diff --git a/bindep.txt b/bindep.txt index ef56cb61..3294b01e 100644 --- a/bindep.txt +++ b/bindep.txt @@ -29,9 +29,6 @@ gcc git-core [platform:dpkg platform:suse] libssl-dev [platform:dpkg] libffi-dev [platform:dpkg] -python2.7 [platform:dpkg] -python-apt [platform:dpkg] -python-dev [platform:dpkg] python3 [platform:dpkg] python3-apt [platform:dpkg] python3-dev [platform:dpkg] @@ -41,14 +38,14 @@ gcc-c++ [platform:rpm] git [platform:rpm !platform:suse] libffi-devel [platform:rpm] openssl-devel [platform:rpm] -python-devel [platform:rpm] -python2-dnf [platform:fedora] +python3-devel [platform:rpm] +python3-dnf [platform:fedora] # Base requirements for Gentoo git [platform:gentoo] # For SELinux -libselinux-python [platform:redhat] +libselinux-python [platform:redhat] libsemanage-python [platform:redhat] # Required for compressing collected log files in CI diff --git a/tasks/rhel7stig/misc.yml b/tasks/rhel7stig/misc.yml index 6e1179b7..5f009197 100644 --- a/tasks/rhel7stig/misc.yml +++ b/tasks/rhel7stig/misc.yml @@ -35,11 +35,23 @@ - misc - V-71985 +# NOTE(noonedeadpunk): We run this twice because of the ansible bug: +# https://github.com/ansible/ansible/issues/68680 # This returns an exit code of 0 if it's running, 3 if it's masked. - name: V-71993 - The x86 Ctrl-Alt-Delete key sequence must be disabled systemd: name: ctrl-alt-del.target enabled: no + when: + - security_rhel7_disable_ctrl_alt_delete | bool + tags: + - high + - misc + - V-71993 + +- name: V-71993 - The x86 Ctrl-Alt-Delete key sequence must be disabled + systemd: + name: ctrl-alt-del.target masked: yes daemon_reload: yes when: diff --git a/tests/test.yml b/tests/test.yml index 5a9174a0..e1bf9037 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -16,6 +16,9 @@ - name: Playbook for role testing hosts: localhost pre_tasks: + - name: Set ansible_python_interpreter + set_fact: + ansible_python_interpreter: "/usr/bin/{{ (ansible_distribution == 'CentOS' and ansible_distribution_version is version('8', '<')) | ternary('python2', 'python3') }}" - name: Ensure apt cache is updated before testing apt: update_cache: yes diff --git a/tox.ini b/tox.ini index d0f14eca..01487a75 100644 --- a/tox.ini +++ b/tox.ini @@ -1,10 +1,12 @@ [tox] -minversion = 2.0 +minversion = 3.1 skipsdist = True envlist = docs,linters,functional +ignore_basepython_conflict = True [testenv] +basepython = python3 usedevelop = True install_command = pip install -c{env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt} {opts} {packages} @@ -31,7 +33,6 @@ setenv = [testenv:docs] -basepython = python3 deps = -r{toxinidir}/doc/requirements.txt commands = bash -c "rm -rf doc/build" @@ -41,7 +42,6 @@ commands = sphinx-build -W -b html doc/source doc/build/html [testenv:pdf-docs] -basepython = python3 deps = {[testenv:docs]deps} whitelist_externals = make @@ -57,7 +57,6 @@ allow-long-titles=1 [testenv:releasenotes] -basepython = python3 deps = -r{toxinidir}/doc/requirements.txt commands = sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html @@ -65,13 +64,11 @@ commands = # environment used by the -infra templated docs job [testenv:venv] -basepython = python3 commands = {posargs} [testenv:pep8] -basepython = python3 commands = bash -c "{toxinidir}/tests/common/test-pep8.sh" @@ -84,19 +81,16 @@ ignore=F403 [testenv:bashate] -basepython = python3 commands = bash -c "{toxinidir}/tests/common/test-bashate.sh" [testenv:ansible-syntax] -basepython = python3 commands = bash -c "{toxinidir}/tests/common/test-ansible-syntax.sh" [testenv:ansible-lint] -basepython = python3 commands = bash -c "{toxinidir}/tests/common/test-ansible-lint.sh" @@ -110,7 +104,6 @@ commands = bash -c "{toxinidir}/tests/common/test-ansible-functional.sh" [testenv:linters] -basepython = python3 commands = bash -c "{toxinidir}/tests/common/test-ansible-env-prep.sh" {[testenv:pep8]commands}