What happened to community.general.fapolicyd

I just got permission to use coplilot in my IDE.

To test it I asked it how to update fapolicyd trusts.

It came back with this:

- name: Template Copy | Update fapolicyd trusts for {{ item }}
  community.general.fapolicyd:
    path: "/usr/local/bin/{{ item }}"
    trust_file: "{{ ansible_role_name }}"
    state: present
  when:
    - template_copy.changed
    - '"fapolicyd" in ansible_facts.packages'
  notify: Restart fapolicyd

Wonderful, it can replace my two stanzas:

- name: Template Copy | Remove old trust file entry
  ansible.builtin.lineinfile:
    path: "/etc/fapolicyd/trust.d/{{ ansible_role_name }}"
    state: absent
    regexp: "^/usr/local/bin/{{ item }}"
  when:
  - template_copy.changed
  - '"fapolicyd" in ansible_facts.packages'

- name: Template Copy | Update fapolicyd trusts for {{ item }}
  ansible.builtin.command: /usr/sbin/fapolicyd-cli --file add "/usr/local/bin/{{ item }}" --trust-file "{{ ansible_role_name }}"
  when:
  - template_copy.changed
  - '"fapolicyd" in ansible_facts.packages'
  notify: Restart fapolicyd    # handlers are from fapolicyd role

Except it can’t.

The linux-system-roles aren’t swiss army knives (one task and do it well). They are hammers.
I mention this in case the general.fapolicyd was abandoned because of those roles.

The example code; sets up fapolicyd and adds some files to a trust (unnamed).

- name: Example fapolicyd role invocation
  hosts: all
  vars:
    fapolicyd_setup_enable_service: true
    fapolicyd_setup_integrity: sha256
    fapolicyd_setup_trust: rpmdb,file
    fapolicyd_add_trusted_file:
      - /etc/passwd
      - /etc/fapolicyd/fapolicyd.conf
      - /etc/krb5.conf
  roles:
    - fapolicyd

I don’t need fapolicyd to be setup, it’s already done.

If it went away, the code should be somewhere.

thanks

Peter

community.general.fapolicyd never existed. Copilot invented it. It’s called hallucination.

3 Likes

sweet. thanks.

Pity.