Turn off avahi and avahi-autoipd fixes during install

[Mab879]

Description:

Since gnome-desktop requires libsane-hpaio which requires avahi having avahi removed during the install of the OS causes the install to fail.

Rationale:

Fixes #10277

[github-actions]

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment

Oracle Linux 8 Environment

[Mab879]

/packit build

[mildas]

Why to disable package_avahi_removed when it doesn't conflict with GUI packages?

Looking at RHEL9 CIS Benchmark, I don't see avahi-autoipd mentioned at all. 2.2.2 Ensure Avahi Server is not installed (Automated) requires only avahi uninstalled. Why do we remove avahi-autoipd package?

[Mab879]

Why to disable package_avahi_removed when it doesn't conflict with GUI packages?

Without creating another rule very similar rule I don't see how we can disable this remediation for only one profile.

Looking at RHEL9 CIS Benchmark, I don't see avahi-autoipd mentioned at all. 2.2.2 Ensure Avahi Server is not installed (Automated) requires only avahi uninstalled. Why do we remove avahi-autoipd package?

I have removed avahi-autoipd from the profile and the package doesn't seem to be in RHEL 9.

[openshift-ci]

@Mab879: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-rhcos4-high	c3395ec	link	true	/test e2e-aws-rhcos4-high
ci/prow/e2e-aws-rhcos4-moderate	c3395ec	link	true	/test e2e-aws-rhcos4-moderate
ci/prow/e2e-aws-rhcos4-e8	c3395ec	link	true	/test e2e-aws-rhcos4-e8

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[mildas]

Without creating another rule very similar rule I don't see how we can disable this remediation for only one profile.

I see. But I don't like disabling Anaconda remediation. Workstation users won't pass there and so we should think if the rule makes sense in CIS Workstation profile.
Do you think we could convince CIS that the requirement should be removed from Workstation L2 because of the conflict on RHEL9? Or if they could change the requirement to Avahi not installed or avahi-daemon disabled?

[Mab879]

Without creating another rule very similar rule I don't see how we can disable this remediation for only one profile.

I see. But I don't like disabling Anaconda remediation. Workstation users won't pass there and so we should think if the rule makes sense in CIS Workstation profile. Do you think we could convince CIS that the requirement should be removed from Workstation L2 because of the conflict on RHEL9? Or if they could change the requirement to Avahi not installed or avahi-daemon disabled?

I don't know if we could convince them to pull it its in L2, so some pain is expected. Moving to disabled might work, but again a level 2 requirement is expected to have some usability issues.

The package can be removed without incident once the installation is done. Which is why I pulled the Anaconda remediation.

A third option would be get libsane-hpaio a soft requirement.

My thought is that for now I will pull the rule from level II workstation profile as work on the other solution.

[codeclimate]

Code Climate has analyzed commit 4a84177 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 51.8% (0.0% change).

View more on Code Climate.