echo "Hit an unexpected and unchecked error. Exiting."' ERR
 
 SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd -P)
-TMP_DIR=$(realpath "${SCRIPT_DIR}/../.tmp")
 TF_DIR=$(realpath "${SCRIPT_DIR}/../")
-CLIENT_FILES_DIR=$(realpath "${SCRIPT_DIR}/../client_files")
-CONFIG_DIR=$(realpath "${SCRIPT_DIR}/../config")
+TMP_DIR="${TF_DIR}/.tmp"
+
+CLIENT_FILES_DIR="${TF_DIR}/client_files"
+CONFIG_DIR="${TF_DIR}/config"
 ACTIVE_CONFIG_SYMLINK="${CONFIG_DIR}/active_config.sh"
 
 # shellcheck source=_log.sh