1. photon
  2. SPECS
  3. stig-hardening
  4. 0002-adding-separate-task-to-copy-sysctl-tmpl.patch
Raw Blame History 
From 8d6e43affae891a77a147467d0a3676987cf3388 Mon Sep 17 00:00:00 2001
From: "rlakey@vmware.com" <rlakey@vmware.com>
Date: Tue, 3 Oct 2023 15:17:54 -0600
Subject: [PATCH 2/3] adding separate task to copy sysctl tmpl

---
 tasks/main.yml                   |  9 +++++++++
 tasks/photon-installer.yml       | 14 ++++++++++++++
 templates/zz-stig-hardening.conf |  0
 3 files changed, 23 insertions(+)
 create mode 100644 tasks/photon-installer.yml
 create mode 100644 templates/zz-stig-hardening.conf

diff --git a/tasks/main.yml b/tasks/main.yml
index 848f483..16b71f1 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -7,3 +7,12 @@
         - photon
   tags:
     - always
+
+- name: Include Photon Installer Tasks
+  ansible.builtin.include_tasks:
+    file: photon-installer.yml
+    apply:
+      tags:
+        - photon-installer
+  when:
+    - ansible_is_chroot | bool
diff --git a/tasks/photon-installer.yml b/tasks/photon-installer.yml
new file mode 100644
index 0000000..143794e
--- /dev/null
+++ b/tasks/photon-installer.yml
@@ -0,0 +1,14 @@
+---
+## Tasks specific to running playbook when ran against a chroot install of Photon
+
+###################################################################################################################################
+- name: Copy sysctl kernel parameters template
+  block:
+    - name: Copy zz-stig-hardening.conf template
+      ansible.builtin.template:
+        src: zz-stig-hardening.conf
+        dest: '{{ var_sysctl_conf_file }}'
+        owner: root
+        group: root
+        mode: '0640'
+        force: true
diff --git a/templates/zz-stig-hardening.conf b/templates/zz-stig-hardening.conf
new file mode 100644
index 0000000..e69de29
-- 
2.34.1