CentOS 8 doesn't have a default package for fail2ban

Question

CentOS 8 doesn't have a default package for fail2ban

geerlingguy opened this issue 4 years ago · comments

On CentOS 8:

TASK [geerlingguy.security : Install fail2ban.] ********************************
fatal: [kube2]: FAILED! => {"changed": false, "failures": ["No package fail2ban available."], "msg": "Failed to install some of the specified packages", "rc": 1, "results": []}
fatal: [kube1]: FAILED! => {"changed": false, "failures": ["No package fail2ban available."], "msg": "Failed to install some of the specified packages", "rc": 1, "results": []}
fatal: [kube3]: FAILED! => {"changed": false, "failures": ["No package fail2ban available."], "msg": "Failed to install some of the specified packages", "rc": 1, "results": []}

Jeff Geerling · Answer 1 · Wed Dec 18 2019 10:40:00 GMT+0800 (China Standard Time)

Welp. I should read my own role's directions. As long as you have EPEL installed, it works :D

Deleted user · Answer 2 · Wed Apr 08 2020 20:21:29 GMT+0800 (China Standard Time)

Shouldn't this role install EPEL in case you have fail2ban to true and the OS is RHEL ?

Jeff Geerling · Answer 3 · Sat Apr 11 2020 05:41:26 GMT+0800 (China Standard Time)

@ppadial - Note that EPEL is listed as a dependency in the readme: https://github.com/geerlingguy/ansible-role-security#requirements — I typically use my epel role to install it.

Deleted user · Answer 4 · Sat Apr 11 2020 06:22:50 GMT+0800 (China Standard Time)

@geerlingguy thanks for the answer, I was asking more from your experience, since it could be possible to add the EPEL (your role) dependency in the meta dependencies. What do you think? is better specify as dependency in meta so the role is "self-contained" and don't depend on previous stuff to be executed? or better specifying in the documentation that EPEL has to be present.

Jeff Geerling · Answer 5 · Sat Apr 11 2020 09:41:44 GMT+0800 (China Standard Time)

@ppadial - I typically avoid doing that unless absolutely necessary, because that would require that role to always run even when someone wants to install EPEL some other way (or if it's already installed in their base image)—additionally, anyone using a distro that's not RHEL/CentOS would have to download an extra role that would do nothing to help them (and might even cause their playbook to fail).

Deleted user · Answer 6 · Sun Apr 12 2020 01:01:26 GMT+0800 (China Standard Time)

that makes perfect sense. Even if we add some lines to the role to check if epel is already installed (in case of REHL based distro) what you mention is true, epel modifies so much more than just a lib or package, is an entire package repository that will alter also yum/dnf commands (in the sense of where to get packages from).

Thanks for clarification