[Ci-users] Ansible Update from 1.9.6 -> 2.X

Wed Jan 25 19:16:02 UTC 2017
Laurențiu Păncescu <lpancescu at gmail.com>

I'm not using Ansible inside CI yet, but I remember having had to adapt
some 1.9 playbooks for 2.x. [1]

Perhaps also worth mentioning, Ansible 2.2.1.0 fixed CVE-2016-9587,
CVE-2016-8647, CVE-2016-9587 and CVE-2016-8647 (the first is about a
compromised remote system being able to run commands on the Ansible
controller - I think 1.9 is also vulnerable [2]). Unless we can afford to
quickly backport such security fixes, wouldn't it be better to use the EPEL
version everywhere inside CentOS?

Regards,
Laurențiu

[1] https://docs.ansible.com/ansible/porting_guide_2.0.html
[2] https://lwn.net/Articles/711357/

On Wed, Jan 25, 2017 at 7:49 PM, David Moreau Simard <dms at redhat.com> wrote:

> Worth mentioning that 1.9.x and 2.0.x are officially unsupported and
> unmaintained [1].
>
> [1]: https://groups.google.com/forum/#!topic/ansible-devel/6-6FdxZ94kc
>
> David Moreau Simard
> Senior Software Engineer | Openstack RDO
>
> dmsimard = [irc, github, twitter]
>
>
> On Wed, Jan 25, 2017 at 12:07 PM, Brian Stinson <brian at bstinson.com>
> wrote:
> > Hi Folks,
> >
> > We've been shipping Ansible 1.9.x on the slaves for a while now. Do any
> > of you have use-cases to stay pinned to such an old version?
> >
> > We'd like to update at least to the 2.1 branch (2.2 has some
> > templating/variable-quoting gotchas) in the near future.
> >
> > Questions, comments?
> >
> > --Brian
> >
> > _______________________________________________
> > Ci-users mailing list
> > Ci-users at centos.org
> > https://lists.centos.org/mailman/listinfo/ci-users
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20170125/bb808059/attachment-0005.html>