Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci/dockerfiles/ansible*.Dockerfile: Add yum update instruction #1979

Closed
wants to merge 1 commit into from
Closed

ci/dockerfiles/ansible*.Dockerfile: Add yum update instruction #1979

wants to merge 1 commit into from

Conversation

wanderboessenkool
Copy link

  • Add a 'yum -y update' command in the sequence with other yum commands
    to get rid of the security vulnerabilities as reported by quay.io (and
    other scanners).

Description of the change:
This PR adds a yum update command to the Dockerfile for the ansible images

Motivation for the change:
Currently images build and pushed to quay.io report a number of vulnerabilities, fixable by updating their packages.
Operators build on these images might be rejected by the security scanning mechanisms in place at different deployments.

@wanderboessenkool
ci/dockerfiles/ansible*.Dockerfile: Add yum update instruction
762157d 
- Add a 'yum -y update' command in the sequence with other yum commands
  to get rid of the security vulnerabilities as reported by quay.io (and
  other scanners).
@openshift-ci-robot openshift-ci-robot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Sep 26, 2019
@openshift-ci-robot
Copy link

Hi @wanderboessenkool. Thanks for your PR.

I'm waiting for a operator-framework or openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@camilamacedo86
Copy link
Contributor

Hi @wanderboessenkool,

Really thank you for your contribution. 🥇
actually would have more files to be updated as well as follows.

  • ci/dockerfiles/ansible-e2e-hybrid.Dockerfile
  • ci/dockerfiles/ansible.Dockerfile
  • internal/pkg/scaffold/ansible/build_test_framework_dockerfile.go
  • internal/pkg/scaffold/ansible/dockerfilehybrid.go

However, we have PR which will update the images done then I order to try to make it easier I added your request on it as well. See #1947.

I hope that you do not mind in close this one and we follow with your request on the #1947. So, I am closing it, however, please feel free to re-open if you wish.

@camilamacedo86 camilamacedo86 mentioned this pull request Sep 26, 2019
Merged
@wanderboessenkool wanderboessenkool deleted the yum-update-fix branch September 26, 2019 20:54
@camilamacedo86 camilamacedo86 self-assigned this Sep 26, 2019
camilamacedo86 added a commit that referenced this pull request Sep 27, 2019
@camilamacedo86
Upgrade Ansible Images (#1947)
ebac354 
Upgrade Ansible based images (python and its lib as ansible and molecule)

* Download and install the inotify-tools which is no longer available in the ubi8//epel-release-latest-8
* use pip3 in all places
* changes in the ci/trevis in order to work with python3
* ajust pip and python to work in ubi7
* increase the timeout to check the reconcile ( 2m for reconciliation to run )
* upgrade ansible and its deps versions
* upgrade to use molecule 2.22
* apply to make generated inventory define implicit localhost #1828
* add ansible_python_interpreter=/usr/bin/python3 in host inventory
* solve ansible [WARNING]: The value 8443 (type int)
* improve test names in order to be able to identify them
* add interpreter in the py file (plugin filter)
* add host var for all hosts in the molecule inventory
* add yum update to address request made in the pr #1979
* using ansible as ~=2.8
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@camilamacedo86 camilamacedo86 Awaiting requested review from camilamacedo86

@estroz estroz Awaiting requested review from estroz

Assignees

@camilamacedo86 camilamacedo86

Labels
needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@wanderboessenkool @openshift-ci-robot @camilamacedo86