Michael, Thanks! This is incredibly wise advice. The script itself is actually from the first year of RVM's installation process itself. The new installation script they have is considerably too complicated for me to follow and so I've stuck to maintaining the original one on my RVM::FW project.
I actually created and maintain the RVM::FW project (including this script). Rather than duplicating this script and copying it out myself, since others use this on internal production networks already, is there a tutorial or suggestion on how to learn about properly signing this script or securing it more soundly? I appreciate your help as always. Ansible has already made learning it an extremely wise choice if only to help me improve some of my basic sysadmin habits. Thanks! -- Steven Haddox http://stevenhaddox.com > On Nov 30, 2013, at 8:01 AM, Michael DeHaan <[email protected]> wrote: > > You should probably download a local copy of that install script, review it > personally, and save it to a server or in a location you trust. Then deploy > that script with the script module, which is native in Ansible. > > http://ansibleworks.com/docs/modules.html#script > > Package systems like EPEL are at least generally signed, but it's > ridiculously easy to see a webserver compromised, for instance, in taking > advantage of a bug in wordpress. > > > > > > > > >> On Sat, Nov 30, 2013 at 2:40 AM, Steven Haddox <[email protected]> wrote: >> Lars, >> >> Thanks. I actually tried wrapping it in quotes before posting with no >> change. Sorry I forgot to mention that. >> >> -Steven >> >> -- >> Steven Haddox >> http://stevenhaddox.com >> >>> On Nov 30, 2013, at 2:35 AM, Lars Hansson <[email protected]> wrote: >>> >>> Try: >>> >>> shell: "bash < <( curl {{rvm_fw_url}}/releases/rvm-install-latest )" >>> >>> Cheers, >>> Lars >>> >>>> On Saturday, November 30, 2013 7:27:46 AM UTC+8, Steven Haddox wrote: >>>> I'm trying to run a task that invokes bash as part of the task. The >>>> command works directly from the user's command line on the box but fails >>>> when run via Ansible: >>>> >>>> Here's the task that's running: >>>> >>>> - name: Install User RVM via RVM::FW >>>> when: rvm_fw == True and rvm_version.rc != 0 >>>> shell: \bash < <( curl {{rvm_fw_url}}/releases/rvm-install-latest ) >>>> register: rvm_install >>>> failed_when: rvm_install.rc != 0 >>>> >>>> And the resulting output: >>>> >>>> TASK: [ruby | Install User RVM via RVM::FW] >>>> *********************************** >>>> failed: [33.33.33.10] => {"changed": true, "cmd": "\\bash < <( curl >>>> http://rvm-fw.herokuapp.com/releases/rvm-install-latest ) ", "delta": >>>> "0:00:00.002708", "end": "2013-11-29 18:23:45.768494", "failed": true, >>>> "failed_when_result": true, "item": "", "rc": 2, "start": "2013-11-29 >>>> 18:23:45.765786", "stdout_lines": []} >>>> stderr: /bin/sh: -c: line 0: syntax error near unexpected token `<' >>>> /bin/sh: -c: line 0: `\bash < <( curl >>>> http://rvm-fw.herokuapp.com/releases/rvm-install-latest ) ' >>>> >>>> Any ideas on how to tweak this line so that Ansible's shell module will >>>> pass it through properly? >>>> >>>> Ansible version is 1.4.0 currently. >>>> >>>> Thanks for everyone's help as always, >>>> >>>> Steven >>> >>> -- >>> You received this message because you are subscribed to a topic in the >>> Google Groups "Ansible Project" group. >>> To unsubscribe from this topic, visit >>> https://groups.google.com/d/topic/ansible-project/K2pixPHXlpI/unsubscribe. >>> To unsubscribe from this group and all its topics, send an email to >>> [email protected]. >>> >>> For more options, visit https://groups.google.com/groups/opt_out. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/groups/opt_out. > > > > -- > Michael DeHaan <[email protected]> > CTO, AnsibleWorks, Inc. > http://www.ansibleworks.com/ > > -- > You received this message because you are subscribed to a topic in the Google > Groups "Ansible Project" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ansible-project/K2pixPHXlpI/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
