Closed sickbock closed 1 month ago
hi @sickbock
Thank you for taking the time to raise this issue, We will be looking at this. We have seen this with other clienst and they have built their own EE with all the required modules etc to make sure this works giving them a little more control over what is in the EE. We have noted that this is causing some issues so we will be looking at replacing this.
Many thanks
uk-bolly
hi @sickbock
Apologies for the delay, client and subscribers requirements im afraid take priority. You should find that jmespath is no longer a dependancy for this role. I am currently in the process of removing it for all roles.
many thanks
uk-bolly
hi @sickbock
Apologies for the time this has taken, you should find that the dependancy for jmespath has now been removed from almost all of our repositories. This has been released to main branch https://github.com/ansible-lockdown/RHEL9-CIS/releases/tag/1.3.2
I will close this issue, please reopen if you are still experiencing issues.
many thanks
uk-bolly
Describe the Issue The Red Hat Satellite uses different packages on RHEL 8 than normal RHEL. Current release 6.14 uses Ansible Core 2.15, which uses Python 3.11 which is incompatible with the package
python3-jamespath
from the Red Hat repository. The later is used by community.general.json_query which in turn is used byjson_query
in this role.Expected Behavior The playbook run will finish completely without any errors.
Actual Behavior The playbook run will fail with at the first task using
json_query
and give the error message: “You need to install \”jmespath\“ prior to running json_query filter”Control(s) Affected At least all controls using
json_query
- 6.1.10, 6.1.11, 6.1.13 and 6.1.14Environment (please complete the following information):
python3-jmespath
from the Red Hat repository.Additional Notes See upstream documentation on Satellite and Ansible.
A default RHEL 9.3 installation with Ansible Core 2.14, Python 3.9 and
python3-jmespath
will work with a local playbook run, for now. You may need to install an EPEL package or usepip
when using a different Python release than 3.9 (both are not recommended on the Satellite with locked repositories). Otherwise you'll have to disable all controls usingjson_query
.Possibly, for the same reason, you may need to use a legacy Ansible 2.9 execution environment when using AAP/AWX to implement this role (not tested).
Similar issues may exist for the other
pip
packages.Possible Solution A private bug has been closed (won't fix). Red Hat recommends to _"rewrite the code in question so that it does not have to use jsonquery". _"In almost every case, the code using json_query can be rewritten to use a combination of the basic Jinja built-in filters and built-in Ansible filters (excluding jsonquery and ipaddr of course)."