opendev/system-config
Code Issues Proposed changes
system-config/playbooks/roles/install-ansible/tasks/main.yaml
Clark Boylan 27e65ba84f Update to Ansible 8 on bridge 
Zuul has already made the move; we should catch up. Part of this is
motivated by the weird failures we've seen when creating the LE
certcheck domains list in an Ansible loop though I've no real evidence
that upgrading would fix this. Python on bridge is 3.10 which should be
compatible with Ansible 8.

Full (and probably far too dense) changelogs can be found here:

  https://github.com/ansible-community/ansible-build-data/blob/main/8/CHANGELOG-v8.rst

A prior patchset temporarily updated zuul configs to run most of our
system-config-run-* jobs using ansible 8. They all passed implying that
our playbooks and roles will function under the newer version of
ansible.

Change-Id: Ie1b4e5363c56c0dcd61721fb0ea061d5198ecfed
2023-10-18 09:20:31 -07:00

188 lines
5.1 KiB
YAML
Raw Blame History

# The -devel job in particular already defines
# install_ansbile_requirements in the job definition to pick
# main/devel branch repos checked out from Zuul
- name: Set default ansible install requirements
when: install_ansible_requirements is not defined
block:
- name: Set defaults
set_fact:
_install_ansible_requirements:
- 'ansible<9'
- 'openstacksdk'
- name: Add ARA to defaults if enabled
when: install_ansible_ara_enable
set_fact:
_install_ansible_requirements: '{{ _install_ansible_requirements + ["ara[server]"] }}'
- name: Set variable
# NOTE(ianw) the block when: statement is calcuated for each task
# -- keep this last!
set_fact:
install_ansible_requirements: '{{ _install_ansible_requirements }}'
# NOTE(ianw) 2022-10-26 : ARM64 generally needs this because upstream
# projects don't always ship arm64 wheels. But x86 may need it when
# we have a fresh host with a more recent Python too
- name: Ensure required Ansible build packages
apt:
update_cache: yes
name:
- libffi-dev
- libssl-dev
- build-essential
- python3-dev
- name: Install python-venv package
package:
name:
- python3-venv
state: present
- name: Create venv
include_role:
name: create-venv
vars:
create_venv_path: '/usr/ansible-venv'
# The boostrap job runs this all the time, and we'd like to skip
# trying to update the venv mostly. But we also want to have things
# like ansible specify '<X' so we pick up point releases. By writing
# the current day into the requirements.txt, the template updates once
# a day, and thus we update the venv just once a day.
- name: Get current day
shell: 'date +%Y-%m-%d'
register: _date
- name: Write out requirements file
template:
src: requirements.txt.j2
dest: '/usr/ansible-venv/requirements.txt'
owner: root
group: root
mode: 0644
register: _requirements_updated
- name: Install packages
when: _requirements_updated.changed
pip:
requirements: '/usr/ansible-venv/requirements.txt'
# Always upgrade because only called in response to
# requirements.txt changes.
state: latest
virtualenv: '/usr/ansible-venv'
# From Ansible 2.10 >= most of the fun stuff is in collections. Clone
# our required collections here. Note this is only for our testing of
# the devel branch; if we're using a release we use the Ansible
# distribution package which bundles all this.
- name: Install Ansible collections
include_tasks: install_ansible_collection.yaml
when: install_ansible_collections is defined
loop: '{{ install_ansible_collections }}'
- name: Symlink Ansible globally
file:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
state: link
loop:
- { src: '/usr/ansible-venv/bin/ansible-playbook', dest: '/usr/local/bin/ansible-playbook' }
- { src: '/usr/ansible-venv/bin/ansible', dest: '/usr/local/bin/ansible' }
- name: Ansible version check
command: 'ansible-playbook --version'
register: _ansible_version_check
- name: Sanity check Ansible version
debug:
msg: '{{ _ansible_version_check.stdout }}'
- name: Ansible cmd version check
command: 'ansible --version'
register: _ansible_version_check
- name: Sanity check Ansible version
debug:
msg: '{{ _ansible_version_check.stdout }}'
# This registered variable is templated into ansible.cfg below
# to setup the callback plugins for ARA
- name: Get ARA's location for callback plugins
when: install_ansible_ara_enable
command: /usr/ansible-venv/bin/python3 -m ara.setup.callback_plugins
register: install_ansible_ara_callback_plugins
changed_when: false
# For use by k8s_raw ansible module
# - name: Install openshift client
# pip:
# name: 'openshift'
# TODO(corvus): re-add this once kubernetes 9.0.0 is released
- name: Ensure /etc/ansible and /etc/ansible/hosts
file:
state: directory
path: /etc/ansible/hosts
- name: Ensure /etc/ansible/inventory_plugins
file:
state: directory
path: /etc/ansible/inventory_plugins
- name: Ensure /var/cache/ansible
file:
state: directory
path: /var/cache/ansible
owner: root
group: root
mode: 0770
- name: Ensure ansible log dir is writable
file:
path: /var/log/ansible
state: directory
owner: root
group: root
mode: 0775
- name: Copy ansible.cfg in to place
template:
src: ansible.cfg.j2
dest: /etc/ansible/ansible.cfg
- name: Remove old inventory files
file:
path: '/etc/ansible/hosts/{{ item }}'
state: absent
loop:
- openstack.yaml
- groups.yaml
- name: Copy system-config roles into place
copy:
src: roles/
dest: /etc/ansible/roles
- name: Copy disable-ansible utility script in place
copy:
src: disable-ansible
dest: /usr/local/bin/disable-ansible
mode: 0755
owner: root
group: root
- name: Copy yamlgroup inventory in place
copy:
src: inventory_plugins/yamlgroup.py
dest: /etc/ansible/inventory_plugins/yamlgroup.py
- name: Setup log rotation
include_role:
name: logrotate
vars:
logrotate_file_name: /var/log/ansible/ansible.log
- name: Verify ansible install
command: ansible --version
View Git Blame Copy Permalink