From 0af42e3fe8af11d4fea48621f28cbadc97e0b98c Mon Sep 17 00:00:00 2001
From: Jeremy Frasier <jeremy.frasier@gwe.cisa.dhs.gov>
Date: Tue, 23 Apr 2024 10:44:51 -0400
Subject: [PATCH] Drop support for Fedora and Ubuntu Focal

For reasons I haven't been able to discern, the Fedora and Ubuntu
Focal molecule tests work fine locally but fail in GitHub Actions due
to being unable to perform some iptables operations.  I would think
this was due to some kernel module not being loaded in the underlying
host instance, except that other platforms pass just fine in GitHub
Actions.

I've already spent too much time on this, and the role works just fine
when building a Fedora AMI and we do not actually require Ubuntu Focal
support, so I will make the executive decision to remove Fedora and
Ubuntu Focal support for now.  I created issue #3 to document this.
---
 .github/workflows/build.yml   |  8 ++--
 meta/main.yml                 | 42 ++++++++++++-------
 molecule/default/molecule.yml | 76 ++++++++++++++++++++---------------
 3 files changed, 76 insertions(+), 50 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index e06bd6f..8053db2 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -180,9 +180,11 @@ jobs:
           - debian12-systemd
           - debian13-systemd
           - kali-systemd
-          - fedora38-systemd
-          - fedora39-systemd
-          - ubuntu-20-systemd
+          # These platforms currently fail in GitHub Actions but pass
+          # locally.  See issue #3 for more details.
+          # - fedora38-systemd
+          # - fedora39-systemd
+          # - ubuntu-20-systemd
           - ubuntu-22-systemd
         scenario:
           - default
diff --git a/meta/main.yml b/meta/main.yml
index f4928de..d348492 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -30,28 +30,40 @@ galaxy_info:
         - bullseye
         - bookworm
         - trixie
-    - name: Fedora
-      versions:
-        - "38"
-        - "39"
-    - name: Kali
-      versions:
-        - "2023"
-    # For reasons I haven't been able to discern, the Ubuntu molecule
+    # For reasons I haven't been able to discern, the Fedora molecule
     # tests work fine locally but fail in GitHub Actions due to being
     # unable to perform some iptables operations.  I would think this
     # was due to some kernel module not being loaded in the underlying
-    # host instance, except that the non-Ubuntu platforms pass just
-    # fine in GitHub Actions.
+    # host instance, except that other platforms pass just fine in
+    # GitHub Actions.
     #
-    # I've already spent too much time on this, and we don't require
-    # the Ubuntu support right now, so I will make the executive
-    # decision to remove Ubuntu support for now.  I created this issue
-    # to document the error:
+    # I've already spent too much time on this, and the role works
+    # just fine when building a Fedora AMI, so I will make the
+    # executive decision to remove Fedora support for now.  I created
+    # this issue to document the error:
     # https://github.com/cisagov/ansible-role-ufw/issues/3
+    # - name: Fedora
+    #   versions:
+    #     - "38"
+    #     - "39"
+    - name: Kali
+      versions:
+        - "2023"
     - name: Ubuntu
       versions:
-        - focal
+        # For reasons I haven't been able to discern, the Ubuntu Focal
+        # molecule tests work fine locally but fail in GitHub Actions
+        # due to being unable to perform some iptables operations.  I
+        # would think this was due to some kernel module not being
+        # loaded in the underlying host instance, except that other
+        # platforms pass just fine in GitHub Actions.
+        #
+        # I've already spent too much time on this, and we don't
+        # require the Ubuntu support right now, so I will make the
+        # executive decision to remove Ubuntu Focal support for now.
+        # I created this issue to document the error:
+        # https://github.com/cisagov/ansible-role-ufw/issues/3
+        # - focal
         - jammy
   role_name: ufw
   standalone: true
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
index f1bc302..68d8e20 100644
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -59,45 +59,57 @@ platforms:
     privileged: true
     volumes:
       - /sys/fs/cgroup:/sys/fs/cgroup:rw
-  - cgroupns_mode: host
-    command: /lib/systemd/systemd
-    image: docker.io/geerlingguy/docker-fedora38-ansible:latest
-    name: fedora38-systemd
-    platform: amd64
-    pre_build_image: true
-    privileged: true
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:rw
-  - cgroupns_mode: host
-    command: /lib/systemd/systemd
-    image: docker.io/geerlingguy/docker-fedora39-ansible:latest
-    name: fedora39-systemd
-    platform: amd64
-    pre_build_image: true
-    privileged: true
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:rw
-  # For reasons I haven't been able to discern, the Ubuntu molecule
+  # For reasons I haven't been able to discern, the Fedora molecule
   # tests work fine locally but fail in GitHub Actions due to being
   # unable to perform some iptables operations.  I would think this
   # was due to some kernel module not being loaded in the underlying
-  # host instance, except that the non-Ubuntu platforms pass just fine
-  # in GitHub Actions.
+  # host instance, except that other platforms pass just fine in
+  # GitHub Actions.
+  #
+  # I've already spent too much time on this, and the role works just
+  # fine when building a Fedora AMI, so I will make the executive
+  # decision to remove Fedora support for now.  I created this issue
+  # to document the error:
+  # https://github.com/cisagov/ansible-role-ufw/issues/3
+  # - cgroupns_mode: host
+  #   command: /lib/systemd/systemd
+  #   image: docker.io/geerlingguy/docker-fedora38-ansible:latest
+  #   name: fedora38-systemd
+  #   platform: amd64
+  #   pre_build_image: true
+  #   privileged: true
+  #   volumes:
+  #     - /sys/fs/cgroup:/sys/fs/cgroup:rw
+  # - cgroupns_mode: host
+  #   command: /lib/systemd/systemd
+  #   image: docker.io/geerlingguy/docker-fedora39-ansible:latest
+  #   name: fedora39-systemd
+  #   platform: amd64
+  #   pre_build_image: true
+  #   privileged: true
+  #   volumes:
+  #     - /sys/fs/cgroup:/sys/fs/cgroup:rw
+  # For reasons I haven't been able to discern, the Ubuntu Focal
+  # molecule tests work fine locally but fail in GitHub Actions due to
+  # being unable to perform some iptables operations.  I would think
+  # this was due to some kernel module not being loaded in the
+  # underlying host instance, except that other platforms pass just
+  # fine in GitHub Actions.
   #
   # I've already spent too much time on this, and we don't require the
   # Ubuntu support right now, so I will make the executive decision to
-  # remove Ubuntu support for now.  I created this issue to document
-  # the error:
+  # remove Ubuntu Focal support for now.  I created this issue to
+  # document the error:
   # https://github.com/cisagov/ansible-role-ufw/issues/3
-  - cgroupns_mode: host
-    command: /lib/systemd/systemd
-    image: docker.io/geerlingguy/docker-ubuntu2004-ansible:latest
-    name: ubuntu-20-systemd
-    platform: amd64
-    pre_build_image: true
-    privileged: true
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+  # - cgroupns_mode: host
+  #   command: /lib/systemd/systemd
+  #   image: docker.io/geerlingguy/docker-ubuntu2004-ansible:latest
+  #   name: ubuntu-20-systemd
+  #   platform: amd64
+  #   pre_build_image: true
+  #   privileged: true
+  #   volumes:
+  #     - /sys/fs/cgroup:/sys/fs/cgroup:rw
   - cgroupns_mode: host
     command: /lib/systemd/systemd
     image: docker.io/geerlingguy/docker-ubuntu2204-ansible:latest