Drop support for Fedora and Ubuntu Focal

For reasons I haven't been able to discern, the Fedora and Ubuntu Focal molecule tests work fine locally but fail in GitHub Actions due to being unable to perform some iptables operations. I would think this was due to some kernel module not being loaded in the underlying host instance, except that other platforms pass just fine in GitHub Actions. I've already spent too much time on this, and the role works just fine when building a Fedora AMI and we do not actually require Ubuntu Focal support, so I will make the executive decision to remove Fedora and Ubuntu Focal support for now. I created issue #3 to document this.
cisagov · Apr 23, 2024 · 0af42e3 · 0af42e3
1 parent 465c339
commit 0af42e3
Show file tree

Hide file tree

Showing 3 changed files with 76 additions and 50 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -180,9 +180,11 @@ jobs:
           - debian12-systemd
           - debian13-systemd
           - kali-systemd
-          - fedora38-systemd
-          - fedora39-systemd
-          - ubuntu-20-systemd
+          # These platforms currently fail in GitHub Actions but pass
+          # locally.  See issue #3 for more details.
+          # - fedora38-systemd
+          # - fedora39-systemd
+          # - ubuntu-20-systemd
           - ubuntu-22-systemd
         scenario:
           - default

diff --git a/meta/main.yml b/meta/main.yml
@@ -30,28 +30,40 @@ galaxy_info:
         - bullseye
         - bookworm
         - trixie
-    - name: Fedora
-      versions:
-        - "38"
-        - "39"
-    - name: Kali
-      versions:
-        - "2023"
-    # For reasons I haven't been able to discern, the Ubuntu molecule
+    # For reasons I haven't been able to discern, the Fedora molecule
     # tests work fine locally but fail in GitHub Actions due to being
     # unable to perform some iptables operations.  I would think this
     # was due to some kernel module not being loaded in the underlying
-    # host instance, except that the non-Ubuntu platforms pass just
-    # fine in GitHub Actions.
+    # host instance, except that other platforms pass just fine in
+    # GitHub Actions.
     #
-    # I've already spent too much time on this, and we don't require
-    # the Ubuntu support right now, so I will make the executive
-    # decision to remove Ubuntu support for now.  I created this issue
-    # to document the error:
+    # I've already spent too much time on this, and the role works
+    # just fine when building a Fedora AMI, so I will make the
+    # executive decision to remove Fedora support for now.  I created
+    # this issue to document the error:
     # https://github.com/cisagov/ansible-role-ufw/issues/3
+    # - name: Fedora
+    #   versions:
+    #     - "38"
+    #     - "39"
+    - name: Kali
+      versions:
+        - "2023"
     - name: Ubuntu
       versions:
-        - focal
+        # For reasons I haven't been able to discern, the Ubuntu Focal
+        # molecule tests work fine locally but fail in GitHub Actions
+        # due to being unable to perform some iptables operations.  I
+        # would think this was due to some kernel module not being
+        # loaded in the underlying host instance, except that other
+        # platforms pass just fine in GitHub Actions.
+        #
+        # I've already spent too much time on this, and we don't
+        # require the Ubuntu support right now, so I will make the
+        # executive decision to remove Ubuntu Focal support for now.
+        # I created this issue to document the error:
+        # https://github.com/cisagov/ansible-role-ufw/issues/3
+        # - focal
         - jammy
   role_name: ufw
   standalone: true
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
@@ -59,45 +59,57 @@ platforms:
     privileged: true
     volumes:
       - /sys/fs/cgroup:/sys/fs/cgroup:rw
-  - cgroupns_mode: host
-    command: /lib/systemd/systemd
-    image: docker.io/geerlingguy/docker-fedora38-ansible:latest
-    name: fedora38-systemd
-    platform: amd64
-    pre_build_image: true
-    privileged: true
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:rw
-  - cgroupns_mode: host
-    command: /lib/systemd/systemd
-    image: docker.io/geerlingguy/docker-fedora39-ansible:latest
-    name: fedora39-systemd
-    platform: amd64
-    pre_build_image: true
-    privileged: true
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:rw
-  # For reasons I haven't been able to discern, the Ubuntu molecule
+  # For reasons I haven't been able to discern, the Fedora molecule
   # tests work fine locally but fail in GitHub Actions due to being
   # unable to perform some iptables operations.  I would think this
   # was due to some kernel module not being loaded in the underlying
-  # host instance, except that the non-Ubuntu platforms pass just fine
-  # in GitHub Actions.
+  # host instance, except that other platforms pass just fine in
+  # GitHub Actions.
+  #
+  # I've already spent too much time on this, and the role works just
+  # fine when building a Fedora AMI, so I will make the executive
+  # decision to remove Fedora support for now.  I created this issue
+  # to document the error:
+  # https://github.com/cisagov/ansible-role-ufw/issues/3
+  # - cgroupns_mode: host
+  #   command: /lib/systemd/systemd
+  #   image: docker.io/geerlingguy/docker-fedora38-ansible:latest
+  #   name: fedora38-systemd
+  #   platform: amd64
+  #   pre_build_image: true
+  #   privileged: true
+  #   volumes:
+  #     - /sys/fs/cgroup:/sys/fs/cgroup:rw
+  # - cgroupns_mode: host
+  #   command: /lib/systemd/systemd
+  #   image: docker.io/geerlingguy/docker-fedora39-ansible:latest
+  #   name: fedora39-systemd
+  #   platform: amd64
+  #   pre_build_image: true
+  #   privileged: true
+  #   volumes:
+  #     - /sys/fs/cgroup:/sys/fs/cgroup:rw
+  # For reasons I haven't been able to discern, the Ubuntu Focal
+  # molecule tests work fine locally but fail in GitHub Actions due to
+  # being unable to perform some iptables operations.  I would think
+  # this was due to some kernel module not being loaded in the
+  # underlying host instance, except that other platforms pass just
+  # fine in GitHub Actions.
   #
   # I've already spent too much time on this, and we don't require the
   # Ubuntu support right now, so I will make the executive decision to
-  # remove Ubuntu support for now.  I created this issue to document
-  # the error:
+  # remove Ubuntu Focal support for now.  I created this issue to
+  # document the error:
   # https://github.com/cisagov/ansible-role-ufw/issues/3
-  - cgroupns_mode: host
-    command: /lib/systemd/systemd
-    image: docker.io/geerlingguy/docker-ubuntu2004-ansible:latest
-    name: ubuntu-20-systemd
-    platform: amd64
-    pre_build_image: true
-    privileged: true
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+  # - cgroupns_mode: host
+  #   command: /lib/systemd/systemd
+  #   image: docker.io/geerlingguy/docker-ubuntu2004-ansible:latest
+  #   name: ubuntu-20-systemd
+  #   platform: amd64
+  #   pre_build_image: true
+  #   privileged: true
+  #   volumes:
+  #     - /sys/fs/cgroup:/sys/fs/cgroup:rw
   - cgroupns_mode: host
     command: /lib/systemd/systemd
     image: docker.io/geerlingguy/docker-ubuntu2204-ansible:latest