run validate automatically when running install-rpms task

Author: sjpb

ansible/roles/cve-2023-41914/README.md

@@ -18,17 +18,13 @@ This role can be run in two ways:
 
     **NB**: This playbook will ALWAYS stop and restart Slurm, even if no updates are actually required.
 
-2. To remediate images during build (i.e no Slurm services are running, no slurm database exists), run `tasks/validate.yml` then `tasks/install-rpms.yml`, e.g. using the following in an environment pre-hook:
+2. To remediate images during build (i.e no Slurm services are running, no slurm database exists), run `tasks/install-rpms.yml`, e.g. using the following in an environment pre-hook:
 
 ```yaml
 - hosts: builder
   gather_facts: no
   become: yes
   tasks:
-    - name: Check fixes for cve-2023-41914 can be applied
-      import_role:
-        name: cve-2023-41914
-        tasks_from: validate.yml
     - name: Apply fixes for cve-2023-41914
       import_role:
         name: cve-2023-41914

ansible/roles/cve-2023-41914/tasks/install-rpms.yml

@@ -1,3 +1,7 @@
+- name: Validate suitability
+  include_tasks: validate.yml
+  when: _cve_2023_41814_installed_pkgs is undefined
+
 - name: Identify packages to update
   set_fact:
     _cve_2023_41814_updates: "{{ _cve_2023_41814_updates + [item] }}"

environments/.stackhpc/hooks/post.yml

@@ -2,10 +2,6 @@
   gather_facts: no
   become: yes
   tasks:
-    - name: Check fixes for cve-2023-41914 can be applied
-      import_role:
-        name: cve-2023-41914
-        tasks_from: validate.yml
     - name: Apply fixes for cve-2023-41914
       import_role:
         name: cve-2023-41914