ansible-lockdown/AMAZON2023-CIS

Test with Amazon Linux 2023 ansible-core + python versions

stewartsmith opened this issue · 1 comments

stewartsmith commented

Feature Request or Enhancement

  • Enhancement [X]

Summary of Request
The pipeline-testing and local-testing parts of README.md list a few different ansible-core/Python combinations that the ansible-lockdown/AMAZON2023-CIS is tested with.

We added a packaged ansible-core to Amazon Linux 2023 in the 2023.2.20230920 release. As per the full package list, this is currently ansible-core version 2.15.3-1.amzn2023.0.1, which works with the system python, which is 3.9.

Seeing as this role is likely only going to be run on Amazon Linux 2023, the testing matrix should likely include this exact combination of ansible and python versions. This could probably be done in an AL2023 based container image with the associated packages being installed. I've not looked into the details of how you test the various bits, and am unsure if something requires booting an instance or not.

Describe Alternatives You've Considered

This feels like something we should package in Amazon Linux so that it can be easily available to all AL2023 users. I'll open a tracking issue in https://github.com/amazonlinux/amazon-linux-2023/issues and post the link here, but before doing that, I'd love to hear the opinion of the maintainers here on that as a possibility.

Suggested Code

none as of yet, happy to help if that's of assistance.

uk-bolly commented

hi @stewartsmith

Thank you for taking the time to raise this issue, apologies for the delay is responding, unfortunately subscribers and other project have taken priority.
Reading through the thread, it appears that you would run the playbook itself on an AL2023 host (localhost?), when we test we run from an ansible control node, so not run against the host itself, in this case local testing is general a MAC and local venvs against vagrant images or cloud image in this case, then the pipeline runs with a runner based upon ubuntu latest and the latest AL2023 build only a merge time.
At this time we don't have any plans to build a package, although keen to find out more if the Amazon thread picks up traction, we could work with them to achieve it.

many thanks

uk-bolly