simplify cve_2023_41914_rpms

sjpb · sjpb · commit fe6ebaa70385 · 2023-10-20T13:51:36.000Z
diff --git a/ansible/roles/cve-2023-41914/defaults/main.yml b/ansible/roles/cve-2023-41914/defaults/main.yml
@@ -2,22 +2,23 @@
 # _cve_2023_41814_installed_slurm: []
 cve_2023_41914_mysql_backup_path: "{{ mysql_datadir }}-backups/{{ lookup('pipe', 'date --iso-8601=seconds') }}.sql"
 
-# slurm-contribs-ohpc-22.05.10-2.1.ohpc.2.6.2.x86_64.rpm
 cve_2023_41914_rpm_url: http://obs.openhpc.community:82/OpenHPC:/2.6.2:/Factory/EL_8/x86_64
 cve_2023_41914_rpms: # see cve_2023_41914_rpm_url
-  slurm-ohpc: ['22.05.10', 2.1.ohpc.2.6.2] # has to be first as dependency
-  slurm-contribs-ohpc: ['22.05.10', '2.1.ohpc.2.6.2']
-  slurm-devel-ohpc: ['22.05.10', '2.1.ohpc.2.6.2']
-  slurm-example-configs-ohpc: ['22.05.10', '2.1.ohpc.2.6.2']
-  slurm-libpmi-ohpc: ['22.05.10', '2.1.ohpc.2.6.2']
-  slurm-ohpc-slurmrestd: ['22.05.10', '2.1.ohpc.2.6.2']
-  slurm-openlava-ohpc: ['22.05.10', '2.1.ohpc.2.6.2']
-  slurm-pam_slurm-ohpc: ['22.05.10', '2.1.ohpc.2.6.2']
-  slurm-perlapi-ohpc: ['22.05.10', '2.1.ohpc.2.6.2']
-  slurm-slurmctld-ohpc: ['22.05.10', '2.1.ohpc.2.6.2']
-  slurm-slurmd-ohpc: ['22.05.10', '2.1.ohpc.2.6.2']
-  slurm-slurmdbd-ohpc: ['22.05.10', '2.1.ohpc.2.6.2']
-  slurm-sview-ohpc: ['22.05.10', '2.1.ohpc.2.6.2']
-  slurm-torque-ohpc: ['22.05.10', '2.1.ohpc.2.6.2']
+  - slurm-ohpc # has to be first as dependency
+  - slurm-contribs-ohpc
+  - slurm-devel-ohpc
+  - slurm-example-configs-ohpc
+  - slurm-libpmi-ohpc
+  - slurm-ohpc-slurmrestd
+  - slurm-openlava-ohpc
+  - slurm-pam_slurm-ohpc
+  - slurm-perlapi-ohpc
+  - slurm-slurmctld-ohpc
+  - slurm-slurmd-ohpc
+  - slurm-slurmdbd-ohpc
+  - slurm-sview-ohpc
+  - slurm-torque-ohpc
+cve_2023_41914_rpm_fix_ver: '22.05.10'
+cve_2023_41914_rpm_fix_release: '2.1.ohpc.2.6.2'
 _cve_2023_41814_updates: []
 cve_2023_41914_pkglist_path: "{{ appliances_environment_root }}/{{ inventory_hostname }}-cve_2023_41814_updates"
diff --git a/ansible/roles/cve-2023-41914/tasks/install-rpms.yml b/ansible/roles/cve-2023-41914/tasks/install-rpms.yml
@@ -1,12 +1,10 @@
 - name: Identify packages to update
   set_fact:
-    _cve_2023_41814_updates: "{{ _cve_2023_41814_updates + [item.key] }}"
-  loop: "{{ cve_2023_41914_rpms | dict2items }}"
-  loop_control:
-    label: "{{ item.key }}"
+    _cve_2023_41814_updates: "{{ _cve_2023_41814_updates + [item] }}"
+  loop: "{{ cve_2023_41914_rpms }}"
   when:
-    - item.key in ansible_facts.packages
-    - item.value[0] is version(ansible_facts.packages[item.key][0].version, '>')
+    - item in ansible_facts.packages
+    - cve_2023_41914_rpm_fix_ver is version(ansible_facts.packages[item][0].version, '>')
 
 - name: Write packages to be modified to a file
   # allows recovery from failures in subsequent package deletion/rpm install
@@ -31,7 +29,7 @@
 
 - name: Install rpms
   dnf:
-    name: "{{ cve_2023_41914_rpm_url }}/{{ item }}-{{ cve_2023_41914_rpms[item] | join('-') }}.{{ ansible_architecture }}.rpm"
+    name: "{{ cve_2023_41914_rpm_url }}/{{ item }}-{{ cve_2023_41914_rpm_fix_ver }}-{{ cve_2023_41914_rpm_fix_release }}.{{ ansible_architecture }}.rpm"
   loop: "{{ _cve_2023_41814_updates }}"
   register: _cve_2023_41814_rpm_installs
 
