Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Many Ansible remediations for SLES fail ansible-lint tests #6726

Closed
vojtapolasek opened this issue Mar 19, 2021 · 8 comments · Fixed by #11911
Closed

Many Ansible remediations for SLES fail ansible-lint tests #6726

vojtapolasek opened this issue Mar 19, 2021 · 8 comments · Fixed by #11911
Labels
Ansible Ansible remediation update. SLES SUSE Linux Enterprise Server product related.

Comments

@vojtapolasek
Copy link
Collaborator

Description of problem:

As a part of the CI, we are running a test which checks Ansible remediations with ansible-lint (https://ansible-lint.readthedocs.io/en/latest/). Currently, te test is failing for rules present in sle12 and sle15 products. you can see results of CI tests here:
https://jenkins.complianceascode.io/job/scap-security-guide-lint-check/

Note that the test is turned off during regular builds such as builds you perform on your local machines. It is also not run during PR gating because it takes long time.

SCAP Security Guide Version:

master

Operating System Version:

Steps to Reproduce:

  1. Within main CMakeLists.txt, change the line:
option(ANSIBLE_CHECKS "Set to ON to enable ansible-lint and yamllint checks" OFF)

to

option(ANSIBLE_CHECKS "Set to ON to enable ansible-lint and yamllint checks" ON)
  1. build sle12 and sle15 products
  2. run ctest and see results

Actual Results:

Ansible-lint tests for sle12 and sle15 are failing

Expected Results:

All tests are passing.

Additional Information/Debugging Steps:
@vojtapolasek
Copy link
Collaborator Author

@guangyee @brett060102 could you please look into this? Thank you very much.

@brett060102
Copy link
Contributor

Looking now.

@yuumasato
Copy link
Member

option(ANSIBLE_CHECKS "Set to ON to enable ansible-lint and yamllint checks" OFF)

You can also pass -DANSIBLE_CHECKS=ON during cmake command.

@guangyee
Copy link
Contributor

Any reason why this option is not enabled in CI by default?

@brett060102
Copy link
Contributor

@vojtapolasek should be handled with #6730

@yuumasato
Copy link
Member

Any reason why this option is not enabled in CI by default?

It takes some time to run so it is not part of CI for PRs, but it is ran nightly:
https://jenkins.open-scap.org/view/SCAP%20Security%20Guide/job/scap-security-guide-lint-check/

@marcusburghardt marcusburghardt added Ansible Ansible remediation update. SLES SUSE Linux Enterprise Server product related. labels Aug 16, 2023
@marcusburghardt
Copy link
Member

I just tried to reproduce this issue and it still valid. FYI @teacup-on-rockingchair

@teacup-on-rockingchair
Copy link
Contributor

I just tried to reproduce this issue and it still valid. FYI @teacup-on-rockingchair

Thanks @marcusburghardt also was able to reproduce it on my local setup, will make sure to handle it soon.

Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Ansible Ansible remediation update. SLES SUSE Linux Enterprise Server product related.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix ansible lint for SLE platforms teacup-on-rockingchair/content
6 participants
@teacup-on-rockingchair @vojtapolasek @guangyee @marcusburghardt @yuumasato @brett060102