anthcourtney / ansible-role-cis-amazon-linux

Ansible role to apply CIS Amazon Linux Benchmark v2.0.0
MIT License
154 stars 140 forks source link

Error: This benchmark is not suitable for the destination operating system Amazon Linux AMI 2017.09.1 #22

Open link2anjan opened 6 years ago

link2anjan commented 6 years ago

Hi, I am using Ansible version 2.4.1.0 and Amazon Linux AMI 2017.09.1 (HVM). This role is not working. I am getting following error: "This benchmark is not suitable for the destination operating system"

If I need to modify this role what I have to do.

Please help...

dgeske commented 6 years ago

Hi, I'm also running into this issue. Some support for Amazon Linux 2017.09 was added via https://github.com/anthcourtney/ansible-role-cis-amazon-linux/commit/c04cc25e744c3fdff08d2812f677fdb630145d17, yet remains unavailable via Ansible Galaxy, because it was not registered in the galaxy role meta data https://github.com/anthcourtney/ansible-role-cis-amazon-linux/blob/master/meta/main.yml file.

The underlying problem is that new platforms and platform versions need to be added to Ansible Galaxy manually, thus loads of platforms are missing in the list of currently supported platforms. Eventually, Galaxy issue https://github.com/ansible/galaxy/issues/80 is supposed to resolve this.

In the meantime, possibly a similar solution as is suggested in https://github.com/ansible/ansible/issues/11133#issue-84159540 could help temporarily work around this.

anthcourtney commented 6 years ago

I have a local change to update the meta data for the role to include the 2017.09 version, however I can't tag and sync that to Galaxy until Galaxy itself supports those versions - otherwise the import/synch fails.

I'm not sure that ansible/ansible#11133 is a valid solution.

I noticed your comment on ansible/galaxy#80 that you'd hold off on raising requests for the new versions to be supported, but I see that as the immediate solution (and as much as its undesirable, the medium-term solution as well).

dgeske commented 6 years ago

Hey, yea you're right, as a stop-gap, continuing to raise per env issues is the way to go. Question is whether the team who handles these will resolve them, but as far as I can tell that's the best we can do from our side.

chandanchowdhury commented 6 years ago

Looks like both 2017.09 and 2017.12 (LTS Candidate) are now part of Ansible Galaxy currently supported platform.

chandanchowdhury commented 6 years ago

PR #34 implemented which should fix this issue.

@anjangithub123 can you please confirm?

ghost commented 6 years ago

I have justed pulled the preflight checks so we can use this on the newer builds for aws Linux

chandanchowdhury commented 6 years ago

Thanks @steven-cuthill-otm, please do let us know of any issues you find