opendev/system-config
Code Issues Proposed changes
Files
66e249bf951e8d71ff352d5e623d73244d7eb449
system-config/playbooks/roles/install-ansible/tasks/main.yaml
Ian Wienand 66e249bf95 Fix ansible-devel job for Ansible 2.10 changes 
The Ansible devel branch has pulled in some major changes that has
broken our -devel testing job.

Firstly, installing from source checkout now installs the package
"ansible-base"; this means when we install ARA, which has a dependency
on just "ansible" it pulls in the old 2.9 release (which is what the
-devel test is currently testing with -- the reason for this change).

We could remove ARA, but we quite like it's reports for the nested
Ansible runs.  So make a dummy "ansible" 2.9 package and install that
to satisfy the dependency.

Secondly, Ansible devel has split out a lot of things into "community
modules".  To keep testing the -devel branch into the future, we need
to pull in the community modules for testing as well [1].

After some very useful discussion with jborean93 in #ansible I believe
the best way to do this is to clone the community projects into place
in the ansible configuration directory.  Longer term, we should make
Zuul check these out and use that, then we can speculatively test
changes too -- but for now just KISS.

[1] For reference, upstream bundles all this into the "Ansible
Community Distribution" or ACD, which is what you will get when you
download "ansible" from PyPi or similar.  But this job should be
pulling the bleeding edge of ansible and the community modules we use
-- that's what it's for.

Depends-On: https://review.opendev.org/747337
Change-Id: I781e275acb6af85f816ebcaf57a9825b50ca1196
2020-08-25 08:42:30 +10:00

206 lines
6.2 KiB
YAML
Raw Blame History

# If install_ansible_version is not defined (note; not *empty*) it
# should be "latest"
- name: Set ansible default version to latest
set_fact:
install_ansible_version: latest
when: install_ansible_version is not defined
# If a version is not explicitly set we want to make sure to
# completely omit the version argument to pip:, as it will be coming
# from the long-form install_ansible_name variable. Additionally, if
# the version is the special value "latest", then we also want to omit
# any version number, but also set the package state to "latest".
- name: Set ansible version for installation
set_fact:
_install_ansible_version: '{{ install_ansible_version }}'
when: install_ansible_version not in ('', 'latest')
- name: Set ansible package state for installation
set_fact:
_install_ansible_state: latest
when: install_ansible_version == 'latest'
# Since Ansible 2.10 (~2020-08) the devel core package is split into
# "ansible-base". The PyPi the package "ansible" has everything in it
# (the so called Ansible Community Distribution) but we specifically
# want to test against devel. However, ARA still depends on the
# "ansible" package -- but we like ARA, because we can see the nested
# runs with it. To to keep ARA but avoid it bringing in either an old
# version of Ansible, or the ACD, install a dummy package.
- name: Check if running devel branch
set_fact:
_install_ansible_from_devel: true
when: '"github.com/ansible/ansible" in install_ansible_name'
- name: Setup Ansible stub for post 2.10 compat
include_tasks: install_ansible_stub.yaml
when: _install_ansible_from_devel is defined
# From Ansible 2.10 >= most of the fun stuff is in collections. Clone
# our required collections here. Note, in production, we use ACD
# which bundles most of this.
#
# TODO(ianw): we should add these to zuul and link the speculative
# copies into ansible, then we could test changes in the collections!
- name: Install Ansible collections
include_tasks: install_ansible_collection.yaml
when: _install_ansible_from_devel is defined
loop:
- namespace: ansible
name: posix
repo: https://github.com/ansible-collections/ansible.posix
- namespace: community
name: general
repo: https://github.com/ansible-collections/community.general
- namespace: community
name: crypto
repo: https://github.com/ansible-collections/community.crypto
- namespace: ansible
name: netcommon
repo: https://github.com/ansible-collections/ansible.netcommon
- name: Ensure required Ansible build packages for non-wheel architectures
apt:
update_cache: yes
name:
- libffi-dev
- libssl-dev
- build-essential
when: ansible_architecture == 'aarch64'
- name: Install ansible
pip:
name: '{{ install_ansible_name | default("ansible") }}'
version: '{{ _install_ansible_version | default(omit) }}'
state: '{{ _install_ansible_state | default(omit) }}'
- name: Ansible version check
command: 'ansible-playbook --version'
register: _ansible_version_check
- name: Sanity check Ansible version
debug:
msg: '{{ _ansible_version_check.stdout }}'
- name: Ansible cmd version check
command: 'ansible --version'
register: _ansible_version_check
- name: Sanity check Ansible version
debug:
msg: '{{ _ansible_version_check.stdout }}'
- name: Set up the ARA callback
include_tasks: install_ara.yaml
when: install_ansible_ara_enable
# For use by k8s_raw ansible module
# - name: Install openshift client
# pip:
# name: 'openshift'
# TODO(corvus): re-add this once kubernetes 9.0.0 is released
# Same version/state default swizzling as described above for
# openstacksdk
- name: Set openstacksdk default version to latest
set_fact:
install_ansible_openstacksdk_version: latest
when: install_ansible_openstacksdk_version is not defined
- name: Set openstacksdk version for installation
set_fact:
_install_ansible_openstacksdk_version: '{{ install_ansible_openstacksdk_version }}'
when: install_ansible_openstacksdk_version not in ('', 'latest')
- name: Set openstacksdk package state for installation
set_fact:
_install_openstacksdk_state: latest
when: install_ansible_openstacksdk_version == 'latest'
- name: Install openstacksdk
pip:
name: '{{ install_ansible_openstacksdk_name | default("openstacksdk") }}'
version: '{{ _install_ansible_openstacksdk_version | default(omit) }}'
state: '{{ _install_openstacksdk_state | default(omit) }}'
- name: Ensure /etc/ansible and /etc/ansible/hosts
file:
state: directory
path: /etc/ansible/hosts
- name: Ensure /etc/ansible/inventory_plugins
file:
state: directory
path: /etc/ansible/inventory_plugins
- name: Ensure /var/cache/ansible
file:
state: directory
path: /var/cache/ansible
owner: root
group: root
mode: 0770
- name: Ensure ansible log dir is writable
file:
path: /var/log/ansible
state: directory
owner: root
group: root
mode: 0775
- name: Copy ansible.cfg in to place
template:
src: ansible.cfg.j2
dest: /etc/ansible/ansible.cfg
- name: Remove old inventory files
file:
path: '/etc/ansible/hosts/{{ item }}'
state: absent
loop:
- openstack.yaml
- groups.yaml
- name: Copy system-config roles into place
copy:
src: roles/
dest: /etc/ansible/roles
- name: Copy disable-ansible utility script in place
copy:
src: disable-ansible
dest: /usr/local/bin/disable-ansible
mode: 0755
owner: root
group: root
# Yeah. This is install-ansible. But we need to do this and doing it when
# we install the ansible stuff seems like the right time workflow-wise.
- name: Ensure puppet directory
file:
state: directory
path: /etc/puppet
- name: Install puppet module management scripts
copy:
src: '{{ item }}'
dest: '/etc/puppet/{{ item }}'
loop:
- install_modules.sh
- modules.env
- name: Copy yamlgroup inventory in place
copy:
src: inventory_plugins/yamlgroup.py
dest: /etc/ansible/inventory_plugins/yamlgroup.py
- name: Setup log rotation
include_role:
name: logrotate
vars:
logrotate_file_name: /var/log/ansible/ansible.log
- name: Verify ansible install
command: ansible --version
View Git Blame Copy Permalink